Voice over Internet Protocol (VoIP) Technology

Published Date: 02 Mar 2018

ABSTRACT:

Voice over Internet Protocol (VoIP) technology which attract extra attention and awareness to the world wide business. IP telephony's system will affect the sending voice transmission in the form of packet over the IP network in the VoIP applications. Now a day's many industries will use the VoIP technologies to provide the Security. In this project, I provided a variety of VoIP safety intimidation and probable approach to handle the intimidation in VoIP application.

VoIP is naturally susceptible to networks attack, like hateful codes (i.e., worms, viruses, Trojans), denial-of-service (DoS), distributed DoS (DDoS), pharming, and (though non malicious) sparkle were crowded. These attacks also spoil grimy system by overriding assets, distracting valid user, compromise private informations, or by demeaning code and records. This break affect the contaminated system, it also destroy the unaffected (or even non-vulnerable) ones. All system associated to the Internet are responsive to hateful code which try to contaminate as much as hosts is probable, cause overcrowding on the network communications.

The QoS which is provide to the end user is of highest significance and it is the main issue to implement the VoIP system, since if the exchange is indecipherable then there is no position in giving the service. The major factor which distresses the superiority of services is Latency, Jitter and Packet loss.

CHAPTER-1

1.0 Introduction

The voice enterprises continuously providing voice conversation services on over broad band by discovering the current market issues and network issues from past 20 years, the voice transition industry undergone various security and network issues to produce better quality voice service to transit on over broad band. The current voice market has been step up into the new level of voice protocols for providing VoIP services during low bandwidth, high level of data and voice transmission provisions.

The VOIP technologies allow sharing the resource of WAN for supporting data and voice for saving the cost for transmission process [1]. The VoIP provides many advantages to the enterprises, the migration of voice and telephone application form TDM switch network to IP packet switched network provides many advantages to enterprises during the migration of voice into IP application the enterprises need to provide security to the data applications [2].

However the enterprises need to identify the security issues and employee new techniques to protect against attacks. Security and QoS is a main aspect of VOIP system, the data on voice networks have been attacked by viruses, worms, DOS attacks and other unknown authentication users [3]. The VOIP architecture is a complete network hierarchical structure which is compound with many of the networking devices, the design structure have to ensure that whether the components will cope the unwanted attacks. The protocol structure in a VOIP system is a more sensible factor due to the poor ambitious. Here we introduce the attacks on over VoIP system.

VOIP Overview

VoIP stands for Voice over Internet Protocol which is the mainly used in the transmission of voice communications through IP network like internet, public switched networks [4]. The concept of VoIP mainly targets of the transmission of voice based messages and applications by using different protocols and is transmitted via the internet.

The basic steps involved in the transmission of voice signals through the internet are:

· Conversion of voice to analog and digital signal.

· Compression and conversion of the signal into Internet Protocol Packets to broadcast over Internet.

VoIP systems adopt different session control protocols for commanding over the set-up, tear-down of calls and also different audio codec's which allow for encoding the voice signal and allow the transmission. These audio codec's may vary form system to system where some of them are based on the narrow band and some on the compressed speech where some other system may use high fidelity audio codec's.

Technologies used to implement VoIP:

· H.323 [12]

· IP Multimedia Subsystem (IMS)

· Session initiation Protocol (SIP) [5]

· Real-time Transport Protocol (RTP) [5]

1.1 Problem Definition

In the past days the VoIP security is a not a big concern the people were mainly concerned with the functionalities, cost and the usage, but the VOIP communication trend has been encouraged; the VOIP communication system widely accepted by the people; due to the high acceptance of VOIP system the security issues are main concern.

However the VoIP services are rapidly growing in the current voice communication system, many unauthenticated users and hackers are stealing the VoIP services and hacking the services from the service providers and re routing to their personal usage. Some of the security standards are not credential they only supports to authentication over calls, but the problem with the service theft.

The security concerns will affect on quality of the system, due to the security tools and security solutions will conflict on quality of service. The system will accept the security tools those tools shouldn't decrease the quality. The basic issue of the quality is firewall. The firewall will blocks the calls for security constrains it will not process the signaling which are allocated to the UDP ports. Due to the security issues on VoIP devices will consumes extra time for packet delivery and which consumes extra time during the call; so it may delay the packet delivery, due to the encryption and decryption mechanism will conflict the call time.

1.2 Objectives of the study

The basic objective of this is to detect source of attacked packet on over network

Ø To formally define the network security problems and unauthorized access incidents

Ø To define the most accredited security techniques and security methods

Ø To evaluate the prototype system and packet feature mechanism

Ø Email and other internet message are easily integrated with the voice applications

Ø To support the multimedia applications, which provides less cost effective services for video conference, gaming

Ø To supports a low cost, flat rate pricing on the voice communication over the

Public Internet and Intranet services.

Ø Sends the call signaling messages over the IP-based data Network with a suitable quality of service and much superior cost benefit.

Ø Present offline message passing between the users by selecting a user from predefined offline user list

Ø Present textual communication

1.3 Research Method

Ø Provide authentication to the end users for accessing the VoIP services

Ø Design secure VoIP Configuration system

Ø Attempt to separate VoIP traffic from normal data traffic using either VLANs or a completely separate physical network.

Ø Enable authentication on SIP accounts.Internal Firewalls/ACLs should be cond to block telnet and http traffic from reaching voice VLANs or subnets.

1.4 SCOPE

These researches analyze the security and performance issues, it has to research on different security levels and represent various security challenges to modern VoIP system.

Ø This research enhance security methods by analyzing the modern security challenges

Ø To present various security methods; this security methods are explained in chapter -3 to analyze and investigate the security threats and define the solution for obtaining better performance

Ø Balance VoIP security and performance by measuring the services and network traffic

Ø To present VoIP protocols for secure data transmission

1,5 Thesis Organization

Chatper-1: Introduction: General Introduction of VoIP, problem definition and Research methods

Chapter -2: Literature Review: Review of VoIP deployment and review of security issues and performance and VoIP security background and security challenges

Chapter -3: Security process: VoIP security process, managing of VoIP security and security process and define the security solutions

Chapter -4: VOIP security and performance: Demonstrate VoIP performance , balancing of security and performance of VoIP

Chapter -5: Analysis Report: security and performance analysis and investigation reports of VoIP security and performance and complete project report scenario

Chapter -6: Conclusion, Future Enhancement, References and Appendices.

