Voice over IP Communication Systems - Research Paper Example

VoIP Intrusion Detection By Department This paper presents analysis VoIP intrusion detection as well as protection techniques suitable for the real-time interactive VoIP communication systems. The paper is a proposal that is based on previous studies regarding the same topic. In the paper, it is well provided that effective communication over VoIP is a necessity in the contemporary economy because of the technology’s advantages and benefits over the traditional telephony communication systems. It is also pointed out that its popularity and the advanced features of the VoIP technology as well as the associated benefits encourage security threats to companies using VoIP communication systems. Hackers are thus highly attracted by the new technology in an attempt to take advantage of its growth and popularity for personal benefits. Nevertheless, various techniques have been incorporated in VoIP communication systems mainly to ensure security against data loss or intrusion and to structure ways of recovering data in case of data loss. The paper however provides that various security technique have been established, but each technique is only applicable to some given security threats. Contents Abstract 1 Regarding confidentiality threats, information that should not otherwise be accessed by unauthorized parties is illegally accessed either physically or technologically. Such information may include end users private documentation, financial information, and security information such as password, conversion content, conversion history or pattern among others. Eavesdropping of phone conversation entails physical access to a line, or even penetration of a switch. Regarding VoIP, the opportunities for eavesdroppers are known to increase drastically [2]. Unauthorized access attacks on the other hand implies that attacker gain the ability to access resources on a given network although they lack the legal authority to do it. Hijacking and call redirection are the commonest forms of VoIP intrusions/threats. In this regard, calls are intercepted and then routed via various paths before they reach the designed destination [16]. 10 2.0LITERATURE REVIEW 10 5.0REFERENCE LIST 17 [1] Al-Naamany, H., Bourdoucen & Al-Menthari, 2008. Modeling and Simulation of Quality.. Journal of Computing and Information Technology - CIT, 16(2), p. 131–142. 17 [2] Batchvarov, A., 2004. Security Issues and Solutions for Voice over IP compared to Circuit Switched Networks. [Online] Available at: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCIQFjAA&url=http%3A% [Accessed 01 December 2014]. 17 [3] Chakrabarti, A. & Manimaran, G., 2002. Internet Infrastructure Security: A Taxonomy. IEEE Network , 16(6), pp. 13-21. 17 [4] Číž, P. et al., 2012. VoIP Intrusion Detection System with Snort. Slovak : Slovak University of Tech\nology, Elmar. 17 [5] Ehlert, S., Geneiatakis, D. & Magedanz, T., 2010. Survey of network security systems to counter SIP-based. computers & Security, Volume 29, pp. 225-243. 17 [6] Heady et.al., 1990. The Architecture of a Network Level Intrusion Detection System: Technical Report CS90-20 , New Mexico: Department of Computer Science, University of New Mexico. 17 [7] Keromytis, A. D., 2009. Voice over IP: Risks, Threats and Vulnerabilities. Proceedings of the Cyber Infrastructure Protection (CIP) Conference. 18 [8] Keromytis, A. D., 2012. A Comprehensive Survey of Voice over IP Security Research. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, pp. 1-24. 18 [9] Mukherjee, B., 1994. Network Intrusion Detection. IEEE Network, 8(3), pp. 26-41. 18 [10] Nassar, M., Niccolini, S., State, R. & Ewald, T., 2007. Holistic VoIP Intrusion Detection and Prevention System. [Online] Available at: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCgQFjAB&url=http%3A%2F%2Fhal.inria.fr%2Finria-00169036%2FPDF%2Fmain.pdf&ei=d8t8VPO5G-m9ygP8kYDYAQ&usg=AFQjCNEnFvqqqN8u89902KggxyUiNelDgA&sig2=E71lIdYHisauGqgnOgWsNw [Accessed 01 December 2014]. 18 [11] Nassar, M., State, R. & Festor., O., 2007. VoIP Honeypot Architecture. In Proc. of 10 th IEEE/IFIPSymposium on Integrated Management 18 [12] Pan, Y., Chung, J. & Zhang, Z., 2012. ENSC 427 Communication Networks Analysis of Performance of VoIP Over various scenarios: OPNET 14.0. SFU Spring 2012, pp. 3-29. 18 [13] Staniford, S., Hoagland, J. A. & McAlerney, J. M., 2002. Practical automated detection of stealthy portscans ’ S.. Journal of Computer Security, 10(1/2). 18 [14] Sun, L. & Ifeachor, E. C., 2006. Voice quality prediction models and their application in voip networks. IEEE Trans. Multimedia, 8(4), p. 809–820. 