Author: |
吳烱毅 Chiung-Yi Wu |
---|---|
Thesis Title: |
VoIPS: 語音通話安全加密解決方案 VoIPS: VoIP Secure encryption solution |
Advisor: |
李漢銘
Hahn-Ming Lee |
Committee: |
鮑興國
Hsing-Kuo Pao 鄧惟中 Wei-Chung Teng 鄭博仁 none 林豐澤 none |
Degree: |
碩士 Master |
Department: |
電資學院 - 資訊工程系 Department of Computer Science and Information Engineering |
Thesis Publication Year: | 2012 |
Graduation Academic Year: | 100 |
Language: | 英文 |
Pages: | 71 |
Keywords (in Chinese): | VoIP 、AES 、SIP 、embedded system |
Keywords (in other languages): | VoIP, AES, SIP, embedded system |
Reference times: | Clicks: 525 Downloads: 1 |
Share: |
School Collection Retrieve National Library Collection Retrieve Error Report |
1995 年VoIP(Voice over IP)技術提出後,後續各項通訊協議與相關網際網路技術不斷地提昇造就了VoIP 在應用普及率也開始帶動往上增加。
VoIP 運作架構為位於資料網路上的兩個端點,前端傳送方將類比語音輸入轉換成數位訊號並轉譯成封包傳送至網路上另一端的接收者。 VoIP 技術允許企業透過資料網路傳輸語音訊息,主要優勢在於系統靈活性和理想成本導向不論對於消費者個人或組織本身,不管你在那個角落只需擁有普遍的基本寬頻連線即可和位於世界上另一端的人們進行溝通。然而,VoIP 同樣面臨到和網際網路相同的問題-網路上充斥著常見的各類型惡意威脅和通訊協定弱點與作業平台漏洞三者所衍生的相關資安議題。
根據VoIPSA(VoIP Security Alliance)提出的威脅分類白皮書我們總結出在VoIP 網路上頇注意的安全問題即在於沒有一個完全妥善的安全機制來對付諸如監聽、截取修改、對話重建等等諸多威脅,目前己經有相關的VoIP 安全協定機制和規範標準制定,上述標準與協定對於語音加密所帶來的額外標頭與頻寬消耗,另外還有無法進行NAT 透通達到服務可用性,皆是無法滿足現行商用市場。
因此,在本文中提出一個輕量化演算法並實際開發概念式硬體平台來進行評估和驗證以滿足市場需求。
VoIP was proposed in 1995 and subsequently popularity rate is getting rise based
on the promotion on various protocol agreements and relevant internet technologies.
The architecture of VoIP is that two endpoints within the same data network that
frontend will translates analog voice signals into a stream of digitized packets and
sends them to recipients over data network. VoIP technologies allow enterprises
transfer the voice data through the data network, the key advantages of VoIP are
flexibility and ideal cost-effective orientation for individual users and corporations
across the world for communication once people have the basis of ubiquitous
broadband connectivity that no matter how whereabouts. However, VoIP would
definitely encounter the complications which occurred on internet for the same-
There are full of a variety of malicious threats are extraordinarily common over the
net, and same for its vulnerabilities and weakness on protocol and operating platform.
Hence, mentioned aforesaid that conduct the derivative security subjects.
According to threat taxonomy which defined by VoIPSA (VoIP Security
Alliance) on 2005, we conclude that the significant security issues are based on there
is no well-arranged mechanism to address such as eavesdropping, interception and
modification or conversation construction even though there has several secure
protocol mechanism and compliance standard were released.
However, above standards and protocols for voice encryption it brings the
additional overheads and bandwidth consumption, also for it can not provide the
capability of NAT traversal with satisfy the service availability, all can not meet the
commercial market.
Hence, in this paper we propose a lightweight algorithm and develop a
conceptual hardware platform for evaluation and validation to meet market demand.
[1] H. Schulzrinne and H. Schulzrinne and J. Rosenberg. “A Comparison of SIP
and H.323 for Internet,” In Proc. International Workshop on Network and
Operating System Support for Digital Audio and Video (NOSSDAV), 83-86,
1998.
[2] H. Schulzrinne, S. Casner, R. Frederick,V. Jacobson, “RTP: Transport
Protocol for Real-Time Applications,” RFC 3550 (Standard), 2003.
[3] M. Handley, H. Schulzrinne, E. Schooler, J.Rosenberg, “SIP: session
initiation protocol,” RFC 2543, IETF, 1999.
[4] A. D Keromytis, “Voice over IP Security: Research and Practice,” IEEE
Security & Privacy Magazine, Volume 8, pp. 76-78, 2010
[5] A.D Keromytis, “Voice over IP: Risks, Threat and Vulnerabilities,” in
Proceedings of the Cyber Infrastructure Protection (CIP) Conference, 2009.
[6] Prateek Gupta, Vitaly Shmatikov, “Security Analysis of Voice-over-IP
Protocols,” csf pp.49-63, 20th IEEE Computer Security Foundations
Symposium (CSF’07), 2007.
[7] D. Richard Kuhn, Thomas J. Walsh and Steffen Fries, “Security
Considerations for Voice Over IP Systems,” Community Contributions, 2005.
[8] M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, “The
Secure Real-time Transport Protocol (SRTP),” IETF RFC 3711, 2004.
[9] P. Zimmermann, A. Johnston, and J. Callas, “ZRTP: Extensions
to RTP for Diffie-Hellman Key Agreement for SRTP,” 2006.
[10] F. Andreasen, M. Baugher, and D. Wing, “Session Description Protocol (SDP)
Security Descriptions for Media Streams,” IETF RFC 4568, 2006.
[11] J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman, “MIKEY:
Multimedia Internet KEYing,” IETF RFC 3830, 2004.
[12] A.L. Alexander, A.L. Wijesinha, R. Karne, “An Evaluation of Secure
Real-time Transport Protocol (SRTP) Performance for VoIP,” IEEE, 2009.
[13] M Petraschek, T Hoeher, O Jung, H Hlavacs, “Security and Usability Aspects
of Man-in-the-Middle Attacks on ZRTP,” Journal of Universal Computer
Science, vol. 14, no. 5 pp. 673-692, 2008.
[14] A.D. Keromytis, “A Comprehensive Survey of Voice over IP Security
Research,” Security in Computing and Networking Systems: The
State-of-the-Art, Wiley & Sons, 2010.
[15] R. Zhang, X. Wang, R. Farley, X. Yang, and X. Jiang, “On the feasibility of
launching the man-in-the-middle attacks on VoIP from remote attackers,”
In ASIACCS ’09: Proceedings of the 4th International Symposium on
Information, Computer, and Communications Security, pages 61–69, ACM,
2009.
[16] E. Eliasson, “Secure Internet Telephony: Design, Implementation, and
Performance Measurements,” Telecommunication Systems Laboratory,
Electronic, Computer and Software Systems. Royal Institute of Technology,
2006.
[17] S. A. Baset, “Protocols and System Design, Reliability, and Energy Efficiency
in Peer-to-Peer Communication Systems,” Department of Computer Science,
Columbia University, 2011.
[18] S. A. Baset and H. Schulzrinne, “Reliablity and Relay Selection in
Peer-to-Peer Communication Systems,” In Proc. of IPTCOMM, 2010.
[19] P. Radmand and A. Talevski, "Impact of encryption on QoS in VoIP," in Proc
of 2nd IEEE International Conference on Information Privacy, Security, Risk
and Trust (PASSAT), 2010.
[20] P. Radman, J. Singh and M. Domingo, J. Arnedo and A. Talevski, “VoIP:
Making Secure Calls and Maintaining High Call Quality,” in Proceedings of
the 8th International Conference on Advances in Mobile Computing and
Multimedia, 2010.
[21] VoIP Security Alliance, “VoIP Security and Privacy Threat Taxonomy
version 1.0,” 2005.
