Uploaded byronak56
DOCX, PDF23 views

AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx

This document discusses the advantages of Voice over Internet Protocol (VoIP) and highlights the security challenges faced by organizations in adopting VoIP cloud environments. It proposes a novel security framework called Intrusion Prevention System (IPS) utilizing techniques such as video watermarking and liveness voice detection to combat security threats. The paper also reviews existing VoIP cloud architecture, identifies various security issues and attacks, and suggests defense mechanisms to enhance VoIP security.

Download to read offline
Abstract Voice over Internet Protocol (VoIP) is an advanced telecommunication technology which transfers the voice/video over high speed network that provides advantages of flexibility, reliability and cost efficient advanced telecommunication features. Still the issues related to security are averting many organizations to accept VoIP cloud environment due to security threats, holes or vulnerabilities. So, the novel secured framework is absolutely necessary to prevent all kind of VoIP security issues. This paper points out the existing VoIP cloud architecture and various security attacks and issues in the existing framework. It also presents the defense mechanisms to prevent the attacks and proposes a new security framework called Intrusion Prevention System (IPS) using video watermarking and extraction technique and Liveness Voice Detection (LVD) technique with biometric features such as face and voice. IPSs updated with new LVD features protect the VoIP services not only from attacks but also from misuses. A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud Ashutosh Satapathy* and L. M. Jenila Livingston School of Computing Science and Engineering, VIT University, Chennai - 600127, Tamil Nadu, India; [email protected], [email protected] Keywords: Defense Mechanisms, Liveness Voice Detection, VoIP Cloud, Voice over Internet Protocol, VoIP Security Issues
1. Introduction The rapid progress of VoIP over traditional services is led to a situation that is common to many innovations and new technologies such as VoIP cloud and peer to peer services like Skype, Google Hangout etc. VoIP is the technology that supports sending voice (and video) over an Internet protocol-based network1,2. This is completely different than the public circuit-switched telephone net- work. Circuit switching network allocates resources to each individual call and path is permanent throughout the call from start to end. Traditional telephony services are provided by the protocols/components such as SS7, T carriers, Plain Old Telephone Service (POTS), the Public Switch Telephone Network (PSTN), dial up, local loops and anything under International Telecommunication Union. IP networks are based on packet switching and each packet follows different path, has its own header and is forwarded separately by routers. VoIP network can be constructed in various ways by using both proprietary protocols and protocols based on open standards. 1.1 VoIP Layer Architecture VoIP communication system typically consist of a front end platform (soft-phone, PBX, gateway, call manager), back end platform (server, CPU, storage, memory, net- work) and intermediate platforms such as VoIP protocols, database, authentication server, web server, operating sys- tems etc. It is mainly divided into five layers as shown in Figure1. 1.2 VoIP Cloud Architecture VoIP cloud is the framework for delivering telephony services in which resources are retrieved from the cloud data center through web applications and soft- ware, instead of a direct link to server3. Information and applications are stored on cloud servers in a distributed
fashion. Apart from cloud computing characteristics such as on demand service, resource pooling, opti- mize resource allocation, pay as you go, elasticity and scalability4,5, VoIP cloud contains mainly six components as shown in Figure 2. *Author for correspondence Indian Journal of Science and Technology, Vol 9(6), DOI: 10.17485/ijst/2016/v9i6/81980, February 2016 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud Indian Journal of Science and Technology2 Vol 9 (6) | February 2016 | www.indjst.org 1.2.2 DHCP Server It is used for dynamically distributing network configu- ration parameters such as Internet Protocol (IP) address, address of TFTP server etc. 1.2.3 Application Server These servers are designed to install, host and operate applications and provide services to end users, IT industries and organizations. 1.2.4 Time Server The main principle of time server is to maintain syn- chronization over the network. The actual time from server clock is distributed to its clients using a computer
network. 1.2.5 TFTP Server It helps to update the network configuration used by the phones, routers, firewalls and perhaps provide a setting file that might contain operational parameters for VoIP network. e.g., software updates, codec used in a particular region. 1.2.6 Intrusion Prevention System (IPS) It monitors networks and systems behavior for malicious instances. The major roles of intrusion prevention sys- tems are to find out suspicious instances and their log information, try to block/stop them and report to con- cern admin. 2. Literature Review VoIP technology was started in February 1995 by Vocaltec, Inc. in Israel. It transfers the voice over high speed network, cheaper comparing to PSTN and reach- able to everywhere through internet by loon developed by Google with 4G LTE speed6. 2.1 VoIP Security Issues VoIP transfers the voice over the data network through different network elements such as switches and rout- ers. Connecting PSTN to internet i.e. VoIP as a carrier for voice/video traffic, the security problems are not only common in circuit switch network (PSTN, POTS) such as eavesdropping (tapping) and toll fraud attack but also 15 42. Liao HJ, Lin CHR, Lin YC, Tung KY. Intrusion detection system: A comprehensive review.
