Basic Search / Detailed Display

Author: 吳烱毅
Chiung-Yi Wu
Thesis Title: VoIPS: 語音通話安全加密解決方案
VoIPS: VoIP Secure encryption solution
Advisor: 李漢銘
Hahn-Ming Lee
Committee: 鮑興國
Hsing-Kuo Pao
鄧惟中
Wei-Chung Teng
鄭博仁
none
林豐澤
none
Degree: 碩士
Master
Department: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
Thesis Publication Year: 2012
Graduation Academic Year: 100
Language: 英文
Pages: 71
Keywords (in Chinese): VoIPAESSIPembedded system
Keywords (in other languages): VoIP, AES, SIP, embedded system
Reference times: Clicks: 280Downloads: 1
Share:
School Collection Retrieve National Library Collection Retrieve Error Report
  • 1995 年VoIP(Voice over IP)技術提出後,後續各項通訊協議與相關網際網路技術不斷地提昇造就了VoIP 在應用普及率也開始帶動往上增加。
    VoIP 運作架構為位於資料網路上的兩個端點,前端傳送方將類比語音輸入轉換成數位訊號並轉譯成封包傳送至網路上另一端的接收者。 VoIP 技術允許企業透過資料網路傳輸語音訊息,主要優勢在於系統靈活性和理想成本導向不論對於消費者個人或組織本身,不管你在那個角落只需擁有普遍的基本寬頻連線即可和位於世界上另一端的人們進行溝通。然而,VoIP 同樣面臨到和網際網路相同的問題-網路上充斥著常見的各類型惡意威脅和通訊協定弱點與作業平台漏洞三者所衍生的相關資安議題。
    根據VoIPSA(VoIP Security Alliance)提出的威脅分類白皮書我們總結出在VoIP 網路上頇注意的安全問題即在於沒有一個完全妥善的安全機制來對付諸如監聽、截取修改、對話重建等等諸多威脅,目前己經有相關的VoIP 安全協定機制和規範標準制定,上述標準與協定對於語音加密所帶來的額外標頭與頻寬消耗,另外還有無法進行NAT 透通達到服務可用性,皆是無法滿足現行商用市場。
    因此,在本文中提出一個輕量化演算法並實際開發概念式硬體平台來進行評估和驗證以滿足市場需求。


    VoIP was proposed in 1995 and subsequently popularity rate is getting rise based
    on the promotion on various protocol agreements and relevant internet technologies.
    The architecture of VoIP is that two endpoints within the same data network that
    frontend will translates analog voice signals into a stream of digitized packets and
    sends them to recipients over data network. VoIP technologies allow enterprises
    transfer the voice data through the data network, the key advantages of VoIP are
    flexibility and ideal cost-effective orientation for individual users and corporations
    across the world for communication once people have the basis of ubiquitous
    broadband connectivity that no matter how whereabouts. However, VoIP would
    definitely encounter the complications which occurred on internet for the same-
    There are full of a variety of malicious threats are extraordinarily common over the
    net, and same for its vulnerabilities and weakness on protocol and operating platform.
    Hence, mentioned aforesaid that conduct the derivative security subjects.
    According to threat taxonomy which defined by VoIPSA (VoIP Security
    Alliance) on 2005, we conclude that the significant security issues are based on there
    is no well-arranged mechanism to address such as eavesdropping, interception and
    modification or conversation construction even though there has several secure
    protocol mechanism and compliance standard were released.
    However, above standards and protocols for voice encryption it brings the
    additional overheads and bandwidth consumption, also for it can not provide the
    capability of NAT traversal with satisfy the service availability, all can not meet the
    commercial market.
    Hence, in this paper we propose a lightweight algorithm and develop a
    conceptual hardware platform for evaluation and validation to meet market demand.

    Abstract ....................................................................................II Acknowledgements ................................................................. V Contents ................................................................................. VI LIST OF FIGURES AND TABLES ................................ VIII Chapter 1 Introduction ......................................................... 1 1.1 Brief to VoIP (Voice Over IP) ................................................................ 1 1.2 Challenges ............................................................................................... 5 1.3 Motivations ............................................................................................. 7 1.4 Goals ....................................................................................................... 9 1.5 The outline of thesis ................................................................................ 9 Chapter 2 Background and Related Work ...................... 11 2.1 The security issues to present VoIP environment ................................. 12 2.2 Related work ......................................................................................... 14 Chapter 3 VoIPS(VoIP Secure) ......................................... 22 3.1 Concept of VoIP Secure (VoIPS) ......................................................... 24 3.2 The system architecture of VoIPS ........................................................ 29 Chapter 4 Experiments ....................................................... 35 4.1 Algorithm effectiveness ........................................................................ 36 4.2 System usability .................................................................................... 38 4.3 Hardware implementation and performance ......................................... 43 Chapter 5 Conclusion and Further Work ........................ 49 5.1 Conclusion ............................................................................................ 49 5.2 Further work .......................................................................................... 50 References ............................................................................... 52 Vita .......................................................................................... 56

