Defining VoIP

Explain what VoIP is and how it works.

Describe the general security problems associated with VoIP. Include enough of the underlying technology to explain why these problems occur.

Discuss which of these security problems would be of particular concern to the organisation.

Indicate which, if any, of these problems can be overcome by appropriate hardware, software or staff training solutions, and what these solution are.

Include in your discussions any on-going developments in technologies, in particular IpV6, and whether this may have any influence on the organisation’s decision.

VoIP stands for Voice over Internet Protocol. It is basically a technological innovation that offers the option to carry out voice calls over the internet (preferably broadband service) instead of using the analog phone connectivity (Huang, Zhang and Tang, 2011).  There are some types of VoIP services that offer the option to call only those people using similar service. At the same time, there are also those types that allow the option to call their telephone number. In the latter case, VoIP services need not have to be present at the recipient’s end.  There are some VoIP services that work perfectly fine with traditional telephone devices. Only a simple VoIP adapter needs to be connected to the telephone device to make and receive calls over the internet (Brasch, 2011). However, there are also those VoIP services that work only with special devices or through the computer.

VoIP Technology – The Working Process

The VoIP technology allows the voice to get communicated through a certain set of internet protocols. These protocols are commonly referred to as VoIP or Voice over Internet Protocols. The concept is different for voice transmission carried out through traditional telephony networks where Circuit Switching is widely used. In case of Circuit Switching, the entire set of resources is perfectly reserved for the total call duration along the communication channel (Ibrahim and Abdulghani, 2012).

Speaking about VoIP technology, the concept of packet switching is used where information is transferred digitally in the form of packets. These packets are well versed about their destination point and they tend to arrive through different paths.

When one plans to implement the VoIP technology, there would be requirement for a series of protocols with the ability to signal correctly for call establishment. These protocols should be able to carry out real time voice transport through and across the network. Additionally, it should have the ability to carry out QOS aware routing and network management as well resource reservation and billing (Nunn, McGuire and Crowe, 2010). The responsibilities are many; the situation can be tricky. But then, with tremendous technological advancement, even the hardest of problems can be cracked down into pieces.

VoIP Technology – The Working Process

3 Ways to Enjoy VoIP Services

PC to PC – The easiest of all, this process allows the users to enjoy long distance calling facility, totally free of cost. Both the receiver and caller needs to have fully functioning computer, active broadband connection, microphone or headset, and some kind of free or low cost VoIP calling software installed in both the devices (Nunn, McGuire and Crowe, 2011).

IP Phones – These are specialized phones that come with RJ-45 Ethernet connector along with the necessary hardware along with pre-installed software to carry out IP calling. These phones connect directly through the router or via Wi-Fi for internet connectivity.

ATA – Analogue Telephone Adapter is another method of enjoying VoIP calling facility. ATA is basically a device to connect the telephone to the internet connection. ATA converts the analogue data into digital format.

Image 1: The basic working process for VoIP (source: Soomro and Asfandyar, 2010)

With VoIP technology becoming more widespread and popular by the day, the concern for security issues is starting to cover the mind. Remember, VoIP functions through the concept of internet. Protecting the data over the digital network is an area of concern ever since the internet has established its base. Voice phishing, spam attack, service denial, or privacy issues are serious areas of concern for anyone who would try to communicate via the internet (Park, 2010). The major point of concern primarily occurs due to the fact that every voice network service available presently follows the IP route. Well, no harm in taking this route; but, what makes scenarios worsen is the fact that not a single IP protocol that sends voice traffic works in a flawless manner. Not a single internet protocol for voice transmission purpose is flawless.

Internet environment would face hostility against VoIP deployments. There are strong logics to prove the part. The entire internet network is open (read, prone) to sniffing and spoofing. More importantly, the sources for such attacks are mostly untraceable. The preventive measures are not sufficient enough that can be claimed as SAFEST. Also, there lies the vulnerability in devices’ security measures communicating through the virtual network that makes the situation more difficult to handle. Naturally, VoIP based communication devices remains sources for security breaches (Politis, Hilas and Papatsoris, 2014).

Almost, if not all, every information material passed through VoIP network is unencrypted. This opens the chances for anyone with access to that network to get hold to the information. Eavesdropping is highly possible in such scenarios. Conversation passing through vulnerable VoIP network would allow the eavesdropper to easily tap the conversation audio and decode the signaling messages (Soomro and Asfandyar, 2010).

3 Ways to Enjoy VoIP Services

There are lots of Packet Capturing tools available through the internet. Eavesdroppers use these tools to capture voice traffic occurring through unsecured VoIP network. The captured file can be saved in .wav format for future hearing purpose.