CHAPTER -2

2.0 LITERATURE REVIEW

Background

VoIP is a IP telephony which is used to deliver a voice on over internet; which stands for Voice over Internet Protocol which converts a voice signals to digital voice packets and transmit these packets on over network; for transmitting which uses Internet protocol for coordinating voice packets. VoIP can be deployed in dissimilar kind of IP enabled network like Internet, wireless networks, Ethernet.

VoIP is a telephony system which takes voice as a analog signals and which converts it into digital format and transmit on over network by using Intern protocol.

VoIP service Types

VoIP provides different types of voice service according to the communication media infrastructure; the most common services are as follows

Ø Computer to computer based services

Ø PC to phone and phone to PC based services

Ø Phone to phone based VoIP services [6]

Computer to computer:

A voice exchange in between system to system is one type of communication provides free VoIP's services which it requires related software applications such as gtalk[8], skype[7], messengers. In this services the users need to install same software's in their respective PC's and exchange their voices same as Peer to Peer services.

PC to phone and phone to PC:

It is a combination of Internet and circuit switched telephone system. The VoIP application software receives the voice and hand over to the Internet protocol to communicate on over telephone network. VoIP services provide a services to communicate with phone s by establishing VoIP network; an applications such as Skype, messengers are communicate to the phones by converting respective receiving and transmitting formats.

In the Phone to PC services the user can communicate from phones to PC's; user can dial to PC's by calling like normal phones; in this services the PC IP address contains a phone number. The user can dial from phone to assigned PC IP address phone number; Skype is a best example for this kind of services, which allows users to purchase a VoIP services to communicate from phone to PC [7].

The most common devices in these services are

Ø VoIP service providers

Ø Modem

Ø Internet services

Ø ATA: Analog Terminal Adaptor, this convert analog signals to voice signals & voice signals to analogs singles

Phone to phone based VoIP services [6]: Now a day's this type of services are using in long distance calls; many communication service provide companies offering long distance calls in very abnormal price by utilizing the PSTN services.

VoIP System

A Fig- 1 shows a typical VoIP network topology which is a combination of given equipments; the following equipments are

1) Gatekeeper

2) VoIP Gateway

3) VoIP Clients

Gatekeeper: A VoIP gatekeeper is a routing manager and central manager in a H 323 IP telephony surroundings. This is an option in a VoIP system which manages end points of a sector. VoIP gatekeeper is useful for managing calls, terminals and gateways. VoIP gatekeeper presents access control, bandwidth control and address translation.

VoIP gateway:

The VoIP entry convert a voice calls into genuine instant in between Public switch Telephone Network (PSTN) and IP networks. The basic functionalities of VoIP entry are compression, decompression; signal controlling, packetization and call routing.

VoIP clients: This equipment represents phones, multimedia PC's

2.1 Security Issues.

VoIP Phishing - How To prevent VoIP Phishing and avoided getting Trapped

You can do prevent VoIP Phishing at home and in your corporation and to avoid yourself and your associates from being keen as a Phishing victim.

What is VoIP Phishing and hoe it work

VoIP Phishing is a type of assault that lures the user into given personal data like phone number, credit card numbers, and password over a web site. Phishing over VoIP is become uncontrolled as VoIP makes Phishing easers for attacker.

Security thread in VoIP

While VoIP has become a one of the conventional communication technologies, VoIP user face a serious of security threads let's see this security issues.

Firewall

A firewall is software is planned to protect a personal networks from illegal access. Firewalls usually block the worthless passage from the outside to the inside of the networks and so on.

Over look security

You must not look at only at the light side of VoIP. While it is revolutionizing voice and data communication, it does not symbolize some problematic security issues that need that need to be deal with accurately.

Quality of Service Issues (Qos)

Qos [9] is a basic process of VoIP; if it delivers a good quality of services to the users which are more advantage to the users for saving money; rather than spending much money on other communication services. The Quality is an importance factor for VoIP services providers industries. In Certain level the security issues implementation can degrade the QoS. The security procedures such as firewalls and encryption techniques block the calls and delay the packet delivery.

The main QoS issues are

Ø Latency

Ø Jitter

Ø Packet loss

Ø Bandwidth problem

Latency:

Latency represents a delivery time for voice transmission from source to destination. The ITU-T advice that G.114 [10] establish a many time of constraints on one-way latency .To achieve Quality of Service the VoIP calls must be achieve in a limited bound time.

The basic issues in latency are

Ø Time spent on routers and long network distance

Ø Security measures

Ø Voice data encoding

Ø Queuing

Ø Packetization

Ø Composition and decomposition

Ø Decoding

Jitter:

The non-uniform packets make a packet delivery delay; which it is caused by insufficient bandwidth. The packets are in out of sequence order, for transmitting voice media it uses RTP protocol; this protocol are based on UDP so that it makes the packet in out of order sequence which degrades the QoS by not resembling the protocols at protocol level.

Packet Loss:

The packet loss increase the latency and jitter; where group of packets are arrived late will be discarded and allow new packets. The packet loss is associated with data network; due to the low bandwidth and high traffic which delays the packet delivery.

Bandwidth:

The low bandwidth delays a packet delivery which degrades the QoS by increasing the latency and jitter. The data on over network have to distribute into various nodes; the data have to transmit from one node to another node during this transmission if it encounter any problem which it can delays the packet.

The entire network design includes routers, firewall and other security measures. Certain time in the network path some of the nodes are unavailable at that time it doesn't deliver the packets to an end users.

2.2 VoIP protocols

There are numbers and numbers of network that can be working in organize to offer for VoIP communiqué service .In this part we will center no which the general to the best part of device deploy.