    [1] H. Schulzrinne and H. Schulzrinne and J. Rosenberg. “A Comparison of SIP
    and H.323 for Internet,” In Proc. International Workshop on Network and
    Operating System Support for Digital Audio and Video (NOSSDAV), 83-86,
    1998.
    [2] H. Schulzrinne, S. Casner, R. Frederick,V. Jacobson, “RTP: Transport
    Protocol for Real-Time Applications,” RFC 3550 (Standard), 2003.
    [3] M. Handley, H. Schulzrinne, E. Schooler, J.Rosenberg, “SIP: session
    initiation protocol,” RFC 2543, IETF, 1999.
    [4] A. D Keromytis, “Voice over IP Security: Research and Practice,” IEEE
    Security & Privacy Magazine, Volume 8, pp. 76-78, 2010
    [5] A.D Keromytis, “Voice over IP: Risks, Threat and Vulnerabilities,” in
    Proceedings of the Cyber Infrastructure Protection (CIP) Conference, 2009.
    [6] Prateek Gupta, Vitaly Shmatikov, “Security Analysis of Voice-over-IP
    Protocols,” csf pp.49-63, 20th IEEE Computer Security Foundations
    Symposium (CSF’07), 2007.
    [7] D. Richard Kuhn, Thomas J. Walsh and Steffen Fries, “Security
    Considerations for Voice Over IP Systems,” Community Contributions, 2005.
    [8] M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, “The
    Secure Real-time Transport Protocol (SRTP),” IETF RFC 3711, 2004.
    [9] P. Zimmermann, A. Johnston, and J. Callas, “ZRTP: Extensions
    to RTP for Diffie-Hellman Key Agreement for SRTP,” 2006.
    [10] F. Andreasen, M. Baugher, and D. Wing, “Session Description Protocol (SDP)
    Security Descriptions for Media Streams,” IETF RFC 4568, 2006.
    [11] J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman, “MIKEY:
    Multimedia Internet KEYing,” IETF RFC 3830, 2004.
    [12] A.L. Alexander, A.L. Wijesinha, R. Karne, “An Evaluation of Secure
    Real-time Transport Protocol (SRTP) Performance for VoIP,” IEEE, 2009.
    [13] M Petraschek, T Hoeher, O Jung, H Hlavacs, “Security and Usability Aspects
    of Man-in-the-Middle Attacks on ZRTP,” Journal of Universal Computer
    Science, vol. 14, no. 5 pp. 673-692, 2008.
    [14] A.D. Keromytis, “A Comprehensive Survey of Voice over IP Security
    Research,” Security in Computing and Networking Systems: The
    State-of-the-Art, Wiley & Sons, 2010.
    [15] R. Zhang, X. Wang, R. Farley, X. Yang, and X. Jiang, “On the feasibility of
    launching the man-in-the-middle attacks on VoIP from remote attackers,”
    In ASIACCS ’09: Proceedings of the 4th International Symposium on
    Information, Computer, and Communications Security, pages 61–69, ACM,
    2009.
    [16] E. Eliasson, “Secure Internet Telephony: Design, Implementation, and
    Performance Measurements,” Telecommunication Systems Laboratory,
    Electronic, Computer and Software Systems. Royal Institute of Technology,
    2006.
    [17] S. A. Baset, “Protocols and System Design, Reliability, and Energy Efficiency
    in Peer-to-Peer Communication Systems,” Department of Computer Science,
    Columbia University, 2011.
    [18] S. A. Baset and H. Schulzrinne, “Reliablity and Relay Selection in
    Peer-to-Peer Communication Systems,” In Proc. of IPTCOMM, 2010.
    [19] P. Radmand and A. Talevski, "Impact of encryption on QoS in VoIP," in Proc
    of 2nd IEEE International Conference on Information Privacy, Security, Risk
    and Trust (PASSAT), 2010.
    [20] P. Radman, J. Singh and M. Domingo, J. Arnedo and A. Talevski, “VoIP:
    Making Secure Calls and Maintaining High Call Quality,” in Proceedings of
    the 8th International Conference on Advances in Mobile Computing and
    Multimedia, 2010.
