Layer-based VoIP Security (1)

The combination of communication services and IP networks, especially the Internet, is a natural process that continues to develop along with the generation of e-Mail and instant messages. VoIP-transmitting voice over packet-switched IP networks-is one of the most important trends in the telecom field. The rapid development of VoIP networks has two important factors: the transformation from traditional telephones to VoIP networks reduces costs and allows new services and applications (video transmission, conferences, and so on) join the standard telephone service.

For the same purpose, VoIP has a completely different architecture than traditional telephones. In a VoIP network, audio and signals are mixed and transmitted in the same LAN, Wan, or Internet as normal data, in the traditional telephone network, each session maintains a private, physical circuit and occupies an exclusive Channel. VoIP speech is a common IP data, but it is no different from traditional telephone in terms of service quality and practicality.

With the continuous development of technology, VoIP faces many new security risks and the probability of being attacked is also greatly increased. Due to the characteristics of the network and telephone, VoIP will suffer from comprehensive security problems. Traditional telephone security problems include signaling attacks and theft of telephone lines. In contrast, a VoIP network attacks specific protocols. They have only one primary objective: deception. From the physical layer to the application layer, it is related to VoIP security issues. Transmitting voice data over the Internet with low security and reliability increases the possibility of attacks and leads to more attacks.

Voice over IP features

When studying VoIP Security, many people often equate it with general network applications. This common phenomenon is actually very wrong. They are not aware of the essential difference between VoIP and other network applications-the time sensitivity of VoIP.

VoIP has extremely strict technical requirements. It is not only sensitive to latency requirements, but also requires an effective mechanism to fully guarantee the quality of service. When the latency exceeds 3% ms or the packet loss rate exceeds, the call quality will be greatly affected. In addition, with congestion and other unpredictable factors, we can infer that the biggest weakness of VoIP is that it is highly sensitive to interference.

DoS attacks are widely known as interference attacks. Attacks against VoIP (such as sending a large number of specially constructed packets) will cause denial-of-service (DoS) attacks on VoIP devices. When the SIP terminal processes large volumes of data, the system may stop responding or crash.

Voice over IP architecture

VoIP uses two types of protocols similar to standard telephone communication, namely, signaling protocol and media transfer protocol. Currently, there are two types of VoIP structures widely used around the world, namely, the H.323 structure and the SIP structure.

H.323 is a standard set by the International Telecommunications Union (ITU) to transmit audio and video over a packet-based network. H.323 is actually an encapsulation standard. It encapsulates H.225, H.245, and other standards. Each Protocol plays a specific role in the call establishment process. H.323 uses the RTP protocol as the standard media transfer protocol. H.323 defines four logical components: terminal, gateway, keeper, and multi-point control unit (MCU ).

SIP is a protocol established by the Internet Engineering team (IETF) to initiate two-way communication sessions. It is an application-layer control protocol used to create, modify, and terminate sessions with one or more participants. SIP is text-based and has a similar structure as HTTP. The client sends a request and sends it to the server. After the server processes the request, it sends a response to the client. The request and response form a transaction. SIP can run on TCP, UDP, or SCTP.

The structure of the SIP network (see Figure 1) is different from that of H.323. A sip network consists of endpoints, proxies, or redirection servers, locating servers, and registration servers. The registration server and location server can also run on the proxy server.

The method discussed in this article is the hierarchical method, which is based on the following two reasons: first, for the TCP/IP protocol stack and the VoIP SIP protocol architecture, some layers can be seen as similar. There is a strong similarity between the initial phase of a SIP Session and the three-way handshake of TCP, which is often cited in many professional documents such as [7]. Second, the source-based layered method can be used to quickly find a security threat solution and restrict the attack to a specific layer structure so that the search space of the initial solution can be reduced to this layer, therefore, it is easier to find answers to questions. Generally, problems originating from a certain layer can be solved in this layer. The following content will focus on two VoIP layers: The signaling protocol layer and the transport protocol layer.