Image 2: The eavesdropping scenario through Man in the Middle attack (source: Whitlock, 2011)

The above image represents Man in the Middle Attack scenario. In this kind of a scenario, one may end up having conversation with a fraudster instead of the actual business official or client. Highly classified information gets leaked and there’s nothing that one can do. One might think that the information was provided to the actual concerned person, but it ended up being acquired by some organized crime syndicate (Voice over Internet Protocol (VoIP) Based IP PBX System Design, 2016).

It is quite possible for the attacker to make the VoIP server overcrowded with inauthentic packets. These are primarily spam contents that would flood the server while making its services temporarily unavailable to the actual users (Whitlock, 2011).

The end result: it becomes practically impossible to receive or send calls. How could it be when the SIP server gets flooded with so much spam content?

Ways to secure the VoIP communication process

• Authorization

• Authentication
• Transport Layer Security (TLS)
• Media encryption (SRTP)

There are primarily three kind of VoIP traffic:

• Call signaling
• Call controlling
• Media communication

The communication process can either be single channel or multiple channels. It all depends upon the different VoIP policies and protocols being incorporated for the process. However, the connection type followed between two networks is usually TCP/UDP. These connections need to be properly authenticated and encrypted to ensure maximum level of protection (Yang and Pitts, 2010).

With certain types of VoIP call signaling and call control can be secured by implementing some form of Authorization, Authentication or Transport Layer Security (TLS/SSL) mechanism. It is possible to secure the VoIP based call controlling and call signaling communication process through certain layers of authorization and authentication security measures. Necessary mechanisms of TLS/SSL are also used for additional security measure (Huang, Zhang and Tang, 2011).

Earlier, VoIP data transmission used to be carried out through IPV4. However, researchers have found out that IPV4 is vulnerable to several security threats, most notably Phishing and Denial of Access. The introduction of IPV6 has changed the scenario and has created a tremendous positive impact on the VoIP communication process.

IPv6 uses 128-bit addresses that promise higher scalability along with additional security measures. It introduces certain effective security procedures like host identification and scanning to make the scenario more challenging for the attackers (Ibrahim and Abdulghani, 2012).  Be it the overall performance or data integrity and security, IPV6 promises to deliver the best services with suitable designing, set-up, and implementation.

IPv6 offers the option to run End-to-End encryption process.  Every VPN available presently that follows the IPV6 route comes with strict encryption along with detailed integrity-checking mechanism. In fact, these components are available for every IPV6 based connections. It should be noted that

• IPv6 comes with SEND (Secure Neighbor Discovery) protocol that ensures highly secured Name resolutions.
• SEND protocol has the ability to identify the host as it claims to be through specially secured cryptographic confirmation.
• This makes it difficult for different naming attacks like ARP Poisoning to grab hold of the VoIP traffic (Nunn, McGuire and Crowe, 2010).

References

Brasch, N. (2011). The Internet. Mankato, Minn.: Smart Apple Media.

Huang, Y., Zhang, Y. and Tang, S. (2011). Detection of covert voice-over Internet protocol communications using sliding window-based steganalysis. IET Communications, 5(7), pp.929-936.

Ibrahim, Q. and Abdulghani, N. (2012). Security enhancement of voice over Internet protocol using speaker recognition technique. IET Commun., 6(6), p.604.

Nunn, L., McGuire, B. and Crowe, B. (2010). Voice-Over-Internet Protocol (VOIP) Cost Efficiencies And The Decision To Implement. RBIS, 14(1).

Nunn, L., McGuire, B. and Crowe, B. (2011). Measuring The Benefits Of Voice-Over-Internet Protocol (VOIP). RBIS, 13(4).

Park, N. (2010). Adoption and Use of Computer-Based Voice Over Internet Protocol Phone Service: Toward an Integrated Model. Journal of Communication, 60(1), pp.40-72.

Politis, A., Hilas, C. and Papatsoris, A. (2014). Optimising no acknowledgment policy on WLANs supporting voice over internet protocol. Electronics Letters, 50(1), pp.51-52.

Soomro, T. and Asfandyar, D. (2010). Voice over Internet Protocol (VoIP): UAE Perspective. Asian J. of Information Technology, 9(3), pp.170-178.

Voice over Internet Protocol (VoIP) Based IP PBX System Design. (2016). IJSR, 5(2), pp.1380-1385.

Whitlock, M. (2011). Voice Over Internet Protocol (VoIP) And One University Application. RBIS, 9(4), p.1.

Yang, Q. and Pitts, J. (2010). Scalable voice over Internet protocol service-level agreement guarantees in converged transmission control protocol/Internet protocol networks. IET Commun., 4(8), p.1026.