Almost each machine in the globe use a standardization called real time protocol (RTP) for transmit of audio and video packet between the networks. IETF is the founder of RPT. The consignment layout of numbers CODE are define in RFC 3551 (The section “RTP profiles and pay load format specification” of RCF. These sections address items.). Though pay load format section are define in document also published by the ITU (International telecommunication union) and in others IETF RFCs. The RTP mostly deal with issue like packets order and give mechanism to help the address wait.

The H.323 [7] standard uses the Internet Engineering Task Force (IETF) RTP protocol to transport media between endpoints. Because of this, H.323 has the same issues as SIP when dealing with network topologies involving NAT. The easiest method is to simply forward the appropriate ports through your NAT device to the internal client. To receive calls, you will always need to forward TCP port 1720 to the client. In addition, you will need to forward the UDP ports for the RTP media and RTCP con-trol streams (see the manual for your device for the port range it requires). Older cli-ents, such as MS Netmeeting, will also require TCP ports forwarded for H.245tunneling (again, see your client's manual for the port number range). If you have a number of clients behind the NAT device, you will need to use a gate-keeper running in proxy mode. The gatekeeper will require an interface attached to the private IP subnet and the public Internet. Your H.323 client on the private IP subnet will then register to the gatekeeper, which will proxy calls on the clients' behalf. Note that any external clients that wish to call you will also be required to register with the proxy server. At this time, Asterisk can't act as an H.323 gatekeeper. You'll have to use a separate application, such as the open source OpenH323 Gatekeeper

H.323 and SIP Have their origins in 1995 as researchers looked to solve the problem of how to computers can indicate communication in order to exchange audio video files.H.323[12] enjoy the first commercial success due to this fact those who are working on the protocol in ITU[12] worked quickly to publish the first standard in the year 1996.

While support of the two protocols on a single gateway is critical, another integral part of dual-protocol deployment is the ability for H.323 gatekeepers and SIP proxies to interwork and share routing capabilities. One method that was introduced to support time-to-market requirements uses routing interaction between a Cisco SIP Proxy Server and an H.323 gatekeeper.

The business model for some carriers using the Cisco Global Long Distance Solution is to provide origination and termination of voice-over-IP (VoIP) minutes for several other service providers. This business model has been very successful with deployment of H.323-based services, but these Cisco customers would also like to attract additional SIP-based service providers. Ideally, these customers would like to use their existing voice-gateway infrastructure to support additional SIP-based offerings.

Cisco has provided these carriers with a way to add new SIP services by adding capabilities to the Cisco SIP Proxy Server to allow it to “handshake” with an H.323 gatekeeper using the H.323 RAS protocol. By enabling a SIP proxy server to communicate with an H.323 gatekeeper using RAS location request, location confirmation, and location reject messages and responses, a Cisco SIP Proxy Server can obtain optimized routing information from VoIP gateways that have been deployed in the service provider's network.

The Cisco architecture allows for protocol exibility and enables, one call-by-call basis, use of a particular session protocol. This exibility allows customers to deploy SIP networks on proven packet telephony infrastructures, while still maintaining core H.323 functionality within their networks. With the ability to support the connection of customers and carriers using either rotocol, service providers can offer a variety of application hosting and sharing services, and be more aggressive in pursuing wholesale opportunities via new services. Some principles for coexistence that are critical for successful multiprotocol deployments are transport capabilities across time-division multiplexing (TDM) interfaces, dual tone multifrequency (DTMF) processing capabilities and fax relay support. In deployments where both protocols are used, it is important that there are no performance limitations related to the call mix between SIP and H.323 calls, and that there is no significant deviation in calls-per-second measurements compared to a homogeneous SIP or H.323 network.

Cisco gateways provide support for coexistence of SIP and H.323 calls beginning with Cisco IOS Software Release 12.2(2)XB. Above illustrates packet voice architectures for wholesale call transport and 2 illustrates termination services for application service providers (ASPs) where SIP and H.323 are used simultaneously for signaling.

Reasons for VoIP Deployment

When you are using PSTN line, you typically pay for time used to a PSTN line manager company: more time you stay at phone and more you'll pay. In addition you couldn't talk with other that one person at a time.

In opposite with VoIP mechanism you can talk all the time with every person you want (the needed is that other person is also connected to Internet at the same time), as far as you want (money independent) and, in addition, you can talk with many people at the same time.

If you're still not persuaded you can consider that, at the same time, you can exchange data with people are you talking with, sending images, graphs and videos.

There are two main reasons to use VoIP: lower cost than traditional landline telephone and diverse value-added services.

Low Cost & Higher multimedia application:

Traditional telephone system requires highly trained technicians to install and custom configuration. Companies find the need to call the service of specialist to implement, simple tasks like moving adding a phone. Modules such as ‘voicemail' and the additional lines are the part of perpetual cycle of upgrades and modifications that make telephony support a very profitable business. The methodology use to implement PSTN business phone system is well understood and the industry is very mature. Hence company can make a purchase with the confidence that if they are installing a traditional system it will function and include an excellent supported infrastructure.

IDC reports the number of VoIP ports shipped in 2005 will be equal to traditional analogues deployment. Non to be taken lightly, the average lifespan of a voice system range from 5-10 years. In 5 to 10 years, an analogues telephone system will be the exception as opposed to the telephone standards. Qualified technicians, whom are required to work on propriety system, will be difficult to come by. In addition, the prospect of telephone manufacture going out of business or the technology simply being repulsed by a more agile and less costly alternative, are both risks that must be taken into account in well informed decision.

Fortunately a company can take few preventive to protect them from outdated system. One such step is use of standards technologies that are back by a number of company and possibly trade group as opposed to a single entity. In VoIP space a good example is session Initiation Protocols, SIP. SIP is supported by the large majority of vendors and is considered the industry standard protocol for VoIP. Beyond analogue lines that terminate from an ISP, The traditional telephony market does not have much interoperability. For example it is not be integrate an Avaya PBX with a Nortel PBX.

