Understanding Voice over IP security

Title:

Personal Author:

Johnson, Alan B.

Publication Information:

Boston, MA : Artech House, 2006

ISBN:

9781596930506

Subject Term:

Internet telephony -- Security measures

TCP/IP (Computer network protocol) -- Security measures

Added Author:

Piscitello, David M.

Available:*

Library	Item Barcode	Call Number	Material Type	Item Category 1	Status
Searching... PSZ JB	30000010106357	TK5105.8865 J63 2006	Open Access Book	Book	Searching... Unknown
Searching... PSZ JB	30000010183376	TK5105.8865 J63 2006	Open Access Book	Book	Searching... Unknown
Searching... PSZ KL	30000010128469	TK5105.8865 J63 2006	Open Access Book	Book	Searching... Unknown

The authors introduce the basics of security as they apply to Internet communication in general, and VoIP specifically, considering VoIP security from architectural, design and high-level deployment points of view. This book should enable an engineer or manager to appreciate the issues associated with VoIP.

Author Notes

Alan B. Johnston holds a B.E.(Hons) in electrical and electronic engineering from the University of Melbourne, Australia and a Ph.D. in electrical engineering from Lehigh University.

Johnston is an advisory engineer at WorldCom and an adjunct at Washington University.

050

Foreword	p. xiii
Acknowledgments	p. xvii
1 Introduction	p. 1
1.1 VoIP: A Green Field for Attackers	p. 2
1.2 Why VoIP Security Is Important	p. 3
1.3 The Audience for This Book	p. 4
1.4 Organization	p. 4
2 Basic Security Concepts: Cryptography	p. 7
2.1 Introduction	p. 7
2.2 Cryptography Fundamentals	p. 7
2.2.1 Secret Key (Symmetric) Cryptography	p. 10
2.2.2 Asymmetric (Public Key) Cryptography	p. 12
2.2.3 Integrity Protection	p. 13
2.2.4 Authenticated and Secure Key Exchange	p. 17
2.3 Digital Certificates and Public Key Infrastructures	p. 20
2.3.1 Certificate Assertions	p. 22
2.3.2 Certificate Authorities	p. 24
References	p. 27
3 VoIP Systems	p. 29
3.1 Introduction	p. 29
3.1.2 VoIP Architectures	p. 29
3.2 Components	p. 31
3.3 Protocols	p. 32
3.3.1 Session Initiation Protocol	p. 32
3.3.2 Session Description Protocol	p. 39
3.3.3 H.323	p. 42
3.3.4 Media Gateway Control Protocols	p. 44
3.3.5 Real Time Transport Protocol	p. 46
3.3.6 Proprietary Protocols	p. 46
3.4 Security Analysis of SIP	p. 48
References	p. 49
4 Internet Threats and Attacks	p. 51
4.1 Introduction	p. 51
4.2 Attack Types	p. 51
4.2.1 Denial of Service (DoS)	p. 51
4.2.2 Man-in-the-Middle	p. 56
4.2.3 Replay and Cut-and-Paste Attacks	p. 57
4.2.4 Theft of Service	p. 58
4.2.5 Eavesdropping	p. 59
4.2.6 Impersonation	p. 60
4.2.7 Poisoning Attacks (DNS and ARP)	p. 60
4.2.8 Credential and Identity Theft	p. 61
4.2.9 Redirection/Hijacking	p. 62
4.2.10 Session Disruption	p. 63
4.3 Attack Methods	p. 64
4.3.1 Port Scans	p. 64
4.3.2 Malicious Code	p. 65
4.3.3 Buffer Overflow	p. 67
4.3.5 Password Theft/Guessing	p. 69
4.3.6 Tunneling	p. 69
4.3.7 Bid Down	p. 69
4.4 Summary	p. 70
References	p. 70
5 Internet Security Architectures	p. 73
5.1 Introduction	p. 73
5.1.1 Origins of Internet Security Terminology	p. 73
5.1.2 Castle Building in the Virtual World	p. 74
5.2 Security Policy	p. 75
5.3 Risk, Threat, and Vulnerability Assessment	p. 77
5.4 Implementing Security	p. 79
5.5 Authentication	p. 80
5.6 Authorization (Access Control)	p. 82
5.7 Auditing	p. 82
5.8 Monitoring and Logging	p. 84
5.9 Policy Enforcement: Perimeter Security	p. 85
5.9.1 Firewalls	p. 86
5.9.2 Session Border Controller	p. 90
5.9.3 Firewalls and VoIP	p. 92
5.10 Network Address Translation	p. 93
5.11 Intrusion Detection and Prevention	p. 95
5.12 Honeypots and Honeynets	p. 97
5.13 Conclusions	p. 97
References	p. 98
6 Security Protocols	p. 101
6.1 Introduction	p. 101
6.2 IP Security (IPSec)	p. 103
6.2.1 Internet Key Exchange	p. 105
6.3 Transport Layer Security (TLS)	p. 107
6.4 Datagram Transport Layer Security (DTLS)	p. 111
