VoIP Security: A layered approach

By | March 29, 2006

Integration of communication services into the IP network infrastructure, and the Internet especially, is natural course that was started long ago with e-mail, continued with instant messaging and now taken one-step further with integration of standard, classical services like telephony. Voice over IP – the transmission of voice over packet-switched IP networks – is one of the most important emerging trends in telecommunications.

Two factors have an important role in the growing popularity of Voice over IP networks: the cost savings factor, inherent to the migration from standard to Voice over IP networks, and the flexibility factor that allows new services and new applications to be added to standard telephony services (video transmission, conferences, etc). With 2005 declared as the Voice over IP (VoIP) year and with predictions of fairly large budgets attributed to VoIP projects in the near future, this technology seems set to replace classic, circuitbased telephony in the near future.

As with many new technologies, VoIP introduces new security risks and new opportunities for attack. Inheriting from both networks and telephony, VoIP is subject to security issues coming from both areas. Classical telephony security issues involving signalling protocol manipulations, phreaking as it was dubbed in the seventies, find their mirror in VoIP specific protocol manipulations.

The main purpose remains the same: fraud. Network security issues on the counterpart are far more complex and offer larger perspectives of attack than traditional phreaking. From physical layer to faulty applications, all network security items are relevant to VoIP security. In terms of exposure, the transport of voice data over the Internet, a highly insecure and unreliable environment, multiplies the attack surface and will surely lead to more attacks on this technology. Furthermore, the synergies of these two aspects of VoIP emerge to add new security threats such as signalling protocols Denial of Service.

Click Here to download this paper.

Leave a Reply