AN ANALYSIS OF VOICE OVER INTERNET PROTOCOL (VOIP) AND ITS SECURITY IMPLEMENTATION

Voice over Internet Protocol (VoIP) has been in existence for a number of years but only quite recently has it developed into mass adoption. As VoIP technology penetrates worldwide telecommunications markets, the advancements achieved in performance, cost reduction, and feature supportmake VoIP a convincingproposition for service providers, equipment manufacturers, and end users. Since the introduction of mass-market VoIP services over broadband Internet in 2004, security and safeguarding are becoming a more important obligation in VoIP solutions. The purpose of this final year project is to study and analyze VoIP and implement the security aspect using Secure Real-time Transport Protocol (SRTP) end-to-end media encryption in the Universiti Teknologi PETRONAS (UTP) laboratory. Extensive research, evaluation of case studies, literature reviews, network analysis, as well as testing and experimentation are the methods employed in achieving a secure and reliable VoIP network. With the given time frame and adequate resources, the study and analysis of VoIP and implementation of SRTP should prove to be very successful

Network Security - Is IP Telephony helping the cause?

The major players in the Public Branch Exchange (PBX) market are moving rapidly towards the implementation of IP Telephony. What will be the effect on network security overall? Will the push to IP Telephony damage the good work already devoted to security networks? As more doorways open up on our networks there is an increased chance we have opened another unseen vector for hackers and other malicious organisation or individuals to access the data stored on server and users workstations, corrupting that data or destroying it. Is it better from a security perspective to have IP telephony only between PBX equipment – a significant saving in itself or is it imperative that an organisation have IP telephony to the desktop? Is there any real difference, once IP Telephony is past the network boundary does it matter if it also appears at the desktop? What about the future with collaboration and unified collaboration? This paper will discuss a number of implementations and attempt to understand the pros and cons of each. No one solution is going to fit all networks but hopefully this paper will be able to increase our understanding of the dangers and therefore allow for the development of robust solutions

Secure VoIP Performance Measurement

This project presents a mechanism for instrumentation of secure VoIP calls. The experiments were run under different network conditions and security systems. VoIP services such as Google Talk, Express Talk and Skype were under test. The project allowed analysis of the voice quality of the VoIP services based on the Mean Opinion Score (MOS) values generated by Perceptual valuation of Speech Quality (PESQ). The quality of the audio streams produced were subjected to end-to-end delay, jitter, packet loss and extra processing in the networking hardware and end devices due to Internetworking Layer security or Transport Layer security implementations. The MOS values were mapped to Perceptual Evaluation of Speech Quality for wideband (PESQ-WB) scores. From these PESQ-WB scores, the graphs of the mean of 10 runs and box and whisker plots for each parameter were drawn. Analysis on the graphs was performed in order to deduce the quality of each VoIP service. The E-model was used to predict the network readiness and Common vulnerability Scoring System (CVSS) was used to predict the network vulnerabilities. The project also provided the mechanism to measure the throughput for each test case. The overall performance of each VoIP service was determined by PESQ-WB scores, CVSS scores and the throughput. The experiment demonstrated the relationship among VoIP performance, VoIP security and VoIP service type. The experiment also suggested that, when compared to an unsecure IPIP tunnel, Internetworking Layer security like IPSec ESP or Transport Layer security like OpenVPN TLS would improve a VoIP security by reducing the vulnerabilities of the media part of the VoIP signal. Morever, adding a security layer has little impact on the VoIP voice quality

AN ANALYSIS OF VOICE OVER INTERNET PROTOCOL (VOIP) AND ITS SECURITY IMPLEMENTATION

Voice over Internet Protocol (VoIP) has been in existence for a number of years but only quite recently has it developed into mass adoption. As VoIP technology penetrates worldwide telecommunications markets, the advancements achieved in performance, cost reduction, and feature supportmake VoIP a convincingproposition for service providers, equipment manufacturers, and end users. Since the introduction of mass-market VoIP services over broadband Internet in 2004, security and safeguarding are becoming a more important obligation in VoIP solutions. The purpose of this final year project is to study and analyze VoIP and implement the security aspect using Secure Real-time Transport Protocol (SRTP) end-to-end media encryption in the Universiti Teknologi PETRONAS (UTP) laboratory. Extensive research, evaluation of case studies, literature reviews, network analysis, as well as testing and experimentation are the methods employed in achieving a secure and reliable VoIP network. With the given time frame and adequate resources, the study and analysis of VoIP and implementation of SRTP should prove to be very successful

