Ensure successful VoWLAN: Understand security in VoIP networks

As VoIP and WLAN technologies converge, they enabling carriers to cost-effectively overcome quality of service (QoS) challenges relating to latency and differentiated flow priorities for real-time voice packets, opening the door to a wide range of new telephony applications. The tight coupling of these core technologies make possible reliable end-to-end Voice over WLAN (VoWLAN) deployments unrestrained by network type or physical location. Unfortunately, this also exposes VoIP connections to the myriad of security threats that are a natural part of the WAN.

No longer will all voice packets be carefully protected within the relatively safe confines of a closed network. Now many will have to brave the WAN wilderness entirely on their own, avoiding session hijacking, monitoring and eavesdropping, malicious service disruption or denial, and toll and identity fraud. To achieve this end, both voice packets and the associated transmission channel over which they travel must be secured with the fidelity and performance of the Public Switched Telephone Network (PSTN). The security dynamics of wired VoIP environments are further compounded when calls can be sniffed over the air in wireless deployments.

Security is a comprehensive notion that addresses--and balances--the fears and needs of subscribers and carriers by guaranteeing the reliability of network connections and thereby giving all parties concerned the confidence that every voice transmission is secure (See Figure 1). There are five key precepts that make security an essential requirement for the reliable deployment of VoIP:

• Reliability: Carriers can guarantee the safe passage of voice packets through the WAN by minimizing the effect of malicious attacks such as denial of service (DoS)
• Privacy: Subscribers must be ensured that their calls are protected against unauthorized snooping or monitoring. Privacy is required for both voice payloads (content) and signaling (i.e., records of calls)
• Integrity: Both subscribers and carriers are assured that transmissions have not been tampered with and that if they have, such alterations will be detected
• Authentication: Subscribers are guaranteed that their calls will reach the proper destination and carriers are guaranteed that subscribers are who they said they are and not rogue terminals attempting to gained unauthorized access
• Non-repudiation: Carriers have the assurance that subscribers cannot deny having used services, protecting a carrier's ability to bill and collect revenues

Figure 1. Security protects subscribers and carriers from malicious and unintentional interruption of service through a wide range of different mechanisms such as authentication and encryption.

Maintaining QoS
To successfully address each area of security, VoIP applications need to employ a minimum of five levels of different security mechanisms: configuration, signaling, voice packet, data packet, and packet filtering. Each of these mechanisms makes use of different security standards (See Figure 2) and may introduce substantial processing overhead to overall VoIP processing. Unless developers create an architecture that is designed from the ground up to support security, this overhead can create a critical system bottleneck that could be enough to undermine the viability of a VoIP implementation.

Figure 1. VoMAN applications typically need to employ a minimum of four levels of security including configuration, signaling, voice, data, and filtering. If wireless technology is in use, a fifth level of security is required to secure the wireless connection.

For example, consider the effect of performance on the timely delivery of voice packets. The industry is aiming for less than 30 ms of delay in every intermediate node of the network in an attempt to achieve no more than 150 ms of latency for a complete end-to-end call. Long call delay can cause significant voice quality degradation and lead to unsatisfied subscribers. Additionally, variable processing delay for security tasks increases jitter and packet loss, which have a direct effect on Mean Opinion Scores (MOS) and quickly reduce voice quality below "toll grade." Without an efficient security implementation, increases in performance overhead and latency will have just such a direct impact on call quality.

The same applies to the time it takes to establish a network connection, as VoIP security measures can erode performance to the point of jeopardizing overall call QoS. During call setup, significant delays can be caused by key generation and message exchanges during authentication and key exchange. Consider that AES key generation and exchange can take up to 500 ms, which exceeds acceptable limits for a real-time VoIP application. Even more difficult to work around is the 2 to 10 seconds that is often required to establish a security association when using IPSec in software-based implementations. If wireless nodes are involved, overall delay can be increased by an additional 3 seconds or more to account for wireless security measures.

It is important to realize that the latency introduced by these mechanisms can be additive, meaning that they compound on top of each other. For example, a packet traveling over a wireless connection must first have its wireless protection resolved before data packet mechanisms and consequently voice packet security mechanisms can be addressed. Efforts, therefore, need to be made, both in node and infrastructure equipment, to accelerate the processing of security mechanisms and minimize processing time at all security levels in order to achieve the aggressive latency limits required to maintain acceptable MOS ratings.

Freeing up cycles

The five layers of VoIP security, while employing different standards, share many procedures and processes in common, including key generation, session configuration, key exchange, one- or two-way authentication, and encryption/decryption. In many cases, different standards share similar underlying mechanisms, making it possible for a single hardware accelerator to serve over a wide range of standards.