4. VoIP (Voice Over Internet Protocol) is
considered to be the future replacement of
PSTN (Public Switched Digital Network), So
VoIP must be a reliable, secure and efficient to
critical and sensitive operations as in
emergency lines, business lines, police and
military lines.
So our goal is to Improve VoIP security by
analysing threats in VoIP system and find a
solution that manage us to block threads found
in RTP (Real-time Transport Protocol)
and make VoIP system to be more secure.
6. Type:
Qualitative
Approach:
Case study; we evaluate the enhancements in
security for different cases of attacks.
Methods:
Task observation
Test different security mechanisms to enhance the
security level.
Test different attack scenarios that may cause
DOS (Denial of Service).
7. Many attackers aim to make the VoIP service
down they may target the backdoors of the
(RTP) to make (DoS) attacks on it.
So we need fully encrypted (RTP) packets as
what is done in (SRTP).
Since most of these solutions require far more
advanced and expensive equipment and
infrastructure to be available to all users of
VoIP and that can't be the case we require to
make VoIP available alternative for (PSTN).
8. Chapter One: Introduction to VoIP (Voice over
Internet Protocol).
Chapter Two: Hands on Encryption in Different
Systems.
Chapter Three: Overview of (AES) Advanced
Encryption Standard.
Chapter Four: Threats and Attacks on VoIP.
Chapter Five: VoIP Requirements and Protocols
Architecture.
Chapter Six: Recent Trends In VoIP Security.
Chapter Seven: Proposed Model.
Chapter Eight : Conclusion and Future Work.
9. The control messages over (RTCP) and the stream
over (RTP) are sent over two different sockets. So
the delay due to the encryption of any of the
control messages will not affect the speed of the
stream.
The Reception Reports may be strongly
authenticated by encrypting the (SSRC) in the
Reception Report by the private key of the sender.
The rate of sending reception reports insures an
interval between packets so that an encryption of
the reception reports is possible in this interval.
10. VoIP is a technology for transmitting and
managing voice information over Internet
Protocol. Instead of traditional analog
telephone, the phone calls can be placed with
for example Windows PC, and IP network.
VoIP Takes analogue audio signals and turns
them into digital signals, or packets.
VoIP is the process of transferring the voice
into data then is carried over the Internet by
Packet Switching technology.
11. In addition, wireless in locations such as
airports, parks and cafes allow you to connect
to the Internet and may enable you to use VoIP
service wirelessly.
12. Answering
SIP UA
Conne
ct
Call Control
Logic
Conne
ct
Originating
SIP UA
RTP / RTCP
SIP
SIP
The process of creating a session between two VoIP
parties. They start with signaling protocol Session Initiation
Protocol (SIP) then they open Real-time Transport Protocol
(RTP) session to start streaming .
13. VoIP provides worldwide voice network through
already exists networks so it provides wide area calls.
VoIP provides advanced features like video calls
and video conference.
VoIP is digital technology so it is more secure
than analogue systems.
VoIP is cheap enough to open new segments such
as small business, home users, students especially
in Long distance costs.
VoIP Support for an optional Bluetooth phone,
Ethernet or Wi-Fi LAN.
14. Internet Protocol (IP)
IP is a routing protocol for the passing of data
packets.
Real Time Transport Protocol (RTP)
RTP is used to exchange media information
such as voice or video and provide end-to-end
delivery services.
Transmission Control Protocol (TCP)
TCP resides at layer four (transport layer) and
its function is to ensures that all packets are
delivered to the destination and at the correct
order.
15. User Datagram Protocol (UDP)
UDP is a simpler protocol that confirm where a
packet is sent and a response is received.
RTP Control Protocol (RTCP)
RTCP is used to control of aspects of RTP
sessions.
An application may use this aspects to control
quality of service parameters, perhaps by
limiting flow, or using a different codec.
16. Confidentiality
Data confidentiality which relates to the data being
kept safe and only disclosed to authorized parties
that can access the information.
Availability
The system being available for use when needed
such systems as critical systems (Financial,
Banking , Police records , military records) have to
remain available for use at all time.
Integrity
The integrity of data comes from the data being
modified or destroyed by the appropriate personnel
only.
17. Denial of Service (DoS)
A DoS attack is characterized by an attempt
by attackers to prevent actual users of a
service from using that service.
Attacks occur when a malicious user sends an
extremely large amount of random messages
to one or more VoIP end-points.
18. Symmetric Encryption
Data can be encrypted using a private (Secret)
key, both the sender and the receiver must
know and use the same private key.
Asymmetric encryption
It is an encryption type that uses two keys, One
key is said (Public) key of someone and the
other key is (Private) key which derived from
the public key.
This process occurs every session that is take
a long time so a delay in transfer packets
occurs.
19. Since a symmetric encryption uses one public
key and no message delay occurs it is our
choice encryption algorithm to apply with a
VoIP.
Types of Symmetric Encryption
Data Encryption Standard (DES)
DES applies a (56-Bit) key to each (64-Bit) block
of data. The process can run in several modes
and involves (16-Rounds) or operations.
Both the sender and the receiver must know
and use the same private key.
20. Triple DES(3-DES)
This method is the same process as DES but
instead of going for one single round of encryption
reapplied to the cipher-text for two extra times
making it a three times the power of ordinary DES.
The data is encrypted with the first key, decrypted
with the second key, and finally encrypted again
with the third key.
Triple DES runs three times slower than ordinary
DES, but it is much more secure if used properly.
21. Advanced Encryption Standard (AES)
AES algorithm is a symmetric block cipher that
can encrypt (encipher) and decrypt (decipher)
information.
AES algorithm used (128,192,256-bit) keys to
encrypt and decrypt (128-bit) block
of data.
AES algorithm is based on permutations and
substitutions.
Permutations are re-arrangements of data, and
substitutions replace one unit of data with
another.
22. Comparison of Cipher text and Plain Text Block
sizes of (DES),(3-DES), (AES)
DES
3-DES
AES
Plaintext block
size (bits)
64-bits
64-bits
Cipher text
Block size (bits)
64-bits
64-bits
128-bits
Key size
(bits)
56-bits
112 or 156
bits
128,192or256
bits
128-bits
23. Advantages of AES
AES provides more security due to larger block
size and longer keys, Where AES uses 128 bit
fixed block size and works with 128, 192 and
256 bit keys.
AES used in commercial applications
such as banking and financial transactions,
telecommunications, and private and Federal
information.
24. After studying of (VoIP), it is clearly that (VoIP)
is very important technology that is considered
to replace (PSTN).
VoIP system is still at this moment needs more
strong secure techniques.
After studying some of encryption algorithms
we found that (AES) encryption algorithm is the
best one.
25. (RTP) not encrypted.
Any Third-Party can be one of the members of
session easily and can make (DOS) to the
actual users.
Using suitable encryption algorithm (AES) can
encrypt the (SSRC) number and prevent any
attacker to reach the members of session.
AES was chosen for many reasons:
Suitable to work with VoIP
(AES) runs much faster than any other
encryption algorithms in both encryption and
decryption phases.
(AES) more secure due to working with
(128:192:256) bit-key.
26. For future updates another proposal can be made to
integrate all available security solutions into a crypto
package of our own or to add the (SSRC) encryption
module as software in VoIPsec package making a
more advanced security infrastructure for our future
VoIP systems.
Another Future reference is to implement (SSRC)
encryption in core of the (RTP) protocol itself and
provide it as a new replacement for the currently
available (RTP) protocol instead of the demanding
(SRTP) protocol currently used by high grade
security VoIP systems.