19 [15] The Government of the Hong Kong Special Administrative Region, 2008. VOICE OVER IP SECURITY. [Online] Available at: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CDQQFjAD&url=http%3A%2F%2Fwww.infosec.gov.hk%2Fenglish%2Ftechnical%2Ffiles%2Fvoice.pdf&ei=V4l8VLihHcbnygO8joHoDg&usg=AFQjCNFb3Sj7kOs0sGePWFJKiOVsZpqM_Q&sig2=BIgciEWv854p0dvfkNlH4Q [Accessed 1 December 2014]. 19 [16] Unuth, N., 2014. Security Threats In VoIP. [Online] Available at: http://voip.about.com/od/security/a/SecuThreats.htm [Accessed 01 December 2014]. 19 [17] Vuong, S. & Bai, Y., 2005. A Survey of VoIP Intrusions and Intrusion Detection Systems, Vancouver: Department of Computer Science and Department of Electrical and Computer Engineering, University of British Columbia. 19 1.0 INTRODUCTION VoIP is an acronym for Voice over IP. It is a methodological approach as well as technologies for delivering multimedia sessions and voice communications over Internet Protocol (IP) networks like the Internet. It can as well be considered as a group of products, which enable advanced communication services usually over data networks [8]. The technology is today emerging as a substitute to the traditional telephone systems and the associated technologies. The invention of this new technology and its benefits has greatly contributed to its growth. The same factors are now contributing to increased hacking problems within the industry [7]. This problem had not however hindered its ever-increasing popularity and deployment. As this goes on, users suffer various problems associated with VoIP threats from various protocol layers [5]. Nevertheless, VoIP has a significant uptake in enterprise and consumer markets. Many enterprises using VoIP systems are increasingly getting rid of their outdated phone switches and then replacing them with the VoIP-based system implementation. These efforts are mainly meant to introduce new features as well as to eliminate any redundant equipment [8]. The only major problem is the VoIP intrusion threats that accompany the implementation. Regarding the side of consumers, they have increasingly embraced slews of technologies that have different feature, but they also consider the associated costs. Some technologies embraced by many consumers include the P2P calling (which mainly involve the use of program like Skype), networking bridging using Internet-to-PSTN technology, as well as wireless VoIP [8]. Fig.1 below shows a typical case of VoIP from a residential network context. Fig.1: Typical VoIP Residential Network (Source:http://upload.wikimedia.org/wikipedia/commons/4/44/Voip-typical.gif) 1.1 Background Many start-up companies have been considered the main promoters of the VoIP technologies and most of the associated technology models. Consequently, the conventional status quo within both telephony and personal communication are increasingly facing significant challenges. In response to the associated advantages and consumer preferences, many PSTN providers have already implemented VoIP communication systems or they are in the course of adjusting from the conventional networks that are circuit-switched to the VoIP-friendly packets [8]. Governments and militaries have also adopted the same networks systems owing to their associated benefits. Their reliance over equipments that are Commercial Off The Shelf for most of the computing needs makes it necessary to adopt the VoIP communication technologies. 1.2 Problem Description/Definition The problems facing VoIP intrusion detection are based on the motivating factors and the need for intrusion detection. While security threat is one of the key issues, failure to achieve the need for intrusion detection is a major problem. The motivational factors for VoIP information systems is nevertheless the major factor behind all the threats and possible failures in achieving the requirements of VoIP systems. 1.2.1 Motivation for VoIP Intrusion Intrusion can be generally described as a situation in which intruders break into systems or cases whereby legitimate users misuse the resources of specific systems [6]. There are mainly three categories of VoIP network intrusion and the motivation of intrusion varies from one type to another. The three categories of intrusion include the intrusion associated with IP networks, intrusions inherited from the traditional telephone technology systems, and the intrusions specific only to VoIP network protocols. Generally, various intrusion vulnerabilities are known to be associated with the need to interoperate the new VoIP communication technologies with the existing traditional telephony infrastructures. The intrusion