Journal of Network and Computer Applications. 2013; 36(1):16–24. 43. Audiopedia. Honeypot (computing). Available from: https://www.youtube.com/watch?v=2fXAw33jOBk. [Cited 2014 Dec]. 44. Goel R, Sardana A, Joshi RC. Wireless honeypot: framework, architectures and tools. International Journal of Network Security. 2013; 15(5):373–83. 45. Li Z, Grochulla M, Thormahlen T. Multiple active speaker localization based on audio- visual fusion in two stages. Proceedings IEEE International Conference on Multisensor Fusion Integration Intelligence Systems (MFI); Hamburg: Germany; 2012. p. 262–68. 46. Zhu ZY, He QH, Feng XH, Xiongli Y, Wang ZF. Liveness detection using time drift between lip movement and voice. Proceedings IEEE International Conference on Machine Learning Cybernetics (ICMLC); Tianjin: China; 2013. p. 973– 78. 47. Chetty G. Biometric liveness detection based on cross modal fusion. IEEE 12th International Conference on Information Fusion (FUSION). Seattle: WA; 2009. p. 2255–62. Figure 1. VoIP layer architecture. Figure 1. VoIP layer architecture.
16 Figure 2. VoIP cloud architecture. Figure 3. Proposed VoIP cloud architecture. Figure 4. Video watermarking scheme for signaling message. Figure 2. VoIP cloud architecture. 1.2.1 Call Server Phones are registered with this component. It handles security and admission control while connecting the phones. The Voice data of a call carried by the transport protocol may or may not flow through the call server. Ashutosh Satapathy and L. M. Jenila Livingston Indian Journal of Science and Technology 3Vol 9 (6) | February 2016 | www.indjst.org problems related to IP network. Security issues in VoIP are broadly classified into three categories.
2.1.1 Real Time Issues From last decade onwards, VoIP is used for several illegal activities such as hacking, terrorism, match fixing etc. Recently in October 2014, phone Hackers had broken into the phone network of the company, Foreman Seeley Fountain Architecture and routed $166, 000 worth of calls from the firm to premium rate telephone numbers in Gambia, Somalia and Maldives. It would have taken 34 years for the firm to run of those charges legitimately, based on its typical phone bill. 2.1.2 Network Related Issues Attacks related to destroy, block, expose, alter, disable, steal or gain unauthorized access to information in VoIP network (e.g. threats include social, denial of service, ser- vice abuse, physical access, interruption of service etc.) are listed in Table 1 followed by different types of attacks7,8. 2.1.3 Voice Related Issues As VoIP system carries voice traffic, so victim’s voice can be mimicked by an attacker/intruder. A talking and sing- ing robot that mimics human vocalization, developed by M. Kitani, Kagawa University is vulnerable to VoIP communication9. 2.2 VoIP Attacks This section deals with different types of VoIP attacks. 2.2.1 Physical Attacks The attacker performs this attack by stealing, breaking network equipment or direct control over equipment by getting unauthorized access to prohibited area for seeking of information. Some of the physical attacks are dumpster diving, shoulder surfing, hardware key logger and overt access etc. It can be prevented by keeping the documents and records safely inside locker and electronic equipment
must be password protected. At last, outer layer security can be provided by deploying security guards at enter and exit points. 2.2.2 MAC Spoofing The technique of masking a MAC address upon actual MAC address through software emulation is known as MAC spoofing. Here the hacker’s system is taken over MAC address of one of the node which is already config- ured and permitted as VoIP end device by disconnecting or turning off it from rest of the network. It can be pre- vented by number of ways10. When ARP packet arrives, direct extraction of MAC address from LAN card and from OS registry; Compare the MAC address of LAN card with OS. If it doesn’t match, then delete the entry from OS registry. Lock down the system by registering its MAC address with a DHCP IP address. At last secure the communication channel by encrypting it. 2.2.3 ARP Spoofing Hacker spreads forgery Address Resolution Protocol (ARP) packets inside VoIP network by modifying ARP buffer. Here, attacker binds own system MAC address with IP address of genuine server which causes the traffic imply for server is diverted to attacker. It advances hacker Table 1. VoIP network threats classification Threat Type Description Social threats These threats point straight against individuals such as misconfigurations, security holes or defective protocol implementation in VoIP system. (e.g., Phishing, Theft of identity or Service,
Social engineering, Spam etc.) Eavesdropping, interception and modification threats These threats include illegal/ Un- authorization access and modification of signaling and transport message. (e.g., Call rerouting, interception of RTP sessions etc.) Denial of service threats DoS threats repudiate individual access to VoIP services. DDOS attacks strike all of user’s or business transmission potentials. (e.g., SYN/UDP floods, ICMP floods, etc.) Service abuse threats These threats cause inappropriate utilization of VoIP services when those facilities are provided for business purposes. (e.g., toll fraud and billing avoidance etc.) Physical access threats These threats are illegal physical access to
VoIP devices or physical layer of the VoIP network. (e.g., Hardware key logger, theft of media, retrieval of discarded stuffs etc.) Interruption of services threats These threats cause VoIP services/ facilities to unviable and unavailable. (e.g., power loss due to bad climate, resource consumption due to over purchase/ extra subscription, issues that degenerate call quality etc.) A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud Indian Journal of Science and Technology4 Vol 9 (6) | February 2016 | www.indjst.org not only listen to VoIP calls but also reply and terminate the VoIP calls intended for other. ARP poisoning followed by denial service threats or eavesdropping, interception or modification threats which cause severe damages to vic- tim. So, Enhanced ARP can be implemented to prevent ARP spoofing11. 2.2.4 IP Spoofing Attacker gets into the VoIP network by tricking the IP address of any authorized machine which helps him to spread malicious message inside the network. IP spoofing helps attacker to launch further attacks such as DoS attack, theft of services, toll fraud etc. by impersonating autho- rized host inside VoIP network. Basically IP spoofing can
