Analysis of Voice over Internet Protocol - Security Issues and Solutions - Term Paper Example

Analysis of VoIP: Security Issues and Solutions: A Survey Authors Name/s per 1st Affiliation (Author) line 1 (of Affiliation): dept. name of organization line 2: name of organization, acronyms acceptable line 3: City, Country line 4: e-mail address if desired Authors Name/s per 2nd Affiliation (Author) line 1 (of Affiliation): dept. name of organization line 2: name of organization, acronyms acceptable line 3: City, Country line 4: e-mail address if desired Abstract—In the past few years, there have emerged a large number of technologies which have quickly gained the popularity among people. In this scenario, VoIP (voice of internet protocol) is one of the most attractive technologies that have quickly become a need for people. Though, VoIP brings a number of benefits for its users but at the same time it brings various security concerns that discourage the use of this technology. The basic purpose of this paper is to analyze some of the important security concerns and propose solutions. This paper first discusses the concept of VoIP, and some of the important aspects associated with VoIP such as its working, benefits and uses. After that this paper discusses security and privacy concerns associated with VoIP along with suggestions to deal with them. Keywords-VoIP; IP; QoS; DoS; P2P, firewalls I. Introduction Voice over Internet Protocol (VoIP) is a well-known buzzword nowadays. It is a new technology based communication or way of talking over the phone just round the corner. Basically, the VoIP is a modern technology that does not require using traditional phone line for the distribution of voice signals in its place it uses broadband Internet connection. Before we go into the detail of security issues and challenges faced by people while using or through this technology it is necessary to understand the basics of VoIP networks. It is an admitted fact that the Internet communication is carried out in the form of digital signals while voice appears in the form of analog signals. Basically, in order to convert these analog signals into digital signals a variety of services are used that transform one’s voice into a digital signal in order that it could move all over the Internet. In the same way, when the Internet connection is used to make a call to a traditional phone system then this digital signal is again converted to an analog signal in order to support the communication process. In addition, using VoIP the users can make calls to different destinations for instance they can make a call directly from a computer to computer, or a traditional phone linked with a special adapter or a special VoIP phone. Moreover, at the present, almost on every popular location like that parks, airports and cafes contain hot spots which let one to connect to the Internet and allow them to make use of VoIP service without having special equipment [3]. The main advantage of this technology is that it minimizes the costs that come with a customary phone line, as a minimum at this point of the game. Additionally, this is new communication technology framework that offers the savings of hundreds, or yet thousands of dollars for a number of people. In addition, someone who has utilized voice chat software would be aware of the latency concerns that propagate through some kind of data transfer comprising the internet. However, VoIP technology addresses the latency concerns through RTP, or real time communication protocol. This communication protocol guarantees that data packets are sent and received in a timely way [7]. However, at the same time it raises various concerns and some of them are related to security and privacy of this data. This paper presents a detailed analysis of concerns and issues that occur while using VoIP systems. The basic purpose of this research is to analyze the security weaknesses of VoIP and propose some mechanisms to overcome these weaknesses. This paper starts with a detailed introduction of VoIP, its benefits and uses. After that a detailed discussion on security issues and solutions is provided. II. The Evolution of VoIP The VoIP framework is based on the broadband technology and makes use of the World Wide Web (WWW) to route its communication calls. In this scenario, the most excellent thing is that the person who is being called through web phone needs not essentially have it as well to accept our call. So the technology that has brought modernism in our business and educational worlds as a minimum we need to look at its history. Historically, this technology emerged in 1990 when internet phone was utilized using H.323 protocol in place of currently available common SIP protocol. Additionally, this communication software was extremely well known in the marketplace and through 1996. In this scenario Vocaltec had a success through IPO establishment. The place that SKYPE takes up in the marketplace was then occupied by Vocaltec. The weakness due to which this software got issues was the non-accessibility of high speed internet facility or broadband capability and a resulting reduced voice quality due to modems. The lower voice quality was inferior as compared to the usual phone calls. In addition, the networking producers like that Cisco and Lucent soon became popular due to software applications that are able to route