vulnerability is also associated with the high speed of VoIP systems development as well as deployment [7]. Specifically transmissions, which are IP-based, are inherently unsecure. This aspect attracts intrusion threats posed by hackers. VoIP applications in this regard are likely to face security threats that have been inherited from the conventional IP networks [3]. A comprehensive study of this category of security intrusion shows that the key attraction of hackers to the IP-based VoIP transmissions is the low level of security associated with the adoption of some features of the conventional IP infrastructures [3]. From the perspective of the traditional telephony systems, the security risks are insignificant, but there are some threats associated with switch security. Some of these security issues include phone calls especially unwanted phone calls, free phone calls that arises from the use of other individual’s phone number specifically through the hacking of the signalling system, as well as masquerading the caller or the callee [17]. The motivation behind this attack is based on the ease of illegal intrusion especially given the hackers’ knowledge of the existing IP communication systems. 1.2.2 The Need for Intrusion Detection System (IDS) Given the malicious activities by hackers, organizations and individuals see the need to implement Intrusion Detection Systems. IDS is highly required by administrators to help them in monitoring and defending against any security breach by VoIP intruders and other types of hackers [13]. The techniques applied in this case to detect security intrusion may be in the form of misuse detection or anomaly detection [13]. Usually, IP telephony, VoIP, Digital Phones, and Internet telephony are some of the major routings of voice communication over the internet among other IP-based networks. In this regard, the need to detect any form of unauthorized intrusion is usually a priority. The reason for this is that the prevention of intrusion could be applied as an extension of an IDS for ensuring the implementation of an effective intrusion protection model [13]. This is done to help prevent malicious attacks according to Staniford, et al., (2002). A typical model in this regard would include aspects like Sip server, IDS, traffic generator, a compatible operating system, and a traffic generator or a free Open Source Test Protocol. A prevention system and a free open source network intrusion detection are also critical aspect of the Intrusion detection model as shown in Fig. 2: Figure 2: A typical Intrusion Protection Model 1.2.3 The Problem The VoIP technology is widely implemented today, but it can be considered as being is far from being effective especially when it comes to data and information security. The problem in this regard is that there are no dominant protocol standards in the markets. Every vendor uses either own proprietary or one of the two major two standards. These standards include the H.323 and SIP (Session Initiation Protocol) [10]. Based on this assertion, The problem in this case is that proprietary protocols contribute to difficulties in inter-connecting products from different vendors. Other than such difficulties, the issue of security concerns adds to the problem. Nevertheless, there has been an increasing support for the use of protocols like the H.323 or SIP as well as VoIP transfer voice signal over IP based networks [10]. Generally, the implementation of the OPNET 14 Software could be necessary for successful implementation in order to reflect a way of solving the reflected problems and achieve possible advantages of VoIP against the traditional PSTN [1]. 1.2.4 Description of Common VoIP Threats Various security threats are associated with VoIP intrusion detection. These threats are based on the fact that VoIP systems rely specifically on data networks. This implies that security weaknesses as well as the various types of intrusions/attacks associated with data networks are feasible. An instance is a situation whereby physical access could occur to conventional telephony systems. The same could happen to telephone lines among other forms of physical intrusion according to a research article by the Government of the Hong Kong Special Administrative Region (HKSAR) [15]. According to the study, IP phone hosts that are PC-based are more susceptible to security intrusion and attacks because of most hackers have more prevalence over PC systems compared to other technology systems. Besides these security problems, there are still other security threats that could be identified through VoIP intrusion detection. They include confidentiality