be prevented with maximum probabilities by configuring broader gateway router. First, router disallows incom- ing packets for destination address coming from source address within one network. Second, router disallows to send packets from local network to another; those don’t have source addresses within that local address range. Y. Ma developed an effective trace route based method for counter measure against IP spoofing and it is worked with trusted adjacent nodes information i.e. acceptance of packets for a node is completely depends upon trace route result from its adjacent nodes12. 2.2.5 ICMP Flood Internet Control Message Protocol (ICMP) is one of the network layer protocols that carry error and query mes- sages sent by either intermediate nodes or end node. Attacker tries to overflow the receiver cache by flood the respective node with ICMP packets. It forces the node to drop successive ICMP packets until free space available at node’s cache even if request packets come from genu- ine node. Routers are configured to set optimum points for traffic coming from different networks. It will help the routers to not only block unnecessary ICMP packets by matching ICMP requests and responses but also prevent cache overflow. The VoIP system must be configured sepa- rate VLAN for packets originating within a single network which are monitored by firewall. Barbhuiya et al. have developed an error detection framework to identify dif- ferent types of ICMP attack13. It consists of two modules. Verification module verifies origination of ICMP packets and Congestion check module extracts bandwidth utili- zation information using Simple Network Management Protocol (SNMP). 2.2.6 TCP/ UDP Floods In TCP flooding attack, hacker creates huge number of SYN
packets with abnormal source IP addresses and sends to receiver. Receiver node allocates space in its Transmission Control Buffer (TCB) to each SYN requests. In response to SYN packets, receiver sends SYN+ACK packets and waiting for ACK packets. The SYN+ACK packets carry abnormal IP addresses cause failure to receive ACK packets which prevents receiver node to clear TCP SYN requests from buffer and buffer to overflow later. Attacker can use TCP flood attack against VoIP signaling protocol such as H.323 and SIP; as both are connection oriented protocols. Haris et al. have succeed to detect TCP flood attack in communication by analyzing payload and unus- able area of the HTTP protocol (e.g., port, flags, source IP, header length)14. In UDP flood attack, large number of UDP packets are created with arbitrary source addresses and port num- bers and then sends to victim node. Receiver node will check whether any processes are running on those ports and find most of the ports are closed. In reply, receiver node creates large number of destination unreachable packets. Increase the number of ICMP packets causes the victim node and the network to overflow. The UDP flood attack prevents genuine nodes to communicate the victim node at a particular span of time. Attacker can use UDP flood attack against VoIP transport protocol such as RTP and RTCP; as both are connection less pro- tocol. Bardas et al. proposed a proportional packet rate assumption technique to differentiate UDP traffic for detecting forge IP addresses responsible for UDP flood attacks15. 2.2.7 TCP/ UDP Replay First, attacker tries to obtain network sensitive information such as session cookies, password, voice data, signal- ing data. The information captured by sniffing tools can
be used by attacker to take over the ongoing session. Sometime victim’s voice can be impersonated by directly playing back recorded voice data or slightly modifying voice data and send to destination which helps the hacker to retrieve more information between caller and callee. Encrypt the sessions is the best way to stop penetration. Ali et al. proposed an enhanced port knocking technique to block TCP replay and port scanning attacks16. It is worked on source port sequences authentication instead of destination port sequence number. Ashutosh Satapathy and L. M. Jenila Livingston Indian Journal of Science and Technology 5Vol 9 (6) | February 2016 | www.indjst.org 2.2.8 SIP Registration Hijacking VoIP phones use SIP or other signaling protocols to register own MAC and IP addresses with call server. In the reply, each phone will get unique call ID which allows it to make or receive VoIP call. Attacker tries to capture registration packets and replaces MAC address from the packets with own MAC address. It helps the rogue node to register with victim IP address which causes call intending for victim node will be forwarded to attacker. SIP registration hijacking allows burglars to track, block and manipulate voice traffic. As end node registration is based on TCP connection, attack will be prevented by implementing SSL/TLS security policies 17. 2.2.9 Malformed Packets The hacker creates malicious packets and forwards them to nodes inside VoIP networks with the help of networking protocols. The target node processes those packets, causes
open unnecessary ports and processes which degrade per- formance of the nodes to handle VoIP traffic. New patches and software will be installed to maintain the node up-to- date and shutdown the security holes which are vulnerable to attack. New generation firewalls must be installed to provide protection against vulnerable packets by filtering packets based on inbound rules, outbound rules and con- nection security rules. Geneiatakis et al. have succeeded in developing a framework that provides defense against malformed packets for VoIP infrastructure18. