Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


VOIP Security Issues

No description

Rohan Bansode

on 23 March 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of VOIP Security Issues

VOIP Security Issues
In DOS, a website will receive a huge amount of incoming data in the form of messages or requests. All of this incoming data subsequently forces the site to shut down, hence denying the site’s service to potential customers, users, or visitors.

Security concerns in VOIP
DOS- Availability
Eavesdropping – confidentiality
Call Tampering – confidentiality and Integrity
Toll fraud – Integrity
Redirection of call – Integrity and confidentiality.
Spamming over Internet Telephony – Integrity and Confidentiality
Caller Identification Impersonation – Integrity

How does it work?
A standard telephone develops the analog voice signal.
The analog voice is converted to digital counterpart using codecs.
The binary output(digital part) is then applied to a packetizer.
The packetizer then loads the 0’s and 1’s into an IP payload.

Call Tampering
Example :
The attacker can simply spoil the quality of the call by injecting noise packets in the communication stream. He can also withhold the delivery of packets so that the communication becomes spotty and the participants encounter long periods of silence during the call.

Flavors of VOIP
Analog Telephone Adapter

Helps connecting a standard phone to the computer or internet connection for use with VOIP.

Takes the analog signal from the traditional phone and converts it into digital data for transmission over the Internet.

What is VOIP?
The term “voice over IP” is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone

A method for taking analog audio signals, and turning them into digital data that can be transmitted over the Internet.

Can turn a standard Internet connection into a way to place free phone calls

The output i.e. the IP packets is then sent over the Web which is fed to the depacketizer. The depacketizer then removes the IP header and stores the payload.
A compatible codec then converts the digital bit stream back to an analog signal that is input to a standard telephone.

IP Phones

Appear similar to normal phones

Instead of having the standard RJ-11 phone connectors, IP phones have an RJ-45  Ethernet connector. 

Connect directly to the router and have all the hardware and software necessary right onboard to handle the IP call.

Computer-to-computer calls

Easiest way to use VoIP

Sound Card
Fast Internet Connection (Cable or DSL Modem)
In VoIP, DOS attacks can be carried out by flooding a target with unnecessary SIP call-signalling messages, thereby degrading the service. This causes calls to drop prematurely and halts call processing
Hackers usually create phone networks using cheap software to generate hundreds of numbers in a matter of seconds.

But sometimes the hackers infect cell phones with viruses that turn them into zombie-bots that auto-dial numbers at the hacker’s whim without the cell phone owner being aware.

Counter Measures
VoIP firewall should also be implemented to monitor streams and filter out abnormal signals and RTP packets. Media and signal rate limits can be set by observing normal traffic patterns.

To mitigate physical DoS attacks, strict physical security schemes should be implemented with restricted areas, access control, locks, guard, etc. To guarantee continuous power supply, backup power generation system should be available.

Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, videoconference or fax transmission
Toll Fraud
Toll fraud describes a crime where an individual or organization devises methods to breech security and gain unauthorized access to resources, including the ability to dial long-distance calls.

Redirection of Call
The aim of this attack is to redirect traffic signalisation through a compromised proxy server. 3xx redirect messages are sent by a called agent to inform the caller agent on the new location of alternative services that will satisfy the call. The 305 message specifies that the demanded resource can be obtained through the proxy specified in the contact field.

Caller Identification Impersonation
Caller ID impersonation is the practice of causing the telephone network to display a number on the recipient's Caller ID display that is not that of the actual originating station.

Every VoIP account has an associated IP address. It is easy for spammers to send their voicemails to thousands of IP addresses. Voice mailing as a result will suffer. With spamming, voicemails will be clogged and more space as well as better voicemail management tools will be required. Moreover, spam messages can carry viruses and spyware along with them.

Eavesdropping in VoIP requires intercepting the signalling and associated media streams of a conversation.

Any protocol analyzer can pick and record the calls without being observed by the callers. There are software packages for PCs that will convert digitized voice from standard CODECs into WAV files.

PCs and laptops that have microphones attached or integrated into them can be enabled as listening devices without the user's knowledge.

Call tampering is an attack which involves tampering a phone call in progress.
It usually occurs outside business hours when the activity is unlikely to be noticed. Fraudsters can make huge amounts of calls, often running up bills of thousands of pounds per trunk per day until stopped and because your carrier has provided their service legitimately to you, they will charge for these calls, so a bad case of toll fraud can have serious financial impact on a company.

The attacker starts by listening to the network to intercept an INVITE message. With the information, he can forge a 305 message specifying that the rest of the call must pass through his server. He must then send it before the legitimate answer is received by the caller. He can then use his proxy to modify all following messages.

This brings us to another flavour of SPIT, which is phishing over VoIP. Phishing attacks consist of sending a voicemail to a person, masquerading it with information from a party trustworthy to the receiver, like a bank or online paying service, making him think he is safe. The voicemail usually asks for confidential data like passwords or credit card numbers. You can imagine the rest!

Caller ID impersonation happens when a predator poses as someone you may know or a company you trust (your bank, for instance). They do this by stealing (or spoofing) a digital caller ID and calling you directly and then asking you to verify personal details or financial information.