threats, phone conversation’s eavesdropping, unauthorized access, as well as cell redirection [16]. Regarding confidentiality threats, information that should not otherwise be accessed by unauthorized parties is illegally accessed either physically or technologically. Such information may include end users private documentation, financial information, and security information such as password, conversion content, conversion history or pattern among others. Eavesdropping of phone conversation entails physical access to a line, or even penetration of a switch. Regarding VoIP, the opportunities for eavesdroppers are known to increase drastically [2]. Unauthorized access attacks on the other hand implies that attacker gain the ability to access resources on a given network although they lack the legal authority to do it. Hijacking and call redirection are the commonest forms of VoIP intrusions/threats. In this regard, calls are intercepted and then routed via various paths before they reach the designed destination [16]. 2.0 LITERATURE REVIEW 2.1 Overview and Taxonomy Network consolidation as part of the VoIP technology has been known to enable the transmission of data, voice, and video over one single network. The integration in this regard has been found to significantly reduce setup and maintenance costs. With service convergence, enhanced functionality can be implemented through coupling of multimedia services [2]. The deployment rate of VoIP is increasing steadily. According to Juniper Research, the rapid growth of the global VoIP market will contribute $18 billion in revenues by 2010 [3]. Securing VoIP system is more challenging than securing pure data network. First, all security problems related with data network appear in VoIP system since they share same network infrastructure. Secondly, VoIP does not have a dominant standard so far. The support of two standards in products just increases the chance of buggy application. Dozens of proprietary protocols make the matter worse. Thirdly, the QoS (Quality of Service) requirement of VoIP has been considered to leave less working room for possible security measures. A very secure VoIP system that cans not deliver good voice quality is not attractive. 2.2 Developments and Fundamentals of the Research/Technology Security on communication and information systems is highly essential. The power of information confidentiality is so high that illegal access could render companies facing huge losses in form of information, data, or funds [16]. There has therefore been the need to ensure various mechanisms that could adequately and successful ensure that information security is maximized. The most important process of ensuring security on data and information has been considered to be detection of possible threats or intrusions. VoIP intrusion detection has thus been a key area of study by many researchers. In the process of designing security mechanisms, it is required that organizations determine the degree of each security requirement. It has been considered to be a great idea to consider the motives of attackers and the mode of each security intrusion to VoIP systems. For instance, an attack associated with Denial of Service (DoS) would involve mainly security attacks on networks or it could involve a given device denying it or a connectivity or service [16]. The detection of the DoS attacks would be thus based on its attributes such experiencing overloaded network or the internal resources of a given device [16]. Although this could be attributed to other system problems or malfunctions, the probability of being due to security attack is quite high. The VoIP DoS attack here could be initiated through the flooding of the targeted information system or communication using unnecessary Session Initiation Protocol (SIP) call signal messages. Such activity would consequently degrade the service [16]. The attacker then gets the remote control by completely denying the service to the target. For certainty on the intrusion, the use of a VoIP intrusion detection system is highly recommended. 3.0 COMPREHENSIVE DISCUSSIONS To ensure a thorough insight into the VoIP intrusion detection, various areas are considered. One of them is the key VoIP threats and associated problems. In this regard, various intrusion threats are analysed and the problems resulting from possible intrusions and the problems leading to the intrusions with regard to IP network [10]. Another consideration is the design for VoIP intrusion detection models, which include the best VoIP intrusion detection architecture possible like the Distributed VoIP Intrusion Detection Approach [10]. Implementation is the final aspect to consider in this case, especially the implementation of VoIP-specific Honeypot through a combination of software programs like the Openser2 and Asterisk3 [6]. 