SECURING VOIP NETWORKS

• Securing a Voice over IP (VoIP) network is a

complex issue that involves many factors,
including elements unique to each specific
network configuration.
• As with any IP based network, VoIP systems
are potential targets of many types of attacks
• A VoIP system can be composed of many
different products – voice terminals (VoIP
Phones), desktop systems, servers, gateways,
firewalls, etc
• Achieving robust security is a key consideration
when designing an end-to-end network
security architecture with high reliability and
quality of service requirements.
• OEMs can gain competitive advantage by
ensuring their devices offer a wide range of
security features that give their customers the
flexibility they need to secure their unique
VoIP network.
General VoIP Architecture
 Potential Threats
• Denial of Service (DoS)
• Man-in-the-Middle attack
• Call Hijacking
• Call Termination
• Password Cracking (brute force and others) Server
Impersonation
• Eavesdropping
• Exception Packet attacks
• Disturbance Call attacks against endpoints
• Call Leaflet attacks
• To protect against these threats, any VoIP security solution needs to
perform the following functions:
• Authentication – you must be able to authenticate the peer you are
communicating with.
• Data Protection – You must be able to protect the data being
exchanged from being viewed by others
• Data Integrity – You must be able to validate that the data received
has not been tampered with (you actually received what the other
person sent).
• Non-Repudiation – You must be able to prove that the message
actually came from the other person. This is especially important if
the signaling message is being used to generate billing information.
 What to secure . .
• 1. Securing the signaling channel
• 2. Securing the media channel
• 3. Securing the device itself
• 1. Securing the Signaling Channel
– If the underlying IP network is fully secure, one could
argue that the signaling between the SIP terminals and
the SIP server, doesn’t need to be secured.
– The signaling channel can be secured relatively easily
using a standard protocol such as IPSec or TLS
– dependent on other system level architecture issues.
IPSec, for example, is intended to secure a connection
running over IP. TLS, on the other hand, is intended to
secure a connection running over a reliable transport
protocol, such as TCP or SCTP.
• In most cases you will want to authenticate in
both directions. The user needs to know that
the server is actually the server (not a rogue
server) and the server needs to make sure
that the user is really the user, not someone
trying to make fraudulent calls masquerading
as the user. Such implementation flexibility
needs to be available in your product.
• 2. Signaling Points
– signaling points, including user to access point;
access point to network; and network to network,
affect how security should be implemented in a
VoIP device.
• User access points
• concern is what security mechanisms are
supported in the access point(s)
• If the VoIP PBX only supports TLS, then it is of
no value to build an IPSec VPN client into your
handset for the purpose of securing the
signaling channel
• SIP specifications require that SIP Servers
support the use of TLS.
• Access Point to Network
– Within an enterprise network or within a carrier
network, there may be a hierarchy of devices
handling various aspects of VoIP signaling.
– In the case of SIP, these may be proxy servers,
registration servers, gateways, firewalls, etc.
Regardless of the device, the basic requirements
are the same – securing the signaling channel
using one of the standard mechanisms discussed
above.
• Network to Network
– It is likely that any VoIP network will need to
interwork with other voice networks.
– An enterprise may use VoIP internally, but needs
to access the PSTN for all external
communications.
– A VoIP service provider needs to provide
interworking with the PSTN to enable users to
transparently communicate with non-VoIP users.
• 3. Securing the Media Channel
– VoIP devices normally use the Real-time Transport Protocol (RTP)
7 to handle the media streams.
– RTP does not provide any mechanism for securing the media
stream.
– Traditional security protocols such as IPSec could be used, but in
most cases the required QoS may be difficult to achieve (see
Performance Considerations below).
– Due to the tight requirements on performance of media streams,
a small, efficient protocol is needed to handle the security.
– The Secure Real-time Transport Protocol (SRTP)8 has been
developed to specifically address the needs of VoIP media stream
security.
– SRTP provides confidentiality, message authentication, and replay
protection to the RTP traffic and to the control traffic for RTP, the
Real-time Transport Control Protocol (RTCP)
• 3. Securing the Device
– As more and more connected devices are
deployed, it is becoming increasingly important to
be able to remotely provision those devices, and
remotely update the code base, either with new
versions of existing software or with software that
adds new applications and services. This is true in
the VoIP market, especially as we move towards
IMS (IP Multimedia Services).
• As users subscribe to new services, it is often
necessary to download client software to
enable the use of that service. It is a vital part
of the overall security process to ensure that
the software being downloaded is valid
 CERTICOM SECURITY FOR VOIP
• Certicom Security for VoIP provides developers
with the tools they need to quickly and cost-
effectively add strong security to their VoIP
devices
– SSL and IPSec protocol modules
– Embedded Trust Services (ETS) for secure key storage
and management, as well as for implementing Trusted
Boot and Secure Provisioning
– A code signing application for secure software and
firmware updates
• A common API that sits between the security
services or applications and the cryptographic
providers maximizing portability and code
re-use in products with different chipsets.
• Board support packages (BSPs) to expose
hardware cryptographic providers in leading
processors