Hidden cost can be substantial in any technology deployment. The downtime experienced with buggy or poorly implemented technology, in addition to the cost of qualified consultants to remedy such as

Challenges of VoIP:

Though VoIP is becoming more and more popular, there are still some challenging problems with VoIP:

Bandwidth: Network which available is an important anxiety in network. A network can be busted down into many nodes, associations and produce a big quantity of traffic flow, therefore, the availability of each node and link where we only focus on the bandwidth of the VoIP system. An in a data network, bandwidth overcrowding can cause QoS problems, when network overcrowding occur, packets need to be queued which cause latency as well as jitter. Thus, bandwidth must be accurately reserved and billed to ensure VoIP quality. Because data and voice share the same network bandwidth in a VOIP system, the necessary bandwidth condition and allocation become more complex. In a LAN surroundings, switches usually running at 100 Mbps (or 1000 Mbps), upgrading routers and switches can be the effective ways to address the bandwidth bottleneck inside the LAN.

Power Failure and Backup Systems: Traditional telephones work on 48 volts which is supplied by the telephone line itself without outside power supply. Thus, traditional telephones can still continue to work even when a power breakdown occurs. However, a backup power system is also required with VOIP so that they can continue to operate during a power breakdown. An organization usually has an uninterruptible power system (UPS) for its network to overcome power failure, [14]

Security: As VoIP becomes too popular, the issues related to VoIP network are also very progressively and more arising [15]. W. Chou [16] has investigation the different security of VoIP investigation the different and also given some optional strategies for these issues. In reference [17], the authors also outline the challenges of securing VoIP, and provide guidelines for adopting VoIP technology.

Soft phone: Soft phones are installed on system thus should not be used where the security is an anxiety. In today's world, worms, viruses, Trojan houses, spy wares and etc are everywhere on the internet and very complex to defend. A computer could be attacked even if a user does not open the email attachment, or a user does nothing but only visit a compromise web site. Thus use of soft phones could bring high risks for vulnerabilities.

Emergency calls: Each traditional telephone link is joined to a physical location, thus emergency tune-up providers can easily track caller's locality to the emergency send out office. But dissimilar traditional telephone lines, VoIP technology allows an exacting number could be from anywhere; this made emergency services more problematical, because these emergency call centers cannot get the caller's location or it may not be possible to send out emergency services to that location. Although the VoIP providers provide some solutions for emergency calls, there is at rest need of manufacturing principles in VOIP surroundings.

Physical security: The most significant issue in VoIP network is Physical security. An attacker can do traffic psychoanalysis once actually they access to VoIP. In between server and gateway, like to determine which parties are communicating. So the physical security policy and some controls are needed to control the VoIP network access mechanism. Otherwise, risks such as insertion of snuffer software by attackers could cause data and all voice connections being intercept.

Wireless Security: Connection in wireless network nodes were integrated with VoIP network which receives more and more popular and accepted [18]. The wireless networks are very feeble as compared to Wired Equivalent Privacy (WEP). The algorithm for 802.11 is week because WEP can be cracked with public available software. This is the major project in wireless network for example the more common and popular WiFi protected Access (WPF and WPA 20) which administrated by Wi-Fi Alliance are providing more significant security in improvement, the WPA protected is also integrated with wireless technology in VoIP.

CHAPTER -3

Related Work

3.0 Security Studies

Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money and offering increased features and productivity. All these benefits come at a price, vulnerability. It is easier to attack and exploit a voice and data network. VoIP will need extra security measures beyond the standard security that is typically implement for a computer network. Many issues need to be addressed such as type of attacks, security, quality of service and VoIP protocols.

Voice over IP (VoIP) is a one of the most challenging technology in today's market. The importance of VoIP is rapidly growing, many vendors introducing VoIP services with advanced technologies for improving quality of services and security. In this chapter I am discussing about security models and security process.

3.1 VoIP Security Process:

There are many VoIP protocols in the market. Some are proprietary while others are open standards. The two most popular open protocols are H.323 and SIP. They were designed by two different organizations and operate slightly differently. They both have problems with the use of random ports problems with NAT translations and firewalls.

Security for VoIP devices and VoIP network is a complex process, securing of VoIP protocols and data streaming invokes at many stages. The most common VoIP vulnerabilities are as follows

Ø Software Related:

Ø Device related

Ø Protocol related

Ø System Configuration related

Ø Application level attacks

3.1.2 Software Related Vulnerabilities:

The basic flaws in software vulnerable are operating services and functions problems and quality, operating system interface and administrations [19]. Software application interfaces, software application logic

Ø Software applications

Ø Application interfaces

3.1.3 Device Related Vulnerabilities:

One of the most common security threats effects on VoIP hardware devices. In early days the most of the VoIP systems are designed with limited energy power, computing power. Due to the heavy competition in the market many vendors are keeping low cost, they are designing with low cast VoIP hardware devices but due to the changes of software applications, other system infrastructure the system need to regularly updates the device.

The most common hardware devices in VoIP are

Ø PC's

Ø Telephone adaptors

Ø Modems

Ø VoIP phones

3.1.4 Protocol Vulnerability:

The main protocols in VoIP are H.323 [12] and SIP (Session initiation protocol), these two protocols are commonly used in VoIP hardware system [19]. These protocols overwhelmed with security issues. SIP protocol is a complex protocol which maintains the security in SIP RFC. In SIP the network address translation crack security and which doesn't examine firewalls.

H.323 is an International Telecommunication Union standard for audio and video communication across a packet network (National Institute of Standards and Technology 2005). There are four types of devices under H.324: terminals, Gateways, Gatekeepers and Multi-Point Conference Units. The terminals are phones and computers. Gateway provides an exit to other networks. The Gatekeeper handles addressing and call routing while the MCU provided conference call support. H.323 uses other protocols to perform other vital tasks. UDP packets using the Real-Time Transport Protocol transport all data. H.225 handles registration, admissions & status, and call signaling. H.235 also handles all security and has four different schemes call Annexes. “H.323 is a complicated protocol”.

SIP Vulnerabilities Overview

The below shows a SIP call flow using SIP and UDP protocols, user can send a voice call through proxy server, the proxy server sends SIP and UDP/TCP protocols to user received proxy server, here the Session Initiation Protocol (SIP) is a complex and which is a format protocol which is combination of.