3.1 Key VoIP Threats and Problems VoIP security intrusions/threats have been known to involve a superset faced by most of the data networks. Studies have shown that the major sources of security threats to VoIP systems are based on the fundamental application of IP network [10]. This implies that all VoIP infrastructures seemingly share common vulnerabilities, which are also faced by data networks [10]. VoIP-specific threat have also been found to represent major intrusion concerns. Identity theft, fraudulent usage, eavesdropping, and social attacks constitute some of the most dangerous VoIP-specific attack. DoS attacks on the other hand could be oriented against most VoIP infrastructures, which consist of servers, proxies, and agents. They have therefore been found to have the capability of completely shutting down VoIP infrastructures. Other attacks such a worms, viruses, and backdoors can on the other hand give way to controls on IP phones as well as VoIP proxies thereby giving way to more malicious purposes. Password cracking is also a major threats and a problem, which is often launched to promote a fraudulent usage, SPIT/Vishing activities, and privacy violations among other unauthorized activities. Given the associated problems, the designing of a security solution for distributed threats that are multi-protocol and QoS sensitive has been considered a hard task. 3.2 Design for Intrusion Detection and Prevention VoIP architectures are usually distributed and they consist of proxy servers, application servers, gateways, and terminals among other components [10]. They are therefore difficult to handle with the use of centralized security approaches. Consequently, the architecture of intrusion detection systems needs to be distributed unless in a situation where the networks being utilized are designed in dedicated ways. In this project, consideration of the possibility to use one entry point is done. Nevertheless, given the distribution nature of most VoIP architectures, distributed approaches are highly recommended. The distributed approach involve the combination of VoIP-specific Honeypots and application layer monitoring schemes based on SIP [10]. The distributed approach can then detect multiple categories of attacks under the basis of two combined solutions. The implication in this case is that the distributed approach is the best, but the two models/approaches can be applied concurrently. Fig.3: Distributed VoIP Intrusion Detection Approach [10] Fig.3 above presents the general architecture for an intrusion detection model. In this regard, the VoIP specific domain Honey-pot is completely separated using the actual infrastructure domain. At the same time, the application layer monitoring, which is distributed, is achieved. This leads to the deployment of the VoIP security Event Correlation (SEC) on the elements of VoIP infrastructure, which include SIP Proxy Servers and Terminals among others [9]. Accommodating the VoIP-specific Honey-pot into the intrusion detection architecture may require the introduction of another domain. The additional domain would create a bridge between the two internal domains that include real and honeypot, and the external domain. This would enhance the routing of attacks to real requests and honeypot domains to the real domain with the hiding of domain-specific information. Typically, both the production (real) and honeypot domain are disconnected to hinder backdoors specifically to the key production environment after VoIP-specific Honeypot is fully compromised. The key idea in this model is to ensure that detection and prevention of threats are successfully achieved in the course of sharing information between the real and honeypot domains [10]. 3.3 Implementation Generally, the main objective of using the Honeypot would be the attraction of attacks specifically into environments that are secure and fully observed [4]. This would promote the analysis of any attacking schemes in order to generate meaningful prevention mechanisms against the attacks [11]. The Honeypot would be required to provide meaningful services worth being attacked. Such services could be simulated to same time and other resources [12]. SIP Honeypot would simulate a complete SIP network. The Honeypot would be as shown in Fig. 5. Fig. 5: The Honeypot Model An effective implementation of VoIP-specific Honeypot would require the use a combination of software programs including Openser2 and Asterisk3 [6]. The Openser2 is typically a software program for open source SIP servers while Asterisk3 is open PBX and would offer various applications and services like gateway functionalities, Interactive Voice Response, and Mailboxes among others [14]. 