Media handling for conferencing in MANETs

Mobile Ad hoc NETworks (MANETs) are formed by devices set up temporarily to communicate without using a pre-existing network infrastructure. Devices in these networks are disparate in terms of resource capabilities (e.g. processing power, battery energy). Multihop Cellular Networks (MCNs) incorporate multihop mobile ad-hoc paradigms into 3G conventional single-hop cellular networks. Conferencing, an essential category of applications in MANETs and MCNs, includes popular applications such as audio/video conferencing. It is defined as an interactive multimedia service comprising online exchange of multimedia content among several users. Conferencing requires two sessions: a call signaling session and a media handling session. Call signaling is used to set up, modify, and tear down conference sessions. Media handling deals with aspects such as media transportation, media mixing, and transcoding. In this thesis, we are concerned with media handling for conferencing in MANETs and MCNs. We propose an architecture based on two overlay networks: one for mixing and one for control. The first overlay is composed of nodes acting as mixers. Each node in the network has a media connection with one mixer in the first overlay. A novel distributed mixing architecture that minimizes the number of mixers in end-to-end paths is proposed as an architectural solution for this first overlay. A sub-network of nodes, called controllers, composes the second overlay. Each controller controls a set of mixers, and collectively, they manage and control the two-overlay network. The management and control tasks are assured by a media signaling architecture based on an extended version of Megaco/H.L248. The two-overlay network is self-organizing, and thus automatically assigns users to mixers, controls mixers and controllers, and recovers the network from failures. We propose a novel self-organizing scheme that has three components: self-growing, self-shrinking and self-healing. Self-growing and self-shrinking use novel workload balancing schemes that make decisions to enable and disable mixers and controllers. The workload balancing schemes use resources efficiently by balancing the load among the nodes according to their capabilities. Self-healing detects failed nodes and recovers the network when failures of nodes with responsibilities (mixers and controllers) occur. Detection of failed nodes is based on a novel application-level failure detection architecture. A novel architecture for media handling in MCNs is proposed. We use mediator concepts to connect the media handling entities of a MANET with the media entities of a 3G cellular network. A media mediator assures signaling and media connectivity between the two networks and acts as a translator of the different media handling protocols

VeTo: reference manual

The SIP protocol is established as the defacto standard for media session signaling, in particular for voice-over IP services. Many research works and alert bulletins have reported various vulnerabilities in this protocol. These vulnerabilities are either inherent to the protocol specification or arise as flaws within SIP stack implementations or erroneous configurations. To protect SIP-based networks from the exploitation of such vulnerabilities, patches may be released for the implementation bugs, the SIP specification may be revisited to cover the specification errors and configuration guidelines can be issued to offer good configuration receipts to administrators. The time to patching and revisiting specification may be considerable. To overcome this problem, a first-line of defense against SIP vulnerabilities has to be developed. In a previous work, we have presented a stateful firewall architecture dedicated to SIP-based networks protection. The firewall runtime uses a domain specific language, called VeTo. Its design, syntax and semantics are described in this work.Le protocole SIP est aujourd'hui le standard de fait pour la signalisation des sessions multimédia á l'échelle de l'Internet. Plusieurs travaux ainsi que des bulletins d'alertes ont reporté l'existence des différentes vulnérabilités au niveau de ses implantations, de ses spécifications, de ses implémentations et de ses paramétrages. La protection du protocole SIP de l'exploitation de ces vulnérabilités nécessite l'application des patches au niveau de ses implantations á bien que la révision des ses spécifications et la publication de recettes de bonnes pratiques pour sa configuration. Ces actions prennent un temps considérable avant d'être menées. Afin de résoudre ces problémes, une première ligne de défense nécessite d'être mise en place. Dans un précédent travail, nous avons proposé une architecture de défense reposant sur un pare-feu dédié au protocole SIP. Ce pare-feu s'appuie sur un langage, nommé VeTo dédié á la spécification de régles de prévention contre les vulnérabilités présentes dans le protocole SIP. Ce rapport détaille la syntaxe, la sémantique et son infrastructure support

Voice and Video Capacity of a Secure Wireless System

Improving the security and availability of secure wireless multimedia systems is the purpose of this thesis. Specifically, this thesis answered research questions about the capacity of wireless multimedia systems and how three variables relate to this capacity. The effects of securing the voice signal, real-time traffic originating foreign to a wireless local area network and use of an audio-only signal compared with a combined signal were all studied. The research questions were answered through a comprehensive literature review in addition to an experiment which had thirty-six subjects using a secure wireless multimedia system which was developed as part of this thesis effort. Additionally, questions related to the techniques for deploying wireless multimedia system including the maturity and security of the technology were answered. The research identified weaknesses in existing analytical and computer models and the need for a concise and realistic model of wireless multimedia systems. The culmination of this effort was the integration of an audio-video system with an existing research platform which is actively collecting data for the Logistics Readiness Branch of the Air Force Research Laboratory

Subjective Audio Quality over a Secure IEEE 802.11n Draft 2.0 Wireless Local Area Network

This thesis investigates the quality of audio generated by a G.711 codec and transmission over an IEEE 802.11n draft 2.0 wireless local area network (WLAN). Decline in audio quality due to additional calls or by securing the WLAN with transport mode Internet Protocol Security (IPsec) is quantified. Audio quality over an IEEE 802.11n draft 2.0 WLAN is also compared to that of IEEE 802.11b and IEEE 802.11g WLANs under the same conditions. Audio quality is evaluated by following International Telecommunication Union Telecommunication Standardization Sector (ITU-T) Recommendation P.800, where human subjects rate audio clips recorded during various WLAN configurations. The Mean Opinion Score (MOS) is calculated as the average audio quality score given for each WLAN configuration. An 85% confidence interval is calculated for each MOS. Results suggest that audio quality over an IEEE 802.11n draft 2.0 WLAN is not higher than over an IEEE 802.11b WLAN when up to 10 simultaneous G.711 calls occur. A linear regression of the subjective scores also suggest that an IEEE 802.11n draft 2.0 WLAN can sustain an MOS greater than 3.0 (fair quality) for up to 75 simultaneous G.711 calls secured with WPA2, or up to 40 calls secured with both WPA2 and transport mode IPsec. The data strongly suggest that toll quality audio (MOS ≥ 4.0) is not currently practical over IEEE 802.11 WLANs secured with WPA2, even with the G.711 codec

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200