and switch the VoIP communication based packets traffic and consequently in the year 2000 VoIP technology based communication traffic accounted for 3 percent of the whole voice traffic in US. After that the year 2005 has seen all the important matters regarding VoIP traffic and thus clients are guaranteed of outstanding voice quality as well as continuous phone calls. Additionally, the benefit that was attained through this revolution that has been formulated out of sale of VoIP tools and equipment only in the year has been approximately $3 billion that reached up to $8.5 billion in 2008. The cause at the back of this amazing figure is small cost limitless calling plans and above all plenty of a variety of communication services and characteristics in telephone communication connected to VoIP technology. Moreover, the need for video over this technology is increasing gradually and the speed through which this communication technology is going forward, its expansion is terribly thrilling. In this scenario, video phones have already been launched by a corporation named as Packet and it is marketing it by means of good-looking characteristics [3, 5]. III. Usefulness of VoIP Technology There are a lot of reasons people prefer to choose VoIP technology for telephone service. However, the major reason is its less cost. VoIP communication technology has turned out to be well-known mostly for the reason that it is cost effective to the customers over customary telephone and communication networks. Additionally, VoIP reduces monthly phone bill by 50%. In addition, it also permits less costly worldwide or long distance calling rates that could be one-tenth of what is accused through customary phone businesses. On the other hand, its portability makes it an extremely high-quality option and one would like to keep away from costly hotel phone costs as well as cell phone roaming costs. However, it requires a high speed internet broadband link where one could be able to plug the communication set adapter into and people could contact them at their local number regardless of their location. Moreover, the majority of web sites charge a flat monthly communication fee arrangement from the customers. On the other hand, VoIP strategies do not charge per-minute charges for long distance calls. In addition, through VoIP calls using internet supported cell phones one could keep away from wireless roaming costs and long distance rates that normally touch north. However, the majority of the occasions in-network calls to additional VoIP service subscribers are free yet if the calling groups are situated in diverse areas of the world [7, 9]. IV. Major Features of VoIP The major benefit of VoIP is that it allows the users to make calls from anyplace in the world where a broadband internet link exists. In this scenario, people take their IP telephones or ATA's with them on nationwide as well as worldwide trips and yet are able to access what is fundamentally an individual's household phone line. Additionally, most of the VoIP services come with call waiting, caller id, repeat dialing, call transfer and three-way dialing characteristics. However, for extra features or services like that forwarding a call, call filtering or transferring calls straight to the voice mail, the communication service provider can charge an extra fee. In addition, some of the VoIP facilities and services as well permit users to verify their voicemail on the web or attach messages to an e-mail that is transmitted to their PC or PDA. Normally, the services and parts offered by VoIP phone system service operators and suppliers can differ in different scenarios. Thus, people should evaluate the advantages and disadvantages before adopting these services. Furthermore, people should make sure that they have accessible technical support for the probable compatibility problems that could happen between the existing and new hardware components [1, 7]. V. The uses of VoIP VOIP has turned into to be an evolving technique of communication in the contemporary world, particularly in sales-oriented professions. Additionally, most of the corporations are making use of this innovative technology to perform their business operations. However, its uses can be categorized into three main groups [2, 3]: For communication and to connect VOIP phones services inside single premises with the building's LAN (Local Area Network). To communicate and connect VOIP phones services between numerous locations of the similar business with a backbone communication network. To communicate and connect VOIP communication phones to normal telephones in dissimilar associations or for sale purposes VI. The Economics of VoIP VoIP communication technology has turned out to be well-known mostly due to its cost effectiveness as compared to customary telephone networks. In addition, the majority of Americans spend a flat monthly expenditures for local telephone calls and a for the per-minute costs of for long-distance phone calls. In this scenario, VoIP calls can be done all through the internet and all through the world. However, the most of the internet sites charge a flat monthly cost. Additionally, with internet connection both voice calls and data traffic allow the people to get rid of monthly bills of communication. In addition, VoIP plans do not force the customer to pay per minute for a call. Thus, people