Session Initiation Protocol (SIP) is a signaling protocol for Internet conferencing, telephony, presence, events notification, and instant messaging [26]. The Internet Engineering Task Force developed this VoIP protocol. SIP is an application layer protocol that uses TCP and UDP. The protocol is designed to work with servers and endpoints such as phones. There three types of servers. The location server maintains a database of the location of all endpoints. The proxy server passes the calls between networks while the registrar server authenticates all traffic. SIP can use HTTP, SMTP, IPsec and S/MIME, Secure/Multipurpose Internet Mail Extension, for security instead of creating new methods. This makes it a lot simpler than H.323

Common vulnerabilities in SIP are as follows

Eavesdropping

Flood-based Denial of Service (DoS)

Registration manipulation

Application man-in-the-middle attacks

Replay attacks

RTP attacks

3.1.4.1 Eavesdropping

This will interrupt the voice conversation due to an attack of unauthorized agents and this will occur with the staling of information, they will theft the information of user id, password and phone number and they will use this voice services. The basic constraints for eavesdropping are a intercepting packets or by connecting unauthorized IP phones to VoIP systems.

3.1.4.2 Distributed DoS or DoS Attacks

Denial of Service is a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. VoIP is more susceptible to DOS than a typical computer network. Not only does it suffer from the standard DoS attacks of flooding the network with traffic to the point it crashes but it also has its our specific vulnerabilities. VoIP specific DoS attacks use setup and “cancellation of pending call set up signals … including sending a CANCEL, GOODBYE or PORT UNREACHABLE message” . This causes the phones not being able to complete calls or hang up. With DoS there is a chance that both you data network goes down along side of your phone services provided through VoIP. VoIP has many security vulnerabilities that need to be protected. Encryption, Virtual LANs and Firewalls are a necessity on all networks that deploy VoIP. Also Network Address Translation should be avoided. These are a few important features that need to be addressed.

DoS attacks degrade the network services by attacking on VoIP devices and network system. The DoS attack denial the services by interrupting the internal devices and network operations and which consumes network bandwidth to degrade the services.

The services of VOIP system are vulnerable to the DoS attacks in two aspects

1) The VoIP system is hierarchical internal device system, which designed with many devices if one device fail which could bring to halt entire system.

2) The VoIP system uses multiple protocols for transmission purpose, every protocol have unique functions if one protocol services halts which could affect on the entire system.

3.1.4.3 Unauthorized Access

VoIP handsets can be locally cond, and have default administration credentials which are easily found on the internet. With these credentials users can change their extension number, codec settings, and much more.

3.1.4.4 Man in the middle

The VoIP system particularly degrades the services due to an attack of middle attackers, the attacker interrupts call-signaling SIP message traffic, and they will hijack the call service providers and re direct the calls via redirection servers. They tamper the calls by injecting the noise protocols on signal stream which reduce the quality.

3.1.5 System Configuration Vulnerabilities

The VoIP servers are the most important component of VoIP system; it basically handles the voice calls. There are many attacks on VoIP server the attacker will take control on over VoIP server by switching toll fraud mechanism. The server system mainly maintains all the call details records [19]. The VoIP server deals with CDR database, the attacker can attack it's off shelf records and can changes the record details.

VoIP network configuration is a major concern, during any VoIP deployment several network security aspects are considered during call transmission, the attacker spoofs an IP address of caller and can take control on their communication network and makes to interrupt the services.

3.1.6 Application-Level Attacks

In VoIP architectures the attacks comes on specific devices and functional components and protocols. Attacks targeted specifically toward VoIP applications include registration hijacking, illegal teardowns, register floods, call floods, malformed packets, harassing calls and spam over Internet telephony (SPIT) [20]. By this definition, toll fraud also constitutes an application-level attack.

Of particular concern for VoIP network managers are (Session Initiation Protocol) SIP attacks. SIP is a session and call control protocol, components of which are used by standards-based IP PBX and IP telephone systems. In addition to the standard IP vulnerabilities, SIP brings other risks. While the Internet Engineering Task Force (IETF) has made great strides over the past few years in developing the protocol, a great deal more definition remains before SIP can be considered mature. SIP also ranks high among IP protocols in complexity and extensibility. Finally, like HTTP and SMTP, SIP is text-based. While these characteristics may bestow various advantages to SIP in terms of elegance, durability and utility, they also render the protocol vulnerable to application-level attacks. SIP sessions use at least three port numbers, only one of which is static which makes it a little more challenging from a security perspective.

The common application level vulnerabilities

Ø Call hijacking

Ø Eavesdropping

Ø Toll fraud

Ø Message integrity

Call hijacking: Attacker hijacks a call by spoofing SIP response and specifies rouge SIP address.

Eavesdropping: The victim will sniff the VoIP network traffic and decode a voice conversation on over VoIP LAN.

Toll Fraud: Victim imitate or take control on VoIP calls and access valid users calls for making free long distance call by attacking on valid VoIP user network and control that network for it's personal usage.

Message Integrity: Attacker attack on communication network in between two end users and make interruption on communication network by attacking on communication network.

3.2 Security Attacks and Threats

This section presents the security attacks and threats on VoIP systems and Non -VoIP systems such as PSTN.

3.2.1 The most common threats and security attack on non VoIP system are as follows

1) Wire tapping

2) Toll fraud

3) Modems

3.2.1.1 Wire Tapping:

Wire tapping is a process of tapping of telephone conversation; it's a process of monitoring voice conversation by using physical telephone cable [19]. This process can be carried out with internal circuit switch, if we identify the internal switching circuit the earpieces will retrieve conversation, the VoIP basically transmit voice packets so it's little tough to deal this process.

3.2.1.2 Toll Fraud

The attackers gain control on communication system for making free calls without paying any call cost by manipulate PBX's [19], Intensive response system and by using Dual Tone Multi-Frequency (DTMF) tones. The attackers detect communication lines and codes for making free calls using war dialing. The war dialing scans a telephone numbers to gain access on computer network by using telephone line.

