VoIP security: Scenarios, challenges, and counter measures--Part I

Security scenarios
VoIP reliability requirements are very stringent and approach 99.999% (5 minutes of downtime a year). Clearly, this level of reliability calls for automated real time response to security threats and attacks. The types of attacks that are common in the data security realm and may render email or a computer network unusable for several hours are not acceptable when it comes to IP communication.

One of the things that makes VoIP so attractive is its promise of using existing data network infrastructure for voice communications. Unfortunately voice communications are exposed to all of the threats that exist for a traditional data network. VoIP is even more affected by these threats because of its stringent QoS (Quality of Service) requirements. The following section briefly explains the most common type of security threats that exist today for a VoIP service.

Eavesdropping
Eavesdropping is the intercepting of conversations by unintended recipients. Eavesdropping in VoIP requires intercepting the signal and associated media streams of a conversation. No one argues that an attacker cannot access and install a tap on a telephone pair outside your house. That action, however, requires more visibility and explicit laws prohibit eavesdropping. IP eavesdropping can be accomplished from the comfort of a laptop as long as the tools and expertise exist to carry out the attack successfully.

Ethereal, Ettercap, Vomit represent just some of the software available that is used for media capture. Using the software is as simple as capturing and decoding RTP packets, analyzing sessions and then saving the the captured voice as an audio file (.au). This is based on the fundamental that every header of an RTP packet contains information about the codec used to encode voice samples. The codec used is generally a standard one, which allows the software to decode the RTP packet, and thus the audio data. Thus, an entire conversation can be tapped.

"Spam over Internet telephony," or SPIT
SPIT is substantially more deadly than its email counterpart. Email spam will degrade service and clog up bandwidth. When emails are delayed by a few minutes, it does not make a difference. With VoIP spam, gateways are hit directly, degrading voice quality, which is very noticeable to end users.

VoIP is completely insecure at the protocol level; there is no encryption and authentication. This means that it is easy to hack a caller ID and claim to be whomever they want. This open nature of the VoIP phone call makes it easy for spammers to send audio-commercials to VoIP voice-mail inboxes in much the same way they bombard email inboxes today. Since VoIP services aren't regulated, customers are not entitled to the same rights and protections as standard phone users.

Any open, IP-based phone system could be a target of "spitters." Other services, such as Skype and Vonage are more immune to such attacks because portions of these networks operate over a closed system that the SPITters would have to hack. However any network architecture is vulnerable to hacker attack--Skype users were subjected to an unsolicited Voice Broadcast Message earlier in 2004. In response, the company quickly patched the loophole within a couple of days.

There is an upside of being able to broadcast to phones. Emergency management agencies are able to reach out and warn populations more easily than ever before--an important consideration in today's post-9/11 environment, and something that would be useful not only for national alerts but for such local ones as Amber alerts for missing children.