While high-profile VoIP security breaches and attacks are currently rare (or, at least, rarely reported), there is a strong focus on VoIP security of late. In fact, in the October 2006 issue of IMS Magazine, Seamus Hourihan, the Acme Packet (News - Alert) vice president of marketing and product management, authored a story that focused on the shortcomings of next generation architectures such as 3GPP IMS and ETSI TISPAN in addressing security. While standards groups define functional elements and interfaces designed to deliver interactive IP communications, they have yet to fully define the functions needed to protect the IMS core. Consequently, security is highly dependent upon the products you select and how you deploy them.
Encryption is an element that standards groups — 3GPP, ETSI and PacketCable — do address as part of their functional architectures. While encryption is a key part of any approach to building secure and trusted VoIP networks, it does not solve all problems. There are numerous threats and attack types that encryption does not mitigate or prevent. The threats are real and the solutions multitudinous and complex. Encryption should be viewed in the context of a greater and more comprehensive security framework.
The VoIP threats
Many articles have been written explaining the threats to VoIP, so they will be only briefly outlined here. The main attacks, presented in descending order of significance of impact to a service provider’s network, are:
Denial of Service (DoS) attacks: Malicious attacks designed to cripple a network element or an endpoint by overloading it with calls or service requests. In addition to purposeful attacks, non-malicious overloads (e.g., a registration flood after a power outage or increased call volumes due to American Idol televoting) can also cause increases in call signaling rates that exceed what the service provider infrastructure can support, resulting in network conditions that are similar in effect to DoS attacks.
Viruses and malware: Computer viruses, worms, Trojan horses and other malware can infect phones and softswitches and other IP communication devices—just as they can computers and servers—and degrade performance or completely disrupt service. As devices become more sophisticated with distinct operating systems, malware also serves as a way to subjugate devices and launch DoS attacks that piggy back on top of encrypted links.
Service fraud: Toll fraud, malicious intrusion or service theft may take the form of an unauthorized user gaining access to the VoIP network by mimicking an authorized user or seizing control of an IP phone and initiating outbound calls. Other options include bandwidth stealing or voice calls turned into video calls without authorization (or service provider compensation).
Identify theft: includes the uses of phishing and “man-in-the-middle” to acquire the identification information of a subscriber to gain unauthorized access to services and information.
Eavesdropping: The ability to listen in, record or redirect calls is possible in VoIP networks, just as it is with TDM calls. This is a concern not only because of personal privacy violations but also because sensitive information can be compromised and exploited.
Spam over Internet telephony (SPIT): the delivery of unsolicited calls or voicemails could inundate networks, annoy subscribers and diminish the usefulness of VoIP networks.
What Encryption Addresses
Encryption is a necessary part of any security solution, but it is not able to address all the threats outlined above. The four functions of encryption are:
1. Authentication: verifies identities of senders (via digital signatures or keys), which reduces theft of service as service providers can authorize only legitimate paying subscribers to use services
2. Non-repudiation: guarantees that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message; this can play a role in reducing service fraud
3. Integrity: ensures the message has not been altered during transmission which prevents tampering or modification and mitigates man-in-the-middle attacks
4. Confidentiality/privacy: ensures that information is accessible only to those authorized to have access (usually only sender and receiver) which ensures user privacy and mitigates ID theft
There are numerous encryption options for VoIP, including the widely known IP Security (IPsec), Transport Layer Security (TLS) and Secure Real- Time Transport Protocol (SRTP). However, there does not appear to be a clear answer from handset manufacturers, service providers and enterprises on which of the following options will prevail:
• SIP-TLS for signaling only
• SIP-TLS for signaling and SRTP for media
• IPsec for signaling and media
• IPsec for signaling and SRTP for media
• Proprietary schemes for signaling or media (e.g., Skype (News - Alert))
Each of these protocols has its own authentication options, encryption algorithms and key exchange mechanisms. Due to these differences, there are significant trade-offs associated with performance, scalability, interoperability and manageability between the protocols. For instance, IPsec is the more versatile, yet more CPU-intensive, of the encryption technologies as it allows for encryption of signaling only or a combination of signaling and media. Yet, IPsec’s reliance on IKE PKI for key exchange is very complex and is a challenge for scalability and manageability.