can save a lot of money by switching to VoIP technology [9]. VII. How VoIP Works? The most common method of VoIP working is that the end user establishes a set up using high-speed broadband communication connection, a router and a VoIP communication gateway. Additionally, in place of a standard telephone communication link, here a router is used to transmit the telephone calls on a web based link. In this scenario, the VoIP communication gateway, located anywhere in closest location of the linked internet transforms the analog signals into digital format, those are more smashed into little chunks acknowledged as 'packets', previous to transmitting it over the internet. This process is similar to the way data is sent to and received from the computer. In this scenario, these data and information packets are transmitted to their last target as well as orders for carrying back into a comprehensible format are implanted in them. It then passes through a VoIP gateway, which decodes these data packets into the unique analog arrangement by making use of a Public Switched Telephone Network (PSTN), thus routing the illustrated to the number the caller has inserted for connecting. After that combining old school technology and hi-tech deliverance in a flawless as well as immediate method [1, 5]. Figure 1VoIP P Communication Method, Image Source: http://bstechnology.net/voip-solutions/ However, different types of VoIP tools and services are available to make communication simple and effective. In this scenario, the voice chat facilities offered by Google-Talk, MSN or Yahoo messenger could be considered as a VoIP. In addition, the extremely publicized communication through Skype; however these are proprietary arrangements. For instance, in order to communicate to somebody using MSN, an individual at the other end must also have MSN. The same condition also applies to the Yahoo as well as other communication tools as they make use of their own particular system for the communication and this system is not open as well as would not connect to other systems simply. In fact, VoIP should actually be based on SIP system that is a standard. In addition, SIP well-suited systems or devices can communicate with others even though people do not make use of PC [1, 5]. Additionally, some of the SIP telephones can make calls to the different sides over the web without requiring some extra equipment or even a phone supplier. People only have to plug their SIP phone into the web connection, organize it and then dial the further person right over the web. However, in this communication process, our voice is transformed into data packets, similar to small files, and then sent to the receiver over the internet as well as re-interpreted back into our voice at the further end. In addition, to make this communication faster, these data and information packets are compressed previous to sending, a bit similar to zipping a data file [1, 5]. VIII. Challenges, Concerns and Solutions This section discusses some of the issues and problems associated with VoIP technology. In fact, VoIP technology is speedy, suitable and less costly. It has, though its own issues and problems. These problems are fundamentally because of the present dependence of already available technologies on traditional telephone based communication technology; and the inadequacy that can infect computer communication technology. Unless the entire nation or world consents to move to VoIP, these communication services are probable to stick to their old techniques. As VoIP depends on web based technology, it is as well vulnerable to the issues that engage in the internet and computers. Thus, in this scenario, people can expect similar issues such as crashes, viral attacks and stolen packets. At the present we are familiar with the fundamental answer to how does VoIP work [14, 15]. Actually, this portion of technology does grasp numerous potentials. Similar to everything else, the old methods of communication above long distances have to be modified. In this scenario, VoIP communication services could be initial logical move that can be taken. However, it can take a long time, previous to VoIP turns into a completely integrated and snag free system. Another important issue with VOIP is regarding emergency calls. Customary phone equipment can be used to trace caller’s location. In this scenario, the emergency calls are changed to the adjacent call center where the communication operators are able to observe caller’s place in conditions caller is not able to talk. Though, for the reason that a voice-over-IP call is fundamentally a move of data among two IP addresses, not communication based physical addresses, with VoIP there is at present no method to decide where the phone call is initiated. Thus, it is very difficult to access the location of caller. In the course of the total blackout a usual phone is kept in service through the present supplied all through the phone line. However, this is not possible in case of IP phones, consequently when the electric power goes, there is no way that people could use VOIP phone service [14, 15]. Without a doubt, the basic reasons of attraction and adoption of VoIP technology is its lower price. In this scenario, people save a lot of money which otherwise they would have to pay via bills at the end of every month. In this scenario, this cost saving does not