Voice Over InternetWorking Protocol (VOIP) Technical Brief

Comment: Several years ago, I was the leader of an operationalized telecommunication cell. The purpose of the cell was to monitor the effectiveness and readiness of the telecommunications in support of the ongoing operations. The staff regularly turned over due to the operational tempo and I had to train new staff quickly. I did so by preparing a series of technical briefs on topics the cell dealt with. This brief discuss VOIP and its potential vulnerabilities.

Voice Over InternetWorking Protocol (VOIP) 

VOIP is the set of standards that defines management of voice signals sent over the Internet. The principle difference between VOIP and the traditional phone systems is that VOIP transmits using discrete digital packets instead of analog signals.

There are many technical challenges to making VoIP work effectively that focus on bandwidth, timing of the voice digital packets, order of packet arrival, and extra packets resulting from network flooding. These challenges could reduce the effectiveness of the technology when operating over longer distances but are minimized when operating shorter distances. Hence, VOIP is on classic LANs and tends to remain localized. In order to achieve broad area communications the VOIP technology makes use of the Public Switched Telephone Networks, PTSN.  A VOIP server acts as a gateway between the LAN and the PSTN, Figure 1. There are pure VOIP network that are completely TCP/IP but the long distance transmissions are trunked into a TCP/IP carrier such as a T1 or some other point-to-point TCP/IP based trunk.

Figure 1: VOIP System use of PSTN
Source: Wallingford, T. (2005) Switching to VOIP. (1st e.d.) O'Reilly Media: USA,  p 29.

Vulnerabilities:  Many of the same threats that affect computer networks also affect VoIP. The Denial-of-Service (DoS) attacks prevent access to computer network resources including VoIP and typically overwhelm network services by choking transmissions. Some DoS attacks include:

• Application DoS Attack: The goal of this type of attack is to prevent users from accessing a network services by forcing the service to fulfill overwhelming transactions. Also known as spamming. For example, flooding a web server with service request.
• Network DoS Attack: An attack that sends large amounts of data overwhelming the victim network infrastructure. A ping flood attack is one example.
• Transport DoS Attack: This attack targets the operating system by sending an excessive number of connection requests causing the system to lockup.
• Man-in-the-Middle Attacks require access to the victim network either by ‘tapping’ a physical path on the network or reception of radio frequency traffic. Some of these attack include:
• Manipulation: The ability to collect, modify, and then re-transmit modified data.
• Eavesdropping: Illicit unauthorized receipt of a data communication stream for the purpose of analyzing and monitoring.
• ARP Poisoning: The ability to force network traffic through a malicious machine by associating the hostile machines MAC address with the legitimate machines IP address thus impostering the victim.
• Packet Spoofing: Impostering of a legitimate user. This is often automated and user level access is not available.
• Replay: The retransmission of a genuine message so that the device receiving the message can reprocess it.

VoIP, in general, is vulnerable to two categories of threats, internal and external. External threats, such as DoS and Man-in-the-middle attacks, are by a third party who is outside the VoIP conversation. VoIP conversations are most susceptible to these external threats when the packets are traversing the Internet or untrustworthy networks and devices. Internal threats are more complicated and originate from a VoIP conversation participants. They violate a trust relationship from behind a firewall and expose the system to a number of threats. Some examples of internal threats are listed below:

• Trivial File Transfer Protocol (TFTP) eavesdropping is a risk of VoIP. Normally, TFTP is used to transmit system maintenance files unencrypted. Exploitation of this feature exposes the system to delivery firmware that opens vulnerabilities to enumerate the computer network.
• Some systems use dynamically assigned IP addresses. A vulnerability of impostering a legitimate user, known as IP spoofing, could exist. Also the server that assigns dynamic IPs or the Dynamic Host Configuration Protocol (DHCP) server may be exposed to common network attacks.
• VoIP conversations are inserted into Real-time Transport Protocol (RTP) media stream to manage the conversation and overcome some of the VoIP technical challenges. This opens an opportunity for exploitation since the conversation is unencrypted unless a virtual private network (VPN) is installed protecting the conversation.
• Telnet could allow access to the system if not disabled on the end user machines.

Overall, VOIP offers some benefits and some vulnerabilities. In comparison to the traditional phone system operating under Signaling System Seven, SS7, on Public  Switched Telephone Networks, PSTN, VOIP is lower cost but does not provide the long distance reliability of the PSTN in most cases unless dedicated and costly point-to-point TCP/IP based trunks are provided. 

References

Wallingford, T. (2005) Switching to VOIP. (1st e.d.) O'Reilly Media: USA,  p 29.