Voice over IP Security

• Copyright 2009
• Edition: 1st

• Book
• ISBN-10: 1-58705-469-8
• ISBN-13: 978-1-58705-469-3

Voice over IP Security

Security best practices derived from deep analysis of the latest VoIP network threats

Patrick Park

VoIP security issues are becoming increasingly serious because voice networks and services cannot be protected from recent intelligent attacks and fraud by traditional systems such as firewalls and NAT alone. After analyzing threats and recent patterns of attacks and fraud, consideration needs to be given to the redesign of secure VoIP architectures with advanced protocols and intelligent products, such as Session Border Controller (SBC). Another type of security issue is how to implement lawful interception within complicated service architectures according to government requirements.

Voice over IP Security focuses on the analysis of current and future threats, the evaluation of security products, the methodologies of protection, and best practices for architecture design and service deployment. This book not only covers technology concepts and issues, but also provides detailed design solutions featuring current products and protocols so that you can deploy a secure VoIP service in the real world with confidence.

Voice over IP Security gives you everything you need to understand the latest security threats and design solutions to protect your VoIP network from fraud and security incidents.

Patrick Park has been working on product design, network architecture design, testing, and consulting for more than 10 years. Currently Patrick works for Cisco® as a VoIP test engineer focusing on security and interoperability testing of rich media collaboration gateways. Before Patrick joined Cisco, he worked for Covad Communications as a VoIP security engineer focusing on the design and deployment of secure network architectures and lawful interception (CALEA). Patrick graduated from the Pusan National University in South Korea, where he majored in computer engineering.

Understand the current and emerging threats to VoIP networks

Learn about the security profiles of VoIP protocols, including SIP, H.323, and MGCP

Evaluate well-known cryptographic algorithms such as DES, 3DES, AES, RAS, digital signature (DSA), and hash function (MD5, SHA, HMAC)

Analyze and simulate threats with negative testing tools

Secure VoIP services with SIP and other supplementary protocols

Eliminate security issues on the VoIP network border by deploying an SBC

Configure enterprise devices, including firewalls, Cisco Unified Communications Manager, Cisco Unified Communications Manager Express, IP phones, and multilayer switches to secure VoIP network traffic

Implement lawful interception into VoIP service environments

This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged

networks, and implement network

solutions for increased productivity.

Category: Networking—IP Communication

Covers: VoIP Security

Online Sample Chapter

VoIP Threat Taxonomy

Sample Pages

Download the sample pages

Table of Contents

Introduction

Part I: VoIP Security Fundamentals 3

Chapter 1: Working with VoIP 5

    VoIP Benefits 6

    VoIP Disadvantages 8

    Sources of Vulnerability 10

        IP-Based Network Infrastructure 10

        Open or Public Networks 11

        Open VoIP Protocol 11

        Exposed Interface 11

        Real-Time Communications 11

        Mobility 11

        Lack of Security Features and Devices 11

        Voice and Data Integration 12

    Vulnerable Components 12

    Myths Versus Reality 14

        Legacy Versus VoIP Systems 14

        Protecting Networks Using Strict Authentication and Encryption 14

        Protecting Networks Using a Data Security Infrastructure 15

    Summary 15

    End Notes 16

    References 16

Chapter 2: VoIP Threat Taxonomy 19

    Threats Against Availability 20

        Call Flooding 20

        Malformed Messages (Protocol Fuzzing) 22

        Spoofed Messages 24

            Call Teardown 25

            Toll Fraud 26

        Call Hijacking 26

            Registration Hijacking 27

            Media Session Hijacking 27

            Server Impersonating 28

        QoS Abuse 29

    Threats Against Confidentiality 30

        Eavesdropping Media 30

        Call Pattern Tracking 32

        Data Mining 33

        Reconstruction 34

    Threats Against Integrity 34

        Message Alteration 35

            Call Rerouting 35

            Call Black Holing 36

        Media Alteration 37

            Media Injection 37

            Media Degrading 38

    Threats Against Social Context 38

        Misrepresentation 39

        Call Spam (SPIT) 39

        IM Spam (SPIM) 40

        Presence Spam (SPPP) 41

        Phishing 42

    Summary 43

    End Notes 44

    References 44

Chapter 3: Security Profiles in VoIP Protocols 47

    H.323 48

        Overview 48

            Components 49

            Basic Call Flow 50

    Security Profiles 52

            H.235 Annex D (Baseline Security) 54

            H.235 Annex E (Signature Security) 55

            H.235 Annex F (Hybrid Security) 56

    SIP 57

        Overview 58

            Components 58

            Basic Call Flow 60

            Session Setup Example 61

        Security Profiles 67

            Digest Authentication 68

            Identity Authentication 69

            Secure/Multipurpose Internet Mail Extensions (S/MIME) 70

            Secure RTP 71

            TLS 71

            IPSec 73

    MGCP 74

        Overview 74

            Basic Call Flow 75

        Security Profiles 75

    Summary 78

    End Notes 79

    References 80

Chapter 4: Cryptography 83

    Symmetric (Private) Key Cryptography 84

        DES 85

        3DES 87

        AES 89

            SubBytes 89

            ShiftRows 90

            MixColumns 91

            AddRoundKey 92

    Asymmetric (Public) Key Cryptography 92

        RSA 93

        Digital Signature 95

    Hashing 96

        Hash Function (MD5) 97

        SHA 98

        Message Authentication Code 99

            MAC Versus Digital Signature 100

    Key Management 100

        Key Distribution 101

    Summary 103

    End Notes 104

    References 104

Chapter 5: VoIP Network Elements 107

    Security Devices 108

        VoIP-Aware Firewall 108

        NAT 109

        Session Border Controller 113

        Lawful Interception Server 114

    Service Devices 116

        Customer Premise Equipment 116

        Call Processing Servers 117

            PAP Versus CHAP 119

            RADIUS Versus TACACS+ 120

    Summary 120

    End Notes 121

    References 122

Part II: VoIP Security Best Practices 125

Chapter 6: Analysis and Simulation of Current Threats 127

    Denial of Service 128

        Intentional Flooding 129

            Simulation 129

            Analysis 135

            Mitigation 137

        Unintentional Flooding 138

            Analysis 139

            Mitigation 141

    Malformed Messages 143

        Simulation 144

        Analysis 150

        Mitigation 154

    Sniffing/Eavesdropping 154

        Simulation 154

        Analysis 158

        Mitigation 161

    Spoofing/Identity Theft 162

        Simulation 162

            Prespoofing Scan 162

            Identity Theft 163

        Analysis 164

        Mitigation 165

    VoIP Spam 165

        Voice Spam 165

        IM Spam 167

        Presence Spam 167

        Mitigation 168

            Content Filtering 168

            Turing Test 168

            Reputation System 169

            Address Obfuscation 170

            Limited-Use Address 171

            Consent-Based Black/White List 171

    Summary 172

    End Notes 173

    References 173

Chapter 7: Protection with VoIP Protocol 175

    Authentication 175

        User-to-Proxy Authentication 176

        User-to-User Authentication 179

    Encryption 182

        Message Encryption (S/MIME) 183

            S/MIME Certificates 184

            S/MIME Key Exchange 185

            Formatting S/MIME Bodies 186

        Media Encryption 188

            Key Derivation 188

            SRTP Packet Processing 190

            SRTP Test 191

    Transport and Network Layer Security 193

        Transport Layer Security 194

        IPSec (Tunneling) 195

    Threat Model and Prevention 195

        Registration Hijacking 195

        Impersonating a Server 196

        Tearing Down Sessions 196

        Denial-of-Service and Amplification 197

    Limitations 198

        Digest Authentication Limitations 198

        S/MIME Limitations 198

        TLS Limitations 199

        SIPS URI Limitations 199

    Summary 200

    End Notes 200

    References 201

Chapter 8: Protection with Session Border Controller 203

    Border Issues 204

        Between Access and Core Networks 206

        Between Core and Peer Networks 207

    Access and Peer SBCs 208

    SBC Functionality 208

        Network Topology Hiding 208

        Example of Topology Hiding 209

        DoS Protection 213

            Policy-Driven Access Control 213

            Hardware Architecture 215

        Overload Prevention 216

            Registration Timer Control 217

            Ping Control 220

            Load Balancing 220

        NAT Traversal 222

        Lawful Interception 224

        Other Functions 226

            Protocol Conversion 226

            Transcoding 226

            Number Translation 227

            QoS Marking 228

    Service Architecture Design 228

        High Availability 229

            Active-Standby 230

            Active-Active 231

        Network Connectivity 232

        Service Policy Analysis 234

        Virtualization 237

        Optimization of Traffic Flow 239

            Deployment Location 239

            Media Control 240

    Summary 245

    End Notes 246

    References 246

Chapter 9: Protection with Enterprise Network Devices 249

    Firewall 249

        ASA and PIX Firewalls 251

            Routed Mode 251

            Transparent Mode 252

            TLS Proxy Feature 253

            Configuration Example 254

        FWSM Firewall 256

            Routed Mode 256

            Transparent Mode 256

            Configuration Example 257

        Limitations 258

    Unified Communications Manager Express 259

        Access Control 259

        Phone Registration Control 261

        Secure GUI Management 263

        Class of Restriction 264

        After-Hours Call Blocking 266

    Unified Communications Manager 267

        Security Features and Certificates 267

        Integrity and Authentication 269

            Image Authentication 270

            Device Authentication 270

            File Authentication 270

            Signaling Authentication 271

            Digest Authentication 271

            Authorization 272

        Encryption 273

            Signaling Encryption 273

            Media Encryption 274

            Configuration File Encryption 275

        Configuration Guideline 275

    Access Devices 277

        IP Phone 278

        Switch 278

            Mitigate MAC CAM Flooding 278

            Prevent Port Access 279

            Prevent Network Extensions 280

            Prevent Fraudulent DHCP Server 280

            Mitigate DHCP DoS Attacks 281

            Limit ARP Responses 282

            VLAN ACL 282

            Deployment Example 284

    Summary 286

    End Notes 287

    References 287

Part III: Lawful Interception (CALEA) 289

Chapter 10: Lawful Interception Fundamentals 291

    Definition and Background 292

    Requirements from Law Enforcement Agents 293

    Reference Model from an Architectural Perspective 294

        AF (Access Function) 295

        DF (Delivery Function) 295

        CF (Collection Function) 296

        SPAF (Service Provider Administration Function) 297

        LEAF (Law Enforcement Administration Function) 297

    Request and Response Interfaces 297

    Operational Considerations 300

        Detection by the Target Subscriber 300

        Address Information for Call Content Interception 301

        Content Encryption 302

        Unauthorized Creation and Detection 303

        Call Forwarding or Transfer 303

        Capacity 304

    Summary 304

    End Notes 305

Chapter 11: Lawful Interception Implementation 307

    Intercept Request Interface 308

        SIP P-DCS Header 309

            Intercept Process Flow for Outbound Call 310

            Intercept Process Flow for Inbound Call 311

        Cisco SII 313

            Device Interfaces 314

            Intercept Process Flow for Standard Call 316

            Intercept Process Flow for Forwarding Call 319

            Intercept Process Flow for Conference Call 322

            Predesign Considerations 325

            Security Considerations 326

            Configuration Example 327

    Call Data and Content Connection Interfaces 329

        Call Content Connection Interface 330

        Call Data Connection Interface 333

            CDC Messages 333

    Interface Between MD and LEA 339

    Summary 341

    End Notes 342

    References 342

Index 345

Submit Errata