only include the costs that they have saved by not paying the bills at the end of every month but also it includes the expenditures that people spend in buying new hardware, possible switch over costs, training costs and loss of business in changeover. Without a doubt, there are many ways through which organizations can minimize their expenditures by adopting VoIP as it involves minimum usage cost, cheaper network substructure and lower costs of maintenance and support. On the other hand, when a firm starts integrating data and voice communication into a single united network, it becomes essential for them to take care of various associated aspects such as manageability, performance and complete security comprising authentication, authorization confidentiality and integrity of their data [9, 14]. Though, VoIP promises to bring inclusion, growth, and innovation however it also brings a variety of security issues along with challenges that have been discussed above. In fact, the research has shown that implementing security for VoIP system is a very challenging task. In view of the fact that this technology makes use of the Internet features in order to support communication and distributing data from one place to another hence it involves dealing with all kinds of issues that can occur on the Internet communication. In this scenario, there are various aspects that make the implementation of security difficult in the context of VoIP. Some of these features can include host of trust, functional and implementation complexities. Without a doubt, these features also make the VoIP environment an excellent choice for the individuals and organizations. Additionally, it’s flexible, powerful, distributed and open, nature of environment some of the key aspects that make this environment complex. In this scenario, one of the major challenge that comes in the way of security implementation for this model is the absence of any central management. In other words, in case of VoIP there is no central authority that is responsible for the implementation or modification of this system design as it exists in the case of PSTN [15]. In view of the fact that VoIP technology allows all kinds of programmers to develop and implement the applications to support voice communications. In this scenario, poorly developed and implemented code and designs open new horizons for illegal users and attackers. They always remain in the wait of an opportunity like a loophole through which they can enter into the system to carry out their desired tasks. As there is no central authority responsible for the implementation and management of security mechanism for VoIP system so the implementation of security protocols and mechanisms completely depends on the development firms or developers. Additionally, end-users’ sophistication, requirements and expectations will drive the security of the service much more than in the PSTN. At the same time as VoIP shapes the line concerning who can design and implement a specific service or tool, in the same way it shapes the line concerning who is responsible for deploying and configuring it. In this scenario, end-users and system developers will have to play a significant role in arranging and modifying voice services, as in many cases resulting consequences of misconfiguration will open security vulnerabilities [15]. Without a doubt, for many years VoIP has been proved to be an excellent technology. In the past few years, it has caught the attention of the majority of people and organizations. However, its basic vision was to traditional Public Switched Telephone Network (PSTN) with Internet based communication has not been proved to be true. The basic reason behind this is the challenges in the use of this technology. These challenges appear in different forms such as data and information security, emergency calls, reliability are minimizing the integration of VoIP. Without a doubt, at the present there are many places where VoIP is used along with a combination of technologies with the purpose of minimizing expenditures, along with still keeping the PSTN if a consistent communication is necessary [6]. As discussed above, communications via VoIP is beneficial from the cost perspective on the other hand the use of VoIP brings a variety of security issues and challenges that are difficult to avoid. The research has shown that without imposing strict security measures the communications through VoIP can be certainly eavesdropped (someone can listen to this communication) and by making use of false configurations and software, a hacker or attacker can harvest personal information such as buddy lists and call records. In the worst case, they can be make use of this data for conducting illegal activities. For instance, these communications can contain a variety of personal information such as credit card information, postal addresses or email addresses. An attacker can hack this information and can misuse it for sending spam emails, entry vectors or identity theft for more elaborate tricks. On the other hand, when this communication is made through peer-to-peer (P2P) VoIP systems these issues and challenges turn out to be even more noticeable [8, 17]. It is an admitted fact that P2P VoIP systems that are believed to be the subsequent generation of VoIP, are able to offer more fault-tolerant, reliable and affordable mechanisms