    [21] VoIP Security Alliance, “VoIP Security and Privacy Threat Taxonomy
    version 1.0,” 2005.
    [22] AES home page: http://www.nist.gov/aes.
    [23] D. Geneiatakis, T. Dagiuklas, G. Kambourakis, C. Lambrinoudakis, S.
    Gritzalis, K. Ehlert, and D. Sisalem, “Survey of security vulnerabilities in
    session initiation protocol,” Communications Surveys & Tutorials, IEEE, vol.
    8 pp. 68-81, 2006.
    [24] D. Geneiatakis, G. Kambourakis, C. Lambrinoudakis, T. Dagiuklas, and S.
    Gritzalis, “A framework for protecting a SIP-based infrastructure against
    malformed message attacks,” Computer Networks, vol. 51 pp. 2580-2593,
    2007.
    [25] D. Geneiatakis, N. Vrakas, and C. Lambrinoudakis, “Utilizing bloom filters
    for detecting flooding attacks against SIP based services,” Computers &
    Security, vol. 28 pp. 578-591, 2009,.
    [26] S. Ehlert, D. Geneiatakis, and T. Magedanz, “Survey of network security
    systems to counter SIP-based denial-of-service attacks,” Computers &
    Security, vol. 29 pp. 225-243, 2010.
    [27] D. C. Sicker and T. Lookabaugh, “VoIP security: Not an afterthought,” Queue,
    2(6):56–64, 2004.
    [28] S. R. Faulk, “Software requirements: A tutorial. Technical report,” Center for
    High Assurance Computer Systems, 1995.
    [29] F. Cao and S. Malik. “Vulnerability analysis and best practices for adopting IP
    telephony in critical infrastructure sectors,” Communications Magazine, 44(4),
    Pages 138-145, 2006.
    [30] J. Arkko, V. Torvinen, G. Camarillo, A. Niemi and T. Haukka. “Security
    Mechanism Agreement for the Session Initiation Protocol (SIP),” RFC 3329,
    IETF, 2003.
    [31] R. Zhang, X. Wang, X. Yang, X. Jiang. “Billing Attacks on SIP-Based VoIP
    Systems.,” In Proceedings of the First USENIX Workshop on Offensive
    Technologies (WOOT 2007), 2007.
    [32] X. Wang, R. Zhang, X. Yang, X. Jiang, D. Wijesekera, “Voice Pharming
    Attack and the Trust of VoIP,” In Proceedings of 4th International Conference
    on Security and Privacy in Communication Networks, 2008.
    [33] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R.
    Sparks, M Handley and E. Schooler, “SIP: Session Initiation Protocol,” RFC
    3261, IETF, 2002.
    [34] Fadi El-Moussa, Parmindher Mudhar, Andy Jones, “Overview of SIP Attacks
    and Countermeasures,” In Proceedings of ISDF'2009. pp.82~91,2009
    [35] Eun-Jun Yoon, Kee-Young Yoo, Cheonshik Kim, You-Sik Hong, Minho Jo d,
    Hsiao-Hwa Chen, “A secure and efficient SIP authentication scheme for
    converged VoIP networks,” Computer Communications, pp. 1674-1681,
    2010.
    [36] Lorch, M., Basney, J., Kafura, “A hardware-secured credential repository for
    Grid PKIs,” IEEE International Symposium on Cluster Computing and the
    Grid, CCGrid, 2004.
    [37] Nechvatal, J. Barker, E., Bassham, L., Burr, W., Dworkin, M., Foti, J.,
    Roback, “Report on the Development of the Advanced Encryption Standard
    (AES),” Journal of Research of the National Institute of Standards and
    Technology, 2001.
    [38] Dworkin, M, “Recommendation for Block Cipher Modes of Operation
    Methods and Techniques,” NIST Special publication 800-38A, 2001.
    [39] M. Bellare, J. Kilian and P. Rogaway, “The Security of the Cipher Block
    Chaining Message Authentication Code,” Crypto 94 Proceedings Lecture
    Notes in Computer Science Vol. 839, 1994.
    [40] D. Geneiatakis and A. D. Keromytis, “Towards a Forensic Analysis for
    Multimedia Communication Services,” Advanced Information Networking
    and Applications (WAINA), 2011.

    QR CODE