Counter Measures
Stronger authentication schemes are the solutions to registration spoofing, proxy impersonating and call hijacking. To mitigate this type of attacks, software patching is crucial to fix any known vulnerabilities. VoIP vulnerability scanning tools like Sivus is strongly suggested.

Thank you.
How is it useful?
To mitigate VoIP signaling and media DoS attacks, strong authentication is the key. VoIP components need to make sure that they are communicating with legitimate counterparts.
Protocols in VOIP
Voice over IP has been implemented in various ways using both proprietary protocols and protocols based on open standards. Examples of the VoIP protocols are:
Media Gateway Control Protocol (MGCP)
Session Initiation Protocol (SIP)
H.248 (also known as Media Gateway Control (Megaco))
Real-time Transport Protocol (RTP)
Real-time Transport Control Protocol (RTCP)
Secure Real-time Transport Protocol (SRTP)
Session Description Protocol (SDP)
Inter-Asterisk eXchange (IAX)
Jingle XMPP VoIP extensions
Skype protocol
Session Initiation Protocol
A signaling protocol used to create, manage and terminate sessions in an IP based network.
Has been the choice for services related to Voice over IP (VoIP) in the recent past.
Functions of SIP
SIP is limited to only the setup, modification and termination of sessions. It serves four major purposes
• SIP allows for the establishment of user location (i.e. translating from a user's name to their current network address).
• SIP provides for feature negotiation so that all of the participants in a session can agree on the features to be supported among them.
• SIP is a mechanism for call management - for example adding, dropping, or transferring participants.
• SIP allows for changing features of a session while it is in progress.

Components of SIP
Entities interacting in a SIP scenario are called User Agents.
User Agents may operate in two fashions -
• User Agent Client (UAC) : It generates requests and send those to servers.
• User Agent Server (UAS) : It gets requests, processes those requests and generate responses

End Users are generally the Clients.
It may be a softphone application running on your PC or a messaging device in your IP phone

Proxy Server
: These are the most common type of server in a SIP environment. When a request is generated, the exact address of the recipient is not know in advance. So the client sends the request to a proxy server. The server on behalf of the client (as if giving a proxy for it) forwards the request to another proxy server or the recipient itself.

Redirect Server
: A redirect server redirects the request back to the client indicating that the client needs to try a different route to get to the recipient. It generally happens when a recipient has moved from its original position either temporarily or permanently.

: As you might have guessed already, one of the prime jobs of the servers is to detect the location of an user in a network. How do they know the location? If you are thinking that users have to register their locations to a Registrar server, you are absolutely right. Users from time to time refreshes their locations by registering (sending a special type of message) to a Registrar server.

Location Server
: The addresses registered to a Registrar are stored in a Location Server.

Guidelines to build a secured system
4. Tighten physical security control:
Unless the VoIP network is encrypted, anyone with physical
access to the office LAN could potentially tap into
telephone conversions. Even if encryption is used, physical
access to VoIP servers and gateways may allow an attacker
to do traffic analysis or compromise the systems. Adequate
physical security should be in place to restrict access to
VoIP components.

5. Implement power back up system.

6. Maintain current patch levels.

7. Install anti-virus system and update it regularly.

8. Apply encryption selectively.

Registration hijacking happens when an attacker replaces the legitimate registration of the victim with his address. The attack causes all incoming calls for the victim to be sent to the attacker’s address.

What is Registration hijacking?
Registration is normally performed using UDP, which make it easy to spoof registration requests.

For example, Alice (Client) wants to register his address at registrar using SIP protocol.

The “REGISTER” message looks like the following:

REGISTER sip:alice@atlanta.com SIP/2.0
Via: SIP/2.0/UDP;branch=z9hG4bK776asdhds
Max-Forwards: 70
To: Alice <sip:alice@atlanta.com>
From: Alice <sip:alice@atlanta.com>;tag=1928301774
Call-ID: a84b4c76e66710@
CSeq: 314159 INVITE
Contact: Alice <sip:alice@>;expire=60
Content-Type: application/sdp
Content-Length: 142

In this example, the registered IP address for Alice is changed to from to
Fearing the victim’s legitimate register requests might replace his registration, the attacker can use denial of service attack to disable the victim.
The attacker can also send spoofed requests at a higher frequency than the victim.

1. Develop appropriate network architecture:
It is a good practice to separate voice and data on logically different networks if feasible due to their different QoS requirement.
Use strong authentication and access control on the voice gateway system, as with any other critical network components.

2. VoIP-ready firewalls and other appropriate protection mechanisms should be employed.

3. Do not use Softphone system.

Presentation by:
Anmol Vijaywargiya - 11IT07
Jatin Sood - 11IT33
Prince Regmi - 11IT63
Rohan Bansode - 11IT71
Rubin Maharana - 11IT72
Commands in SIP
:Invites a user to a call
: Acknowledgement is used to facilitate reliable message exchange for INVITEs.
:Terminates a connection between users
:Terminates a request, or search, for a user. It is used if a client sends an INVITE and then changes its decision to call the recipient.
:Solicits information about a server's capabilities.
:Registers a user's current location
:Used for mid-session signaling.

Full transcript