for communication, differ from the old-style central environment and bind the joint resources of the end-users in order to provide and maintain services. In fact, it can be a major cause of serious security issues for the reason that end- users have to trust in relatively unreliable peers for managing the system. Even though P2P VoIP is believed to be potentially useful for various other reasons but there is still need for incorporating additional security features with the intention of making VoIP a secure option as well. In view of the fact that these P2P systems are not provided by a reliable service provider, hence it is essential for the end-users to make use of a strategic approach to keep away from expected security issues. In addition, in absence of a principal authority it will be a challenge to determine and detect illegal or unauthorized peers. In this scenario, end-users must be well aware of latest tricks and threats and they should avoid from sharing their personal information while using these communication channels [8, 17]. In view of the fact that VoIP makes use of Internet based protocols for ensuring the voice communication among systems hence it becomes vulnerable to nasty service disruptions due to denial of service (DoS) attacks. In this kind of attacks, an attacker generates unnecessary data traffic with the purpose of overcoming or destroying network services that are using VoIP communication and these services become inaccessible to legal users. By generating excessive traffic, attackers are also able to cause service disruption. In addition, this unnecessary traffic produced by an attacker also generate various negative effects with respect to effective access to the network services and other resources accompanied by the voice communication, by this means resulting in a decline in the voice quality [13, 14]. At the present there are many security solutions for VoIP applications to present a reasonable voice Quality of Service (QoS), but there is still lack of practical solutions for dealing with such kinds of problems. The research has shown that when organizations make use of VoIP technology in the place of work for communication purpose, it presents excellent opportunities for attackers and hackers to access voice data when a VoIP call is launched, for the reason that these calls follow through uncertain mechanisms over the internet. In addition, it is difficult to implement a solution that could deal with security issues of VoIP and these issues will continue to exist until these networks are developed on shared public communication platform. By means of these open networks, attackers and hackers will be able to get an entry into the network to with the purpose of gaining illegal access to user data or to disturb the voice call. In short, the transfer of business data and communication to internet supported environment has caused the creation of a large number of security issues like that Denial of Services, Eavesdropping, Call Hijacking, Man-in-The-Middle, Snooping and Phishing. As soon as VoIP turns out to be more common, the security issues and concerns will also rise [14, 16]. There are various solutions to deal with these issues. In this scenario, data encryption is believed to be a very useful mechanism to deal with security issues that occur in VoIP environment. However, there are not much research has been conducted to determine the effectiveness of data encryption for VoIP. In this scenario, there are also other solutions which make use of a mixture of best security techniques for instance a solution is to protect the end device by means of firewalls, and distribute data via a protected encryption and Virtual Private Network (VPN) [14, 16]. Basically, a VPN is a security solution makes use of tunneling in order to establish a security association. Additionally, a VPN ensures security by establishing a protected link in second and third layer of the Open System Interconnection (OSI) environment. In this scenario, the connection of second layer does not carry out a special privacy securing process because of its operation that ensures simple privacy. On the other hand, the connection that is established at 3rd layer ensures maximum security as well as ensures user privacy by means of an IPSec (internet protocol security) tunnel and Transport Layer Security (TSL) and Secure Socket Layer (SSL). It can also use other techniques depending on their strengths in ensuring privacy and security. In addition, other solution is encryption in which secret key is used to secure the information. In this process, a sender and receiver of data shares a common key to encrypt and decrypt data. One key is used at sender end to encrypt data and receiver decrypts it using the same key. This process of encryption and decryption is performed by an enhanced algorithm. Basically, encryption is the science of securing information and making it unreadable for anyone who is not authorized to access that information [14, 16]. With the intention of designing and developing a secure VoIP service, developers and programmers need to become aware of possible security issues and threats that can emerge in case of VoIP systems. Until they don’t know and understand these issues and threats they cannot develop an effective system. In the same way, security learners and trainees should take knowledge of opponents with the