December 1999

From Security To QoS — And Back Again

BY JIM MACHI

When the idea of transmitting voice over Internet protocol (VoIP) was still in its infancy, security was a primary concern. Then quality of service (QoS) issues took over and security took a back seat. But now that VoIP is going mainstream, corporations of all sizes are looking for reassurance that they can keep their confidential data safe from outside eyes. The good news is that there are security measures available in today’s marketplace that can protect voice and video communications over IP.

FANTASTIC BUT SCARY
With the same circuits potentially being used for data, voice, and video, both information service officers and service providers were naturally skeptical of security risks in the early days of VoIP.

A typical reaction went like this: “Multimedia communication on a single network infrastructure sounds fantastic — but scary. I’m not convinced we’re ready to handle these new beasts on our existing local and interoffice networks.” According to one MIS officer, “We’re already paranoid about security with our existing data infrastructure. We have firewalls to protect us. And user authentication has big merits. If I have to allow just about anybody to call into my LAN for voice-over-IP calls, it seems I’m pretty much exposing my confidential data to the whole world!”

Today, VoIP solutions have reached the viability threshold for user experience and performance. This means more large and small companies are interested in deploying them. Some companies are already using VoIP between international branch offices, mainly for toll arbitrage. Others are contemplating deploying it within the next six to 12 months. But with the high vulnerability to internal and external intrusion, security is a prime concern for most enterprises.

WHAT IS SECURITY?
Today, security is back in the picture. Some companies are deploying security measures from the get-go; others are waiting for the industry pundits to call the shots. Most security deployments focus on WAN solutions, since using LANs for voice and video still remains mostly an uncharted territory.

Security for communication over IP has four major components:

• Authentication.
• Integrity.
• Confidentiality.
• Non-repudiation.

Authentication determines access control and verifies terms of service. Integrity protection ensures that the data is not tampered with before it reaches its destination. Confidentiality protection is to avoid outsiders snooping or gaining unauthorized access to information. It is also used to protect privacy. Non-repudiation ensures accountability for billing and legal purposes. It also ensures that the person executing a transaction or conversation cannot refute it.

WHY IS SECURITY IMPORTANT?
Should security be a big concern for voice or video deployments over IP? And how do these components play into various voice and video deployments? To answer those questions, it’s important to separate reality from perception.

Most security concerns stem from users’ experiences with existing data networks. But there are important differences between real-time voice and video calls and the standard, non-real-time data transmission and retrieval over IP — differences that automatically abate some of these fears. It is also important to understand the options available in addressing some valid security concerns. And finally, as with any other deployment, security needs to be evaluated in context of infrastructure, maintenance, and other costs — as well as balanced with QoS requirements.

WIDE-AREA NETWORKS
When it comes to WAN solutions, both sides have security stories to tell. Next-gen telcos and ISPs seem to downplay the security risks of VoIP, citing the nature of real-time communication. For example, it is far more difficult to reassemble and make sense out of voice packets than it is with pure data packets. Also, while it is fairly easy to analyze text messages using automated systems, it requires much more sophistication to use automated systems to analyze and extract useful information from a voice or video conversation. Also, it is difficult to identify the individuals involved in the communication, further minimizing value of the intrusion. Finally, it is very difficult to impact integrity of the voice packets. Since voice and video communication are in real time, any tampering that garbles voice or makes reception uncomfortable by introducing higher-than-usual latency probably results in the user terminating the call.

All these reasons may minimize security concerns, but they do not eliminate the fundamental need for security. User access has increased to the signaling and voice circuits of the PSTN with the advent of VoIP. Gateway access to the network can be deployed virtually anywhere in the world. As the figure shows, the next generation network consists of a central packet network surrounded by an assortment of agents, gateways, and access points. Attacks could be directed to any of these elements in the network. This makes security checkpoints essential in the network.

“Integrity checking of the connection establishment is especially important,” according to John Kimmins, senior director of computer network security at Telcordia Technologies, Inc. (formerly Bellcore). “Manipulation of data or spoofing of voice conversation can be motivated by a variety of reasons ranging from plain intent to harass somebody to impacting productivity of specific individual or business,” says Kimmins.

While secure tunneling protocols such as IPSec, currently in development by the Internet Engineering Task Force (www.ietf.org, IETF), do help, they are mostly talked about in the context of virtual private networks (VPNs). It remains to be seen how quickly we can define and implement security protocols incorporating all four security components in the public network for voice and video over IP.

LOCAL-AREA NETWORKS
The situation is slightly different for LAN solutions. First, assuming your voice, video, and data communication share the same local network, you already have firewalls that will prevent unauthorized users from calling into the corporate network. Direct access through firewalls without proper authentication or protocols would essentially open up confidential information to intruders.