3.2.1.3 Modems

In VoIP system the dialup modems are used in VoIP networks, the users gain control on access network by dialing on modems, the modems will plug in to VoIP network to system devices, the dial up modems are venerable to attacks; it's a mandatory to take a precaution on dial up modems.

3.2.2 Security attacks and threats in VoIP Systems

The most commons security attacks and threats are like this

Ø Man in the middle attack

Ø Eavesdropping

Ø Denial of Services

Ø Spam

3.2.2.1 Man in the middle attack: In this attack the attackers gain control on accessing system, the attacker can access system, they can read messages and interrupt the message at both ends by entering attacked links and interrupt the processing link. The unauthorized person can obtain source information by manipulating communication path and hijacking the call sources. In this attack the attacker intercept the calling signaling SIP message. The attacker observer intercept message at both end sides to obtain communication link and gain command on communication link. The message has been compromised with an effect of this attack.

3.2.2.2 Eavesdropping

In this attack the attacker's listens telephone conversation, which intercepts the network communication link. In these attacks the attacker steals the sources information and which allows an attacker to gain control on network and over voice mail. In these attacks the attacker monitors call signaling process and gains control on networks and obtain source information.

3.2.2.3 Denial of Services

Dos is the most serious type of attack in VoIP network system, This kind of attacks disrupt the VoIP system services, this attack take command on VoIP system they destroy the services of network link connection, turning of IP phones and disable the switching router. The most common DoS attacks are flood based attack and Flaw Dos attack.

Flood Based Attack: This type of attacks occurred when target VoIP component system processing a large number of packers which have been sent from attacker, the attacker will send large number of attacking packets to target component for destroying the services. The target process keeps on processing only on attack packets rather than correct packets. The attack packets are incorrect and which contains incorrect commands, this attacks packets destroys the target component.

In below diagram the attacker generates packets and sends these packets to target components. Here the target components are IP telephone, IP PBX and media gateway. These target components process the attacks packets; this attack packet destroys the target components. Fig 3.2 Flood DoS [19]

Flaw DoS attack: This attack occurs during processing of attack packets in VoIP component, attacker sends sequence of packets to VoIP component to implement flaws. This target packets are destroys target components, this takes much time to process this attack target packets.

3.2.2.4 Spam over VoIP

This are vulnerable to VoIP system we can also represent this as spam over internet telephony. The spam attacks disable the VoIP system services, here the user receives unwanted calls this unwanted calls destroy the VoIP component system. This attack destroys VoIP gateway and which degrade the VoIP quality of services.

3 .2.2.5Dynamic per-call firewall control

The VoIP security solution should employ multiple dynamic layers of security to protect the VoIP enabled network, including:

• Dynamically opening and closing firewall “pinholes” on a per-call basis

• Sub-dividing the network in multiple security zones (for instance, separate zones for voice and data)

• Allowing for per-user network authentication

3.2.2.6 Dynamic per-call bandwidth control

In a recent InformationWeek VoIP survey of 300 business technology executives, performance and quality of service was the number one concern in deploying VoIP. The VoIP security solution should address this concern by its ability to:

• Allocate bandwidth on a per-call basis.

• Allocate bandwidth based on call classification

• Allocate bandwidth and route calls over multiple WAN links

• WAN link fail over with automatic call policy adjustment

• Immediate bandwidth allocation for emergency calls

• Support for DiffServ and ToS

3.3 VoIP security Requirements

The ideal VoIP security solution will dynamically adapt network resources and security based on VoIP application requests, regardless of the signalling protocol used or whether the signalling or media traffic is encrypted. This allows network resources to be properly and securely cond on a per-call basis, including per-call security, NAT traversal, and bandwidth allocation. This approach also avoids having to deal with vendor-specific extensions to standard protocols which can lead to single-vendor lock-in. Many other issues involved in delivering VoIP services to business and consumer customers are also negated - issues involving LAN security, bandwidth allocation, QOS, and network re-architecting.

The basic idea of VoIP security requirements is to provide a security to VoIP system resources, network resources, protocol security and application resources. The security is based on application request and signaling protocols. This process will con security requirements to VoIP system for representing secure call services.

The most common security requirement approaches are

1) To provide high level security and high level performance during managing voice calls

2) To provide security to signaling protocols

3) To manage encrypted call signaling and traffic

4) Firewall control for Dynamic per call

5) Bandwidth Control for managing Dynamic call

6) NAT Traversal

7) To handle encrypted VoIP traffic

8) Signaling protocol compatibility

9) End users media traffic

3.3.1 Firewall Control:

This security solution employs firewall to control victims and to control network for protecting network resources, which allows only authenticated users and enables pin holes for dynamic opening and closing per calls and separate network structure into multiple security zone for handling data and voice calls.

3.3.2 Dynamic call Bandwidth control

The VoIP network need to mange huge network traffic during call transmission which efficiently manage bandwidth. The basic concerns of these requirements are performance and quality of services.

The basic concerns of this security requirement are

Ø To allocate proper bandwidth per call

Ø To divide a network bandwidth during managing multiple calls

Ø To allocate bandwidth call on over wide area network links

Ø To increase system throughput by minimizing additional network traffic

3.3.3 Network Address Translation (NAT) Traversal:

NAT traversal are required for VoIP deployment, the deployment of NAT in between public and private address space can cause network deployment this problem resolve by communicating with IP PBX on a per call basis.

Along with these benefits come problems with VoIP. NAT complicates VoIP call set up and traffic. Dynamic assigns random port numbers to traffic when there is a pause and the translation times out.(N.I.S.T 2005) This makes it hard for VoIP equipment to track and maintain calls. IPv6 will reduce the need for NAT with the introduction of the 128-bit network address. “The best solution is not to use NAT if at all possible” [27]).

While attacks affect quality of service, some security features can have an impact. Features such as NAT, firewalls and encryptions affect the VoIP QoS. The three main issues are Latency, Jitter, and packet loss. Latency is the amount of time it takes to transit a packet to its destination.

3.3.4 Signaling protocol handling

Here it needs to employee protocol security, the VoIP system employees various signaling protocols. The purpose of this protocol is for voice signals, call record and provide key events to manage a call. The most common signaling protocol are SIP and H.323 protocols.