intention of putting into practice the fruitful countermeasures. In addition, they cannot defend against these security attacks until they don’t understand the nature and characteristics of threats. Though, identifying the nature and features of a security attack is a serious challenge however it is possible by identifying the attack patterns. In this scenario, these attack patterns contain a variety of useful information such as perspective of the attacker, how a type of attack is conducted by the attacker [4, 11]. In addition, the end-users should not try all kinds of services provided by any developer or vendor. In this scenario, they should only trust reliable developers and vendors. For instance, end-users should not download services that are available free of charge and their developers are unknown. IX. Implications The research has shown that various effective solutions can be implemented to ensure the security and privacy of communication carried out through VoIP networks however the implementation of these security solutions can require extra resources and can take additional processing time. As a result, the quality of services and data can be compromised. In this scenario, there are many QoS protocols that attempt to address the compulsory requirements by making use of various aspects and attributes like that queuing mechanisms, packet classification, congestion avoidance strategies and header compression. Unluckily, these aspects and attributes cannot be employed to take advantage together with other security protocols for the reason that they make use of fields in the IP header. Hence, when developers implement security solutions and other protocols the choices to ensure the quality of services are limited [10, 14, 18]. X. Conclusion Without a doubt, VoIP is an attractive technology that has caught the attention of the majority of people. The reason is that everyone desires to have affordable solution for communication however this cost-effectiveness is achieved on the cost of quality. Certainly, VoIP has proved to be useful for voice and multimedia communication but it also raises a large number of issues and concerns. In this scenario, the majority of concerns and issues that it raises are related to security and privacy. This paper has discussed a number of issues and concerns and way they can affect the quality of communication and compromise the effectiveness of communication. Actually, there is no central authority that could be considered responsible for ensuring the implementation and execution of security measures in VoIP. As this environment is supported through the Internet so all those issues that emerged in case of Internet communication can emerge in VoIP systems. This paper has discussed some of the popular ways that attackers and hackers adopt to compromise the effectiveness of VoIP communications. This paper has also discussed some of the useful techniques that can be used to deal with issues. However, as this environment is based on the Internet so complete security is not possible. If these security issues are addressed effectively this environment can become an excellent choice. XI. References 1. Bakre, A., 2006. Intel VoIP over WLAN architecture. New York, USA, ACM. 2. Bijl, P. W. J. d. & Peitz, M., 2010. Regulatory legacy, VoIP adoption, and investment incentives. Telecommunications Policy, 34(10), pp. 596-605. 3. Blake, E. A., 2007. Network security: VoIP security on data network--a guide. Kennesaw, Georgia, USA, ACM. 4. Chavhan, N. A. & Chhabria, S. A., 2009. Multiple design patterns for voice over IP security. New York, USA, ACM. 5. Chou, W., 2007. Strategies to Keep Your VoIP Network Secure. IT Professional, 9(5), pp. 42-46. 6. Fessi, A., Niedermayer, H., Kinkelin, H. & Carle, G., 2007. A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services. New York, USA, ACM. 7. Karapantazis, S. & Pavlidou, F.-N., 2009. VoIP: A comprehensive survey on a promising technology. Computer Networks: The International Journal of Computer and Telecommunications Networking, 53(12), pp. 2050-2090. 8. Koskela, J., Karvonen, K., Kilinkaridis, T. & Gurtov, A., 2010. Secure and usable P2P VoIP for mobile devices. New York, USA, ACM. 9. Li, Y.-M. & Chiu, S.-W., 2011. VoIP pricing in competitive telephony markets. New York, USA, ACM. 10. Nascimento, A., Passito, A. & Mota, E., 2006. Can I Add a Secure VoIP Call?. Washington, DC, USA, IEEE Computer Society. 11. Pelaez, J. C., Fernandez, E. B., Larrondo-Petrie, M. M. & Wieser, C., 2007. Misuse patterns in VoIP. New York, ACM. 12. Radmand, P. et al., 2011. The impact of security on voip call quality. Journal of Mobile Multimedia, 7(1), pp. 113-128. 13. Radmand, P. & Talevski, A., 2010. Impact of Encryption on QoS in VoIP. Washington, IEEE. 14. Radman, P. et al., 2010. VoIP: Making Secure Calls and Maintaining High Call Quality. Paris, France, ACM. 15. Sicker, D. C. & Lookabaugh, T., 2004. VoIP Security: Not an Afterthought. Queue - VoIP, 2(6), p. 56. 16. Walsh, T. J. & Kuhn, D. R., 2005. Challenges in Securing Voice over IP. IEEE Security and Privacy, 3(3), pp. 44-49. 17. Wang, X., Chen, S. & Jajodia, S., 2005. Tracking Anonymous PeertoPeer VoIP Calls on the Internet. Alexandra, Virginia, USA, ACM. 18. Zhangy, R. et al., 2009. On the Feasibility of Launching the Man-In-The-Middle Attacks on VoIP from Remote Attackers. Sydney, NSW, Australia, ACM. Read More