* Security for IP telephony discussed
In my last column, I pointed to some resources for studying VoIP. Today I want to tell you about an excellent exposition of threats to VoIP from an Austrian master’s thesis.
Johann Thalhammer studied VoIP security for his dissertation submitted to the Institute for Applied Information Processing and Communications at the Graz University of Technology in Graz, Austria. Thalhammer works for BearingPoint INFONOVA in Austria: https://www.bearingpoint.at/ (Text on site mostly in German)
The entire thesis is written in excellent English – imagine writing your thesis in German! – and well worth reading in its entirety. However, readers may find the section on threats to VoIP systems particularly interesting, as I did. Thalhammer summarizes threats to VoIP as follows:
“Many threats to an IP telephony system are identical to those of any other system that is connected to the Internet. They include vulnerabilities of the network stack, of the operating system or of other services… The threats analysed here concern the business model and the protocols between the components of a H.323 IP telephony system.
“The business model is based on user subscription. Anyone who wants to use the telephony service has to be registered. The accounting is done according to the duration of the made calls. The main threat to the telephony system are people who try to call for free (also called phreaking). The following division was made to analyse possible threats:
* Manipulation of accounting data
* Direct call without the use of a GK [gatekeeper, an administration unit that provides access controls and bandwidth management for the VoIP network]
* Impersonation of an EP [endpoint, the equivalent of telephones]
* Impersonation of a GK towards a second GK
* Impersonation of the BES [administrative domain back-end service, the service interface for all the VoIP components, with information about their characteristics and permissions].”
Thalhammer explains each of these attack types in turn.
Manipulation of accounting data: Call-detail records (CDR) flow from GKs to the BES. A man-in-the-middle attack could allow interception of CDRs and modification to misrepresent call duration. Thalhammer writes, “This exploit can be avoided by peer entity authentication in combination with data integrity.”
Direct call without use of the GK: Since every endpoint on a single VoIP network can theoretically connect to every other endpoint directly, it is possible to bypass the GKs and thus avoid any record of a call. Traffic that attempts to cross network boundaries without passing through GKs can be controlled through firewalls: “To prevent abuse on bigger networks, gateways that only allow call signaling traffic from GKs to pass have to be applied.”
Endpoint impersonation: Thalhammer analyzes the four classes of exploit for breaches of authenticity on the VoIP network. These classes are defined by the steps in the call negotiation protocol and are too detailed for this brief summary. Effective identification and authentication methods should make such exploits more expensive for the attacker. See pages 63-64 of the thesis.
Gatekeeper impersonation: If GK equipment were unregistered and unauthenticated, it would be possible for a rogue GK to initiate a call between two EPs even though there was no authorization for service. As in the other cases, registration of GKs and appropriate application of cryptographic authentication should make such fraud more difficult to achieve.
There is much more of interest in the thesis, and I hope that interested readers will find it valuable.
I was able to reach Thalhammer and he pointed me to additional VoIP research that he has published. Danke sehr! (Thank you very much.)
The thesis can be found here, in PDF: https://tinyurl.com/bfzez