The use of encryption also begs two further questions: 1) what to encrypt: signaling or media or both and 2) where to encrypt? VoIP signaling is more important to encrypt as it provides a way to find specific conversations and the context of the conversation— the who, when and where of that conversation. Without context, media content is less useful, as it cannot be associated with specific called and calling parties, especially when a back-toback user agent (B2BUA) is employed at the service provider edge, making all media appear as if it is being terminated at a single point. Regarding where to use encryption, service providers should balance considerations of where the risk is the greatest with cost and performance. Risk can be assessed by looking at what networks are trusted and the nature of the communications. Encryption can be employed at the following locations:
• Endpoint to endpoint
• Endpoint within the LAN (wired or wireless) to the WAN boundary
• WAN boundary to service provider edge or to WAN boundary at another site
• Within the service provider’s own core network
• Interconnect border between service providers
For service providers, the most costeffective and least impactful in terms of network demands is letting the endpoints encrypt on both ends.
Limitations and drawbacks of encryption
What encryption does not do is authorize service usage, control access to or hide network elements, control flow of signaling messages or RTP packets, or inspect packets for malicious elements. Encryption alone does not prevent DoS attacks or network downtime and call quality degradation due to non-malicious overloads. Its role in providing an authentication architecture does play a critical part in initially validating legitimate users from fraudulent ones, but even valid callers can launch DoS attacks—either purposefully or via a compromised endpoint. A normal encryption framework assumes that once a device is authenticated, it is “behaving nicely,” which may not be the case for an infected or compromised device. Encryption does not monitor nor react to user and endpoint behavior.
Encryption is somewhat limited by the capabilities of the endpoints themselves. Endpoints can become infected and transmit viruses or malware through authenticated tunnels or, without proper acceleration, can be severely affected by the processing required to encrypt or generate keys.
In addition, service providers should consider the costs to performance, scale and capital budgets that are involved in employing encryption in their network. It’s not a free addition to the network and the complexity of encryption exacts its toll on network elements’ processors and their ability to service requests. Encryption within the network is best suited to be handled in hardware so as to scale to hundreds of thousands of sessions while not adding to the latency or degrading the call quality. Management of encryption key infrastructure can also be operationally burdensome and quite costly.
VoIP security requires a comprehensive approach
DoS attacks, one of the most significant threats to service provider networks, are not fully prevented by using encryption. A dynamic user trust model to fortify the initial authentication performed with encryption provides a greater degree of protection. To prevent both DoS attacks and non-malicious overloads, border devices with dynamic permit and deny lists based on trust binding with individual sessions could be used to protect the network against those attacks. The trust binding between the session and the network is based on the behavior of the endpoints. Complemented with hardware-based access control, policing and rate-limiting, these border devices are designed to allow service providers to prevent attacks from impacting their service core by detecting them at their network’s border. The border elements employed should be able to protect themselves from attack as well as the equipment in the VoIP or IMS core— equipment that’s delivering revenuegenerating service.
A thorough approach to security also involves having the network edge provide full topology hiding and a Layer-3 double-NAT mechanism, so that internal VoIP equipment addresses can be private or unadvertised outside of the service provider’s routing area, and thus become unreachable. This disintermediation of the network—hiding and separating the topology from peering partners and customers—is designed to make it more difficult to attack the service provider’s infrastructure and to use SPIT to target subscribers.
In developing a comprehensive security approach, service providers should consider other key issues, such as:
• The ability to differentiate between legitimate and malicious registration floods so as to quickly reconnect subscribers after a network event but prevent DoS attacks
• VPN separation to maintain security isolation between VPNs for corporate customers
• Anonymize all user information to protect subscriber confidentiality
• VoIP packet payload inspection and attachment stripping to thwart viruses and malware
• Monitor, report, and record security attacks, attacker info, and provide audit trails for investigation
Optimally, all these capabilities should be delivered at wire-speed and not add signaling or media latency or affect legitimate call quality. This requires purpose-built hardware designed for processing encryption as well as preventing DoS attacks.
Encryption is a key element of VoIP and is defined by a number of next-generation architectures. It plays an important role in preventing service fraud, ensuring user privacy and delivering an authentication method to differentiate legitimate customers from hackers. However, VoIP security designs should not stop there. Comprehensive VoIP security needs to address more than what encryption technologies such as IPSec, TLS or SRTP solve. There are threats that other technologies—such as access control lists, signaling rate limiting, topology hiding—are designed to thwart and stop. All of these security elements, together with hardware acceleration, should be considered when developing a security framework designed to allow a network to scale smoothly without affecting the quality of legitimate calls.
Kevin Mitchell is Director, Solutions Marketing at Acme Packet (news - alert) (http://www.acmepacket. com). He can be reached at firstname.lastname@example.org.