[22] AES home page: http://www.nist.gov/aes.
[23] D. Geneiatakis, T. Dagiuklas, G. Kambourakis, C. Lambrinoudakis, S.
Gritzalis, K. Ehlert, and D. Sisalem, “Survey of security vulnerabilities in
session initiation protocol,” Communications Surveys & Tutorials, IEEE, vol.
8 pp. 68-81, 2006.
[24] D. Geneiatakis, G. Kambourakis, C. Lambrinoudakis, T. Dagiuklas, and S.
Gritzalis, “A framework for protecting a SIP-based infrastructure against
malformed message attacks,” Computer Networks, vol. 51 pp. 2580-2593,
2007.
[25] D. Geneiatakis, N. Vrakas, and C. Lambrinoudakis, “Utilizing bloom filters
for detecting flooding attacks against SIP based services,” Computers &
Security, vol. 28 pp. 578-591, 2009,.
[26] S. Ehlert, D. Geneiatakis, and T. Magedanz, “Survey of network security
systems to counter SIP-based denial-of-service attacks,” Computers &
Security, vol. 29 pp. 225-243, 2010.
[27] D. C. Sicker and T. Lookabaugh, “VoIP security: Not an afterthought,” Queue,
2(6):56–64, 2004.
[28] S. R. Faulk, “Software requirements: A tutorial. Technical report,” Center for
High Assurance Computer Systems, 1995.
[29] F. Cao and S. Malik. “Vulnerability analysis and best practices for adopting IP
telephony in critical infrastructure sectors,” Communications Magazine, 44(4),
Pages 138-145, 2006.
[30] J. Arkko, V. Torvinen, G. Camarillo, A. Niemi and T. Haukka. “Security
Mechanism Agreement for the Session Initiation Protocol (SIP),” RFC 3329,
IETF, 2003.
[31] R. Zhang, X. Wang, X. Yang, X. Jiang. “Billing Attacks on SIP-Based VoIP
Systems.,” In Proceedings of the First USENIX Workshop on Offensive
Technologies (WOOT 2007), 2007.
[32] X. Wang, R. Zhang, X. Yang, X. Jiang, D. Wijesekera, “Voice Pharming
Attack and the Trust of VoIP,” In Proceedings of 4th International Conference
on Security and Privacy in Communication Networks, 2008.
[33] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R.
Sparks, M Handley and E. Schooler, “SIP: Session Initiation Protocol,” RFC
3261, IETF, 2002.
[34] Fadi El-Moussa, Parmindher Mudhar, Andy Jones, “Overview of SIP Attacks
and Countermeasures,” In Proceedings of ISDF'2009. pp.82~91,2009
[35] Eun-Jun Yoon, Kee-Young Yoo, Cheonshik Kim, You-Sik Hong, Minho Jo d,
Hsiao-Hwa Chen, “A secure and efficient SIP authentication scheme for
converged VoIP networks,” Computer Communications, pp. 1674-1681,
2010.
[36] Lorch, M., Basney, J., Kafura, “A hardware-secured credential repository for
Grid PKIs,” IEEE International Symposium on Cluster Computing and the
Grid, CCGrid, 2004.
[37] Nechvatal, J. Barker, E., Bassham, L., Burr, W., Dworkin, M., Foti, J.,
Roback, “Report on the Development of the Advanced Encryption Standard
(AES),” Journal of Research of the National Institute of Standards and
Technology, 2001.
[38] Dworkin, M, “Recommendation for Block Cipher Modes of Operation
Methods and Techniques,” NIST Special publication 800-38A, 2001.
[39] M. Bellare, J. Kilian and P. Rogaway, “The Security of the Cipher Block
Chaining Message Authentication Code,” Crypto 94 Proceedings Lecture
Notes in Computer Science Vol. 839, 1994.
[40] D. Geneiatakis and A. D. Keromytis, “Towards a Forensic Analysis for
Multimedia Communication Services,” Advanced Information Networking
and Applications (WAINA), 2011.