3.3.5 To manage encrypted VoIP traffic

Encryption helps protect your privacy and authenticates the message. Transport Layer Security and IPsec are the two main encryption methods. IP security is used to encrypt call setup and control messages. TLS is an alternative to IPsec and is based off the SSL protocol. It is used is used to provided an secure call setup. Many different algorithms can be used such as DES, 3DES, AES, RC4, and RC5 [29]. The simpler encryption results in better performance [28]. It is an effective measure against eavesdropping and protects sensitive information. Firewalls are a standard security feature on networks. They protect the network from attacks by inspecting each packet that travels to and from the network. Firewalls have trouble filtering VoIP traffic due to dynamic port assignments through out the call. Both SIP and H.323 requires stateful firewall to track the traffic and associate the port numbers. “Stateful firewalls remember previous traffic and can investigate the application data in a packet” [28].

To provide high end security to voice calls, it employees encryption technique to encrypt the VoIP network traffic, the call encryption will protect the call information and it will encrypt the network traffic against attackers.

CHAPTER -4

4.1 VoIP Quality

The VoIP Technology comes with easy and low cost communication which is quite difference from traditional telephone service. The data file and multimedia file are carried in the form of packets on network from source to destination. The basic advantage of this network resource sharing, together with the network coverage and motivate the wide development and deployment.

4.1.1 Introduction to IMS

The IP Multimedia subsystem (IMS) is an overlay system that is serving the convergence of mobile, wireless and fixed broadband data networks into a common network architecture where all types of data communications are hosted in all IP environments using the session initiation protocol (SIP) [21] protocols infrastructure.

As recent public trials have shown, IMS technology still suffers a number of confining factors, amongst them is perceived quality of service (PQoS). The existing IMS infrastructure does not provide any PQoS aware management mechanism within its service provision control system.
It is expected that the success of multimedia services within the IMS infrastructure will depend on how end users perceive the quality of the services provided. Therefore, novel IMS compatible user centric network management solutions that employ cross layer adaptive techniques are inevitable. These techniques will be deployed into the existing IMS architecture in order to complement it with the objectives to

1) Compensate for network impairments,

2) Perform content dependent optimization of the encoding and/or streaming parameters, and to

3) Improve the end user experience/satisfaction by maximizing the delivered PQoS level.

IMS is logically divided into two main communication domains, one for data traffic, i.e., real time protocol packets consisting of audio, video and data and the second one is for SIP signaling traffic.

During an ongoing session or even before a session has been established, SIP UPDATE method [2] can be used to clients to update parameters of a session (such as the set of media streams and their codecs). SIP UPDATE method has no impact on the state of an existing dialog.

4.1.2 ANDROI D IMS CLI ENT

Android platform [22] has been chosen as an IMS client because its future has shown to be very promising for UMTS access networks. Android is an open handset alliance, a group of more than 30 technology and mobile companies. To help developers to develop new applications, the alliance has offered the android software development kit. The Android emulator screenshot is depicted in 1.

The Android platform is an open software stack for mobile devices including an operating system, middleware and key applications. Developers have full access to the application framework APIs used by the core applications. The application architecture is designed to simplify the reuse of components any application can publish its capabilities and any other.

The Android platform is an open software stack for mobile devices including an operating system, middleware and key applications. Developers have full access to the application framework APIs used by the core applications. The application architecture is designed to simplify the reuse of components any application can publish its capabilities and any other application may then make use of those capabilities (subject to security constraints enforced by the framework). This same mechanism allows components to be replaced by the user

The overall Android architecture is illustrated in 2 [22]. The tested uses SIPDROID, the basic SIP client application built on the MjSip by HSC. SIPDROID and MjSip have both been released under GPL. SIPDROID has been modified to support basic IMS signaling flow and installed as a package in the Android emulator.

As of today, the Android emulator does not support audio capture; hence the real time transport protocol (RTP) part of the modified SIPDROID has only been emulated. The Android platform has been chosen in this research because it provides a platform to test adaptation mechanism.

4.1.3 OPEN MIS CORE

While implementing the open IMS core in IMS calls all the session control functions (like cscf's i.e., P-CSCF, S-CSCF and I-CSCF) and a HHS (Home subscribe server) that forms the core elements of all the IMS's and the architecture which is specific in the boundary of 3GPP and 3GPP2 and also ETSI TIPS AN. Based on all the component sourced software's and are used to exchange SIP messages, register users and setup/terminate multimedia sessions. It forms the heart open IMS Playgrounds at FOKUS (c.f., 3) [23].The centralized routing engine of CSCF services policy manager the enforcement policy points is to make easy release to many real-time application It is application aware and uses dynamic session information to manage network resource that provides progress allotment of resource depend on the application users framework.

Depending on the application and user context. The CSCF can act as any of the following:

Proxy CSCF (P-CSCF). This is the first contact point within the IMS for the subscriber. It accepts requests and serves them internally or forwards them.

Interrogating CSCF (I-CSCF). This is the contact point within an operator's network for all connections destined for a user of that network, or for a roaming user currently located within that network's service area. There may be multiple I-CSCFs within an operator's network.

Serving CSCF (S-CSCF). This is responsible for identifying the user's service privileges, selecting access to the home network application server, and providing access to that server.

Home Subscriber Server (HSS). The HSS maintains a database containing unique service profiles for end users. Service profiles contain service and preference information, such as current registration information (IP address), roaming information, telephony services (call forwarding information), IM service information (buddies list), voice main box options (greeting message), etc.

4.1.4 THE TESTBED

Fig 4 depicts the overall test bed built to perform the VoIP quality adaptation with the open IMS core. The SHUNRA\Storm emulator lies between the Android emulators to emulate the packet loss rate as network impairment. SHUNRA\Storm [24] emulates a multi point WAN in a laboratory conditions. It consists of hardware (emulator) unit and software. Single workstations or entire local area networks are physically connected to one or more SHUNRA\Storm emulators in the laboratory.

The SHUNRA\Storm emulator unit is placed between the two Android emulator clients to emulate the net work conditions during a voice session. In this paper, the SHUNRA\Strom emulates packet loss in random mode.

