December 1999
From Security To QoS And Back Again
BY JIM MACHI
When the idea of transmitting voice over Internet protocol (VoIP) was still in its
infancy, security was a primary concern. Then quality of service (QoS) issues took over
and security took a back seat. But now that VoIP is going mainstream, corporations of all
sizes are looking for reassurance that they can keep their confidential data safe from
outside eyes. The good news is that there are security measures available in todays
marketplace that can protect voice and video communications over IP.
FANTASTIC BUT SCARY
With the same circuits potentially being used for data, voice, and video, both information
service officers and service providers were naturally skeptical of security risks in the
early days of VoIP.
A typical reaction went like this: Multimedia communication on a single network
infrastructure sounds fantastic but scary. Im not convinced were ready
to handle these new beasts on our existing local and interoffice networks. According
to one MIS officer, Were already paranoid about security with our existing
data infrastructure. We have firewalls to protect us. And user authentication has big
merits. If I have to allow just about anybody to call into my LAN for voice-over-IP calls,
it seems Im pretty much exposing my confidential data to the whole world!
Today, VoIP solutions have reached the viability threshold for user experience and
performance. This means more large and small companies are interested in deploying them.
Some companies are already using VoIP between international branch offices, mainly for
toll arbitrage. Others are contemplating deploying it within the next six to 12 months.
But with the high vulnerability to internal and external intrusion, security is a prime
concern for most enterprises.
WHAT IS SECURITY?
Today, security is back in the picture. Some companies are deploying security
measures from the get-go; others are waiting for the industry pundits to call the shots.
Most security deployments focus on WAN solutions, since using LANs for voice and video
still remains mostly an uncharted territory.
Security for communication over IP has four major components:
- Authentication.
- Integrity.
- Confidentiality.
- Non-repudiation.
Authentication determines access control and verifies terms of service. Integrity
protection ensures that the data is not tampered with before it reaches its destination.
Confidentiality protection is to avoid outsiders snooping or gaining unauthorized access
to information. It is also used to protect privacy. Non-repudiation ensures accountability
for billing and legal purposes. It also ensures that the person executing a transaction or
conversation cannot refute it.
WHY IS SECURITY IMPORTANT?
Should security be a big concern for voice or video deployments over IP? And how
do these components play into various voice and video deployments? To answer those
questions, its important to separate reality from perception.
Most security concerns stem from users experiences with existing data networks.
But there are important differences between real-time voice and video calls and the
standard, non-real-time data transmission and retrieval over IP differences that
automatically abate some of these fears. It is also important to understand the options
available in addressing some valid security concerns. And finally, as with any other
deployment, security needs to be evaluated in context of infrastructure, maintenance, and
other costs as well as balanced with QoS requirements.
WIDE-AREA NETWORKS
When it comes to WAN solutions, both sides have security stories to tell.
Next-gen telcos and ISPs seem to downplay the security risks of VoIP, citing the nature of
real-time communication. For example, it is far more difficult to reassemble and make
sense out of voice packets than it is with pure data packets. Also, while it is fairly
easy to analyze text messages using automated systems, it requires much more
sophistication to use automated systems to analyze and extract useful information from a
voice or video conversation. Also, it is difficult to identify the individuals involved in
the communication, further minimizing value of the intrusion. Finally, it is very
difficult to impact integrity of the voice packets. Since voice and video communication
are in real time, any tampering that garbles voice or makes reception uncomfortable by
introducing higher-than-usual latency probably results in the user terminating the call.
All these reasons may minimize security concerns, but they do not eliminate the
fundamental need for security. User access has increased to the signaling and voice
circuits of the PSTN with the advent of VoIP. Gateway access to the network can be
deployed virtually anywhere in the world. As the figure shows, the next generation network
consists of a central packet network surrounded by an assortment of agents, gateways, and
access points. Attacks could be directed to any of these elements in the network. This
makes security checkpoints essential in the network.
Integrity checking of the connection establishment is especially important,
according to John Kimmins, senior director of computer network security at Telcordia Technologies, Inc. (formerly Bellcore).
Manipulation of data or spoofing of voice conversation can be motivated by a variety
of reasons ranging from plain intent to harass somebody to impacting productivity of
specific individual or business, says Kimmins.
While secure tunneling protocols such as IPSec, currently in development by the
Internet Engineering Task Force (www.ietf.org, IETF), do help, they are mostly talked
about in the context of virtual private networks (VPNs). It remains to be seen how quickly
we can define and implement security protocols incorporating all four security components
in the public network for voice and video over IP.
LOCAL-AREA NETWORKS
The situation is slightly different for LAN solutions. First, assuming your
voice, video, and data communication share the same local network, you already have
firewalls that will prevent unauthorized users from calling into the corporate network.
Direct access through firewalls without proper authentication or protocols would
essentially open up confidential information to intruders.