Secondly, a communication over your LAN is at risk of internal hackers who have identity information on the individuals involved in the conversation. For example, a disgruntled employee might listen in on an executive conversation. This makes it important to secure the conversation, not just to protect confidential information, but also to protect privacy. According to the joint 1999 Computer Security Institute/Federal Bureau of Investigation (CSI/FBI) report, 45 percent of all security crimes come from inside the firewall. Also, between 1998 and 1999, the companies reported a 10 percent increase in unauthorized information access by insiders.

Are there solutions to these problems? Yes, there are.

Detecting Intruders
Intrusions on managed and local networks can be detected by deploying network monitoring software packages such as the one offered by Centrax. Software agents analyze network traffic looking for packet-based threats such as denial-of-service attacks. Upon detecting a misuse, the network agent can respond immediately by terminating the connection or notifying administrators via on-screen alerts, e-mail, pager, or SNMP traps.

While these solutions are quite effective, they are reactive in nature. Therefore, they are not enough by themselves. These solutions are best used for enforcing policies and identifying intruders.

Independent Networks
To protect the corporate data running within the firewall, one option is to separate networks for voice and video communication from data. Most enterprises can easily discard this option, since it has a major downside: It essentially defeats the purpose of having a single communication network for voice and data. Not only would this solution be costly in terms of infrastructure, maintenance, and support (as it is today with separate networks for voice and data), it would also restrict the user’s application benefits from the phone-to-PC interface.

Encryption
Another security option is to use standard data and network security techniques such as authentication and encryption. Authentication ensures the user has access rights. Since an incoming call can originate from anywhere in the world, authentication may only minimally apply to voice and video communication. On the other hand, encryption offers a very attractive solution.

Encryption involves “keys” or “certificates” used to encrypt or decrypt data. Public and private keys are used to allow one-to-many and many-to-one communication. For example, the public key of an individual user can be used by anybody to encrypt the data. This data can be decrypted only by the private key of the intended recipient. A good resource for evaluating encryption software is www.interhack.net/people/cmcurtin/snake-oil-faq.pdf.

Encryption prevents unauthorized access and tampering with data integrity, from both internal and external intruders. The biggest concern is the impact of encryption on latency and QoS for real-time voice communication. This problem is magnified by compression algorithms when low-bit-rate coders such as G.723.1 and G.729a are used (as opposed to G.711). Most enterprises that have deployed a VoIP solution advise coupling encryption with G.711 as today’s most appropriate solution. Even with G.711, these enterprises enjoy significant cost savings of 40 to 50 percent, mainly from toll arbitrage, with near-toll-quality calls. Latencies are similar to their PSTN wide-area networks.

Using low-bit-rate coders with encryption can create unacceptable latency. However, this restriction may fade away as encryption speeds increase with accelerated hardware and software. Recent efforts include the announcement by Intel Corporation of a family of adapters with a security chipset combining a fast Ethernet controller and network encryption co-processor. The cryptographic acceleration is further enhanced by I/O processors such as i960. The family of security products will support IPSec. Microsoft and Intel are working together to provide hardware acceleration for IPSec with Windows 2000.

Encryption is a good start. However, it still does not solve the problem of access through the firewall.

Firewall Access
Cisco Systems, Trusted Information Systems, Check Point Software, and Intel have been working together to develop firewall products that support the H.323 communication standard. The intent is to allow audio and videophone calls through company firewalls and over the Internet, while maintaining the data security of corporate computing networks. Check Point Software has announced immediate support for H.323 with its FireWall-1 software package. It remains to be seen how effective and secure these products are.

THE BEAST IS NOT SO DEADLY
Most of today’s security concerns come from experience with pure data communication and do not apply to VoIP communications. For the concerns that do matter, solutions are available in today’s market. Security is really a matter of balancing the company’s sensitivity to security issues, applications, and QoS requirements and the cost of infrastructure setup, maintenance, and support.

For example, typical large companies are highly sensitive to security issues and therefore have stringent security policies. They also have existing security infrastructure that they can leverage to provide security for VoIP communication. These companies may find it easy to justify deploying encryption with every IP voice and videophone in the LAN.

On the other hand, small businesses may choose not to deploy encryption at all, mainly to avoid infrastructure and support cost, to take advantage of greater savings on bandwidth usage by using low-bit-rate coders. Or, these small companies may have policies that allow minimal infrastructure to secure only the conversations of company executives.

The bottom line? Security is an issue for VoIP communication. But with a few good, basic security measures, it shouldn’t be a major issue. 

Jim Machi is director of product marketing, Internet Telephony, for Dialogic Corporation (an Intel company). Dialogic is a leading manufacturer of high-performance, standards-based computer telephony components. Dialogic products are used in fax, data, voice recognition, speech synthesis, and call center management CT applications. The company is headquartered in Parsippany, New Jersey, with regional headquarters in Tokyo and Brussels, and sales offices worldwide. For more information, visit the Dialogic Web site at www.dialogic.com.