|
Access:
» Voice over IP security - SIP and RTP protocolsRelated categories: Networks | Security | Networks | VoIP Tobias Glemser, Reto LorenzViewed: 10284 | Article date: 2006-03-24 12:18:54 We provide a detailed overview of protocols used in Voice over IP (VoIP) transmissions, particularly of the SIP protocol. Then we take a look at seven most common, most effective and best-described methods of attacking VoIP, and how these methods can be applied in practice.
Voice Over IP (VoIP) is one of the hottest buzzwords in contemporary IT, even more so since the last CeBit in March 2005, and a new hope for both service providers and device manufacturers. Countries with good network infrastructure typically have several offers of VoIP bundles, consisting of a hardware router with VoIP functionality and attractive pricing for both Internet access and telephony. VoIP is set to displace stationary telephony solutions sooner or later, but serious security issues tend to go unnoticed in all the hype.
About the authorsBoth authors work as IT security consultants. Tobias Glemser has been an employee of Tele-Consulting GmbH, Germany for over 4 years, while Reto Lorenz is one of the company's executives (http://www.tele-consulting.com).
What you will learn...
What you should know...
Today, VoIP technology is a common component of broadband Internet access offers, with free calls between VoIP users within the same provider and cheap all-inclusive offers for interfacing to classic telephony systems serving to spur the popularity of this technology. What's more, it is not only the SOHO (Small Office Home Office) users who are embracing VoIP - larger companies also increasingly recognising the technology's potential for communications infrastructure consolidation. They can now connect branch offices with one fibre-optic cable and use it to transmit both voice and data. Employees can always be reached at the same phone numbers, regardless of where they physically are, while the dual use of network infrastructure sharply cuts the costs of purchasing, installing and maintaining active and passive network components. As usual, problems only appear after a system has been bought and deployed, as manufacturers are not too forthcoming in this matter, preferring to push their brilliant migration strategies and overvalued services instead. One of these shortcomings received a lot of media attention recently, when a thirteen year old girl died because the US emergency call number (911) had not been routed in the VoIP network her mother used. In most countries, legal regulations concerning the routing of emergency calls in VoIP networks simply don't exist yet, with the issue only being discussed since quite recently. Besides organisational deficiencies, several attacks against the VoIP technical infrastructure exist. Before approaching them, we'll need to understand the basics of SIP (Session Initiation Protocol) security. We will stick to SIP, as current trends clearly indicate a migration away from H.323 and towards SIP. The purpose of this article is not to introduce SIP itself (see Frame SIP - Simply bare necessities for some background information), but rather to see how attacks against VoIP can be conducted and what can be done to guard against them. The attacks described here target a typical VoIP environment which uses SIP as the signalling protocol, and are based on commonly used methods, as implementation-specific attack methods are beyond the scope of this article.
SIP - Simply bare necessitiesSIP packets contain initial call setup parameters. All other parameters - such as RTP connection attributes - are sent using the Session Description Protocol (SDP), which is embedded into SIP messages as the message body. SIP packets can be divided into request and response packets. Messages are encoded using the UTF-8 standard, so they are directly readable if no other security measures are employed. SIP messages are very similar to HTTP - Table 1 shows the required header request fields. A glance at the protocol elements reveals that the protocol definitions actually provide contextual communication, even if data is sent using a stateless transport protocol such as UDP. Now we know the basic SIP components, let's have a look at the literal request strings (see Table 2), corresponding to several different request methods. SIP can be enhanced with new request methods, so will only be referring to the basic ones (see the relevant RFCs for specifications of other methods). The request methods and their related request strings indicate that several types of attacks can be conducted (a discussion of other response classes and their uses is beyond the scope of this article). Messages are integrated into the communication context. The latter may contain two types of components: dialogues and transactions, with each dialogue potentially including multiple transactions. For example, any VoIP call is an SIP dialogue consisting of the INVITE, ACK and BYE transactions. User agents must be capable of storing dialogue status for an extended period in order to generate messages with the correct parameters. The use of dialogues means that there are several other connection parameters besides Call-ID - two of these are tag and branch. It must be noted that the correspondence between context-specific values and user-agent behaviour is not as clear-cut as other SIP definitions, which is one reason for the existence of buggy, unreliable and insecure implementations. After a call is successfully switched through an SIP proxy, the actual voice communication proceeds using RTP. Using the exchanged codes, voice messages are transferred between the communicating parties (provided direct IP communication is possible), and the SIP proxy is only needed for call release.
|
 
     
|
|||||||||||||||||
SDJ Users: 
hakin9 StarterKit IT Practical Solutions for Newbies
Copyright C 2006 by Software Developer's Journal. All rights reserved.