4.0 CONCLUSION From the references on various literatures, it can concluded that VoIP intrusion detection can only be successful through the application of the right procedure in designing the intrusion and prevention system and implementation. Designing the intrusion detection model nevertheless depends on the nature of probable threats and the distribution of the respective VoIP infrastructure. It has been found that most of the VoIP infrastructures are usually distributed and thus the use of a distributed VoIP intrusion detection system would be required. A system of detecting intrusion could however be designed based on one entry point, but this would not prioritized the detection of all possible vulnerabilities. All the elements of VoIP architecture should therefore be considered including the way they are distributed. Such a model would make it possible to monitor and prevent intrusions from various points throughout the VoIP system. A centralized security approach, alone, would not be effective, but the use of the two approaches could be initiated. To minimize the project resources, the simulation of the real VoIP services such as gateway functionalities, Interactive Voice Response, and Mailboxes would be highly advocated. 5.0 REFERENCE LIST [1] Al-Naamany, H., Bourdoucen & Al-Menthari, 2008. Modeling and Simulation of Quality.. Journal of Computing and Information Technology - CIT, 16(2), p. 131–142. [2] Batchvarov, A., 2004. Security Issues and Solutions for Voice over IP compared to Circuit Switched Networks. [Online] Available at: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCIQFjAA&url=http%3A% [Accessed 01 December 2014]. [3] Chakrabarti, A. & Manimaran, G., 2002. Internet Infrastructure Security: A Taxonomy. IEEE Network , 16(6), pp. 13-21. [4] Číž, P. et al., 2012. VoIP Intrusion Detection System with Snort. Slovak : Slovak University of Tech\nology, Elmar. [5] Ehlert, S., Geneiatakis, D. & Magedanz, T., 2010. Survey of network security systems to counter SIP-based. computers & Security, Volume 29, pp. 225-243. [6] Heady et.al., 1990. The Architecture of a Network Level Intrusion Detection System: Technical Report CS90-20 , New Mexico: Department of Computer Science, University of New Mexico. [7] Keromytis, A. D., 2009. Voice over IP: Risks, Threats and Vulnerabilities. Proceedings of the Cyber Infrastructure Protection (CIP) Conference. [8] Keromytis, A. D., 2012. A Comprehensive Survey of Voice over IP Security Research. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, pp. 1-24. [9] Mukherjee, B., 1994. Network Intrusion Detection. IEEE Network, 8(3), pp. 26-41. [10] Nassar, M., Niccolini, S., State, R. & Ewald, T., 2007. Holistic VoIP Intrusion Detection and Prevention System. [Online] Available at: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCgQFjAB&url=http%3A%2F%2Fhal.inria.fr%2Finria-00169036%2FPDF%2Fmain.pdf&ei=d8t8VPO5G-m9ygP8kYDYAQ&usg=AFQjCNEnFvqqqN8u89902KggxyUiNelDgA&sig2=E71lIdYHisauGqgnOgWsNw [Accessed 01 December 2014]. [11] Nassar, M., State, R. & Festor., O., 2007. VoIP Honeypot Architecture. In Proc. of 10 th IEEE/IFIPSymposium on Integrated Management [12] Pan, Y., Chung, J. & Zhang, Z., 2012. ENSC 427 Communication Networks Analysis of Performance of VoIP Over various scenarios: OPNET 14.0. SFU Spring 2012, pp. 3-29. [13] Staniford, S., Hoagland, J. A. & McAlerney, J. M., 2002. Practical automated detection of stealthy portscans ’ S.. Journal of Computer Security, 10(1/2). [14] Sun, L. & Ifeachor, E. C., 2006. Voice quality prediction models and their application in voip networks. IEEE Trans. Multimedia, 8(4), p. 809–820. [15] The Government of the Hong Kong Special Administrative Region, 2008. VOICE OVER IP SECURITY. [Online] Available at: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CDQQFjAD&url=http%3A%2F%2Fwww.infosec.gov.hk%2Fenglish%2Ftechnical%2Ffiles%2Fvoice.pdf&ei=V4l8VLihHcbnygO8joHoDg&usg=AFQjCNFb3Sj7kOs0sGePWFJKiOVsZpqM_Q&sig2=BIgciEWv854p0dvfkNlH4Q [Accessed 1 December 2014]. [16] Unuth, N., 2014. Security Threats In VoIP. [Online] Available at: http://voip.about.com/od/security/a/SecuThreats.htm [Accessed 01 December 2014]. [17] Vuong, S. & Bai, Y., 2005. A Survey of VoIP Intrusions and Intrusion Detection Systems, Vancouver: Department of Computer Science and Department of Electrical and Computer Engineering, University of British Columbia. Read More