Secondly, a communication over your LAN is at risk of internal hackers who have
identity information on the individuals involved in the conversation. For example, a
disgruntled employee might listen in on an executive conversation. This makes it important
to secure the conversation, not just to protect confidential information, but also to
protect privacy. According to the joint 1999 Computer Security Institute/Federal Bureau of
Investigation (CSI/FBI) report, 45 percent of all security crimes come from inside the
firewall. Also, between 1998 and 1999, the companies reported a 10 percent increase in
unauthorized information access by insiders.
Are there solutions to these problems? Yes, there are.
Detecting Intruders
Intrusions on managed and local networks can be detected by deploying network
monitoring software packages such as the one offered by Centrax. Software agents analyze network traffic
looking for packet-based threats such as denial-of-service attacks. Upon detecting a
misuse, the network agent can respond immediately by terminating the connection or
notifying administrators via on-screen alerts, e-mail, pager, or SNMP traps.
While these solutions are quite effective, they are reactive in nature. Therefore, they
are not enough by themselves. These solutions are best used for enforcing policies and
identifying intruders.
Independent Networks
To protect the corporate data running within the firewall, one option is to
separate networks for voice and video communication from data. Most enterprises can easily
discard this option, since it has a major downside: It essentially defeats the purpose of
having a single communication network for voice and data. Not only would this solution be
costly in terms of infrastructure, maintenance, and support (as it is today with separate
networks for voice and data), it would also restrict the users application benefits
from the phone-to-PC interface.
Encryption
Another security option is to use standard data and network security techniques
such as authentication and encryption. Authentication ensures the user has access rights.
Since an incoming call can originate from anywhere in the world, authentication may only
minimally apply to voice and video communication. On the other hand, encryption offers a
very attractive solution.
Encryption involves keys or certificates used to encrypt or
decrypt data. Public and private keys are used to allow one-to-many and many-to-one
communication. For example, the public key of an individual user can be used by anybody to
encrypt the data. This data can be decrypted only by the private key of the intended
recipient. A good resource for evaluating encryption software is www.interhack.net/people/cmcurtin/snake-oil-faq.pdf.
Encryption prevents unauthorized access and tampering with data integrity, from both
internal and external intruders. The biggest concern is the impact of encryption on
latency and QoS for real-time voice communication. This problem is magnified by
compression algorithms when low-bit-rate coders such as G.723.1 and G.729a are used (as
opposed to G.711). Most enterprises that have deployed a VoIP solution advise coupling
encryption with G.711 as todays most appropriate solution. Even with G.711, these
enterprises enjoy significant cost savings of 40 to 50 percent, mainly from toll
arbitrage, with near-toll-quality calls. Latencies are similar to their PSTN wide-area
networks.
Using low-bit-rate coders with encryption can create unacceptable latency. However,
this restriction may fade away as encryption speeds increase with accelerated hardware and
software. Recent efforts include the announcement by Intel
Corporation of a family of adapters with a security chipset combining a fast Ethernet
controller and network encryption co-processor. The cryptographic acceleration is further
enhanced by I/O processors such as i960. The family of security products will support
IPSec. Microsoft and Intel are working together to
provide hardware acceleration for IPSec with Windows 2000.
Encryption is a good start. However, it still does not solve the problem of access
through the firewall.
Firewall Access
Cisco Systems, Trusted
Information Systems, Check Point Software, and
Intel have been working together to develop firewall products that support the H.323
communication standard. The intent is to allow audio and videophone calls through company
firewalls and over the Internet, while maintaining the data security of corporate
computing networks. Check Point Software has announced immediate support for H.323 with
its FireWall-1 software package. It remains to be seen how effective and secure these
products are.
THE BEAST IS NOT SO DEADLY
Most of todays security concerns come from experience with pure data communication
and do not apply to VoIP communications. For the concerns that do matter, solutions are
available in todays market. Security is really a matter of balancing the
companys sensitivity to security issues, applications, and QoS requirements and the
cost of infrastructure setup, maintenance, and support.
For example, typical large companies are highly sensitive to security issues and
therefore have stringent security policies. They also have existing security
infrastructure that they can leverage to provide security for VoIP communication. These
companies may find it easy to justify deploying encryption with every IP voice and
videophone in the LAN.
On the other hand, small businesses may choose not to deploy encryption at all, mainly
to avoid infrastructure and support cost, to take advantage of greater savings on
bandwidth usage by using low-bit-rate coders. Or, these small companies may have policies
that allow minimal infrastructure to secure only the conversations of company executives.
The bottom line? Security is an issue for VoIP communication. But with a few good,
basic security measures, it shouldnt be a major issue.
Jim Machi is director of product marketing, Internet Telephony, for Dialogic
Corporation (an Intel company). Dialogic is a leading manufacturer of high-performance,
standards-based computer telephony components. Dialogic products are used in fax, data,
voice recognition, speech synthesis, and call center management CT applications. The
company is headquartered in Parsippany, New Jersey, with regional headquarters in Tokyo
and Brussels, and sales offices worldwide. For more information, visit the Dialogic Web
site at www.dialogic.com. |