The UCT IPTV application and VLC streaming servers are added for future research on video and audio streaming PQoS adaptation prediction models. The function of each component in the testbed has been described in detail in the previous sections.

4.1.5 VoIP Quality Application

VoIP is the technology that allows IP networks to be used for voice and video service. VoIP leads to solutions at more or less every layer of an IP network from voice applications to low level quality measurements like packet loss and delay that keep those applications running with acceptable quality. Voice quality prediction model is embedded into the An-droid terminal; this model is responsible for monitoring the quality of the voice session in real time. The voice quality model used in this paper is the one that was proposed by [24], which measures the mean opinion score (MOS) value of a conversational VoIP session no interactively.

If the voice quality drops below a predetermined MOS value threshold for a predetermined duration, the caller sends an alarm using the instant message (IM) requesting for a change of AMR mode from AMR122 to AMR475 to the caller. The caller will then send UPDATE METHOD request with an offer of AMR475 to the caller who will instantly send an Ok to the caller and the RTP session will be running under AMR475. The caller will still be monitoring the voice quality, if the quality continues to drop, there will be no change since AMR475 is the lowest mode. If the quality of the voice has gone up above a predetermined MOS value threshold for a predetermined duration, the caller will send the IM instructing the caller for a change of AMR475 to AMR122 mode.

The SIP UPDATE message ow for an early media negotia- tion is shown in below The SIP messages ow is enumerated as follows

1) The caller sends an initial INVITE which contains an offer of AMR122.

2) The IMS forwards the INVITE to the callee.

3) The The callee generates a 180 response which is an answer to the offer

4) The IMS forwards 180 response to the caller.

5) With the completion of an offer/answer exchange, the session is established, although the dialog is still in the early state.

6) The caller generates a PRACK to acknowledge the 180.

7) The IMS forwards the PRACK to the callee.

8) ) The PRACK is answered with a 200 OK by the callee.

9) The IMS forwards the 200 OK PRACK to the caller.

10) When the dialog in progress, the callee finds the voice degradation, the MOS value drops below the predator mined value for a predetermined duration, the callee sends an alarm as a request (UPDATE (AMR475)).

11) The IMS forwards the (UPDATE (AMR475)) to the caller.

12) The caller answers the offer with 200 responses to the UPDATE (AMR475).

13) The IMS forwards the 200 response to the callee.

14) The callee sends 200 INVITE.

15) The IMS forwards 200 INVITE to the caller.

16) The caller sends an ACK.

17) The IMS forwards the ACK to the callee

4.2 Adaptation Mechanism

The callee of the ongoing VoIP session monitors the PQoS using the model proposed in [6]. The MOS values are used for monitoring the PQoS and average packet loss (in percentage) over a period of time (1 second in this paper) is taken as a network impairment. The SHUNRA\Storm emulates the random packet loss. At the start of the session the AMR122 mode is used, this mode has the highest MOS value when average packet loss is zero. Once the PQoS starts to drop to or below the predetermined MOS value (3.0 MOS score in this paper) for a predetermine duration (1 second in this paper), the callee sends an alarm using the IM with the request to lower the AMR mode to AMR475, this mode has the lowest quality regardless of the packer loss rate. The caller will then change the AMR mode to AMR475.

If the current session is in AMR475 mode and the MOS value goes up to or more than 3.2 at the predetermined duration of 1 second, then the callee will send the IM to the caller to request a higher AMR mode of AMR122.

The callee will still be monitoring the PQoS while the session is still going on, if for a predetermined duration (1 second in this paper), and if the current session is in AMR475 mode, and the callee finds that the average packet loss is zero, then the callee will send the IM to the caller to request a higher AMR mode.

4.3 VoIP Quality Issues

Which method of quality management a carrier uses probably depends on that carrier's point of view. In some cases, service providers have used network probes specially designed for the purpose, though these specialized tools tend to be an expensive investment for some carriers. In other cases, they have relied on network management based on the element management systems integrated with the different types of equipment in their networks. This means the carrier doesn't have to acquire yet another tool from yet another vendor, and as Ogle notes, “Vendors do a very good job of managing their own stuff.”

What you did depended on your point of view, whether effective management could be done through network probes or was best served by the management capabilities integrated with the boxes, the gear in the network,” Ogle continues. “Either way, there has been no cohesive means of voice quality management. VoIP is tricky because it is also based on UDP [user datagram protocol], so you never what's going down what path in the network. Everyone is in their own tunnels.”

The choice of voice codec used does affect bandwidth consumption and a carrier's choice of codec also have a lot to do with how much bandwidth is available to that service provider and how much they pay for it. Here are three voice codecs and the amount of bandwidth they use:

· G.711 - 64 kbps

· G.726-32 - 32 kbps

* G.729AB - 8 kbps

Many vendors will say that the type of voice codec used will not matter to VoIP users, but carriers need make their own decision as to which codec is appropriate for the type of voice service that they wish to deliver. If the service price is high, having the right codec could be critically important. The s above are baseline measurements, but IP and Ethernet headers used in a packet network add to the bandwidth requirement of each of these codecs. That could take the total bandwidth for a G.711 codec up to around 150 kbps, but the benefit of a higher bandwidth codec is that voice quality generally will be higher.

According to Garrett Mead, senior systems engineer in the professional services group at MetaSwitch “Packet loss should be kept as low as possible in a VoIP network with a good target being less than 1% loss. Higher bandwidth codecs such as G.711 are more tolerant of packet loss.”

Meanwhile, with regard to round-trip latency, the de facto standard for acceptable delay may be around 150 milliseconds for an end-to-end in a VoIP call, though the goal in traditional telecom networks has been 50 milliseconds or less. Multiple issues can affect latency, such as the distance of the softswitch from other network elements or the separation of the call control plane from the data plane.

VoIP network are almost understandable. Most of these can be mitigated on the network device with good quality assurance tools. Both of this endpoint equipment and the network in voip can allow these issues to respective address with minimum amount of cost.

Some of the optional issues which impact the network performance and creating the condi