6.5 Secure Shell (SecSH, SSH)	p. 112
6.6 Pretty Good Privacy (PGP)	p. 115
6.7 DNS Security (DNSSEC)	p. 116
References	p. 119
7 General Client and Server Security Principles	p. 121
7.1 Introduction	p. 121
7.2 Physical Security	p. 122
7.3 System Security	p. 122
7.3.1 Server Security	p. 122
7.3.2 Client OS Security	p. 124
7.4 LAN Security	p. 126
7.4.1 Policy-Based Network Admission	p. 127
7.4.2 Endpoint Control	p. 128
7.4.3 LAN Segmentation Strategies	p. 129
7.4.4 LAN Segmentation and Defense in Depth	p. 130
7.5 Secure Administration	p. 131
7.6 Real-Time Monitoring of VoIP Activity	p. 132
7.7 Federation Security	p. 132
7.8 Summary	p. 132
References	p. 133
8 Authentication	p. 135
8.1 Introduction	p. 135
8.2 Port-Based Network Access Control (IEEE 802.1x)	p. 137
8.3 Remote Authentication Dial-In User Service	p. 140
8.4 Conclusions	p. 143
References	p. 143
9 Signaling Security	p. 145
9.1 Introduction	p. 145
9.2 SIP Signaling Security	p. 146
9.2.1 Basic Authentication	p. 146
9.2.2 Digest Authentication	p. 147
9.2.3 Pretty Good Privacy	p. 152
9.2.4 S/MIME	p. 153
9.2.5 Transport Layer Security	p. 155
9.2.6 Secure SIP	p. 159
9.3 H.323 Signaling Security with H.235	p. 160
References	p. 161
10 Media Security	p. 163
10.1 Introduction	p. 163
10.2 Secure RTP	p. 164
10.3 Media Encryption Keying	p. 168
10.3.1 Preshared Keys	p. 168
10.3.2 Public Key Encryption	p. 169
10.3.3 Authenticated Key Management and Exchange	p. 170
10.4 Security Descriptions in SDP	p. 172
10.5 Multimedia Internet Keying (MIKEY)	p. 173
10.5.1 Generation of MIKEY Message by Initiator	p. 177
10.5.2 Responder Processing of a MIKEY Message	p. 183
10.6 Failure and Fallback Scenarios	p. 186
10.7 Alternative Key Management Protocol-ZRTP	p. 188
10.8 Future Work	p. 190
References	p. 190
11 Identity	p. 193
11.1 Introduction	p. 193
11.2 Names, Addresses, Numbers, and Communication	p. 193
11.2.1 E.164 Telephone Numbers	p. 194
11.2.2 Internet Names	p. 195
11.3 Namespace Management in SIP	p. 196
11.3.1 URI Authentication	p. 196
11.4 Trust Domains for Asserted Identity	p. 199
11.5 Interdomain SIP Identity	p. 202
11.5.1 SIP Authenticated Identity Body (AIB)	p. 203
11.5.2 Enhanced SIP Identity	p. 204
11.6 SIP Certificates Service	p. 209
11.7 Other Asserted Identity Methods	p. 217
11.7.1 Secure Assertion Markup Language	p. 217
11.7.2 Open Settlements Protocol and VoIP	p. 219
11.7.3 H.323 Identity	p. 219
11.7.4 Third Party Identity and Referred-By	p. 219
11.8 Privacy	p. 220
References	p. 223
12 PSTN Gateway Security	p. 225
12.1 Introduction	p. 225
12.2 PSTN Security Model	p. 225
12.3 Gateway Security	p. 227
12.3.1 Gateway Security Architecture	p. 228
12.3.2 Gateway Types	p. 229
12.3.3 Gateways and Caller ID	p. 230
12.3.4 Caller ID and Privacy	p. 231
12.3.5 Gateway Decomposition	p. 231
12.3.6 SIP/ISUP Interworking	p. 232
12.4 Telephone Number Mapping in the DNS	p. 233
References	p. 236
13 Spam and Spit	p. 237
13.1 Introduction	p. 237
13.2 Is VoIP Spam Inevitable?	p. 238
13.3 Technical Approaches to Combat E-Mail Spam	p. 240
13.3.1 Filtering Spam Using Identity Information	p. 240
13.3.2 Grey Listing	p. 241
13.3.3 Challenge/Response (Sender Verification)	p. 242
13.3.4 Distributed Checksum Filtering (DCF)	p. 242
13.3.5 Content Filtering	p. 243
13.3.6 Summary of Antispam Approaches	p. 243
13.4 VoIP and Spit	p. 243
13.5 Summary	p. 245
References	p. 246
14 Conclusions	p. 247
14.1 Summary	p. 247
14.2 VoIP Is Still New	p. 248
14.3 VoIP Endpoints Are New	p. 248
14.4 VoIP Standards Are Not Complete	p. 249
14.5 Base VoIP Security on Best Current Security Practices for Data	p. 249
14.6 VoIP Is a QoS-Sensitive Data Application	p. 250
14.7 Merging Public and Private VoIP Services Will Be Problematic	p. 250
14.8 Concluding Remarks	p. 251
Index	p. 255

Available:*

On Order

Summary

Summary

Author Notes

Table of Contents