The PSTN Transition to VoIP: Security Must be Addressed

The "Bad Guys" Will Make the Transistion Too

Before we wrap up our series on the PSTN transition to VoIP, we suggest there is at least one more big issue that needs to be addressed—the security of voice calls on an all IP network.

Consider, for a moment, the security features of the PSTN’s Signaling System 7 (SS7) network.  SS7 is used to set up and tear down calls on the legacy PSTN.  SS7 has inherent security advantages.  First, potential hackers are far less likely to be conversant in the SS7 software code base than an IP protocol, despite the fact that SS7 and it variants are standards-based.  Second, SS7 network nodes-- including the service switching point (SSPs), signal transfer point (STPs), and service control point (SCPs) are located in tightly controlled physical facilities such as service providers’ central offices and data centers.  

By contrast, the signaling infrastructure and protocols that participate in call set up and tear down for IP calls are highly distributed.  For example, a SIP session that controls a VoIP can originate or terminate in everything from an IP PBX to a Microsoft X-Box 360, even to a mobile device that supports a VoIP app.    The distributed nature of session control and the openness of IP protocols require attention to security that is above and beyond what we need today for the PSTN. 

To be clear, we don’t suggest that SS7 is entirely secure, and we are aware of SS7 network nodes that have been hacked.  In fact, the PSTN far from secure; anybody with a “butt set” and a little knowledge of telephone circuitry can listen in on your call.  (For those who don’t know what a “butt set” is, Google it.)    The phone network has even been fooled by something as simple as a child’s whistle found in a box of breakfast cereal.  (Thanks to David Tipping at Sonus for reminding us of the “Cap’n Crunch” debacle in his blog .)  

Fortunately for us, the good guys have become very good at thwarting the bad guys when it comes to IP security with tools such as session border controllers (SBCs) intrusion detection systems, and other security measures.  And the good guys have been able to address security in ways that can scale to orders of magnitude beyond what will be needed to address the number of voice calls that will travel over IP. 

In short, security is one issue that voice network planners will need to address.  But the good news is that planners already have effective measures in place, and they continue to develop the tools needed to meet the bad guys who will doubtless make the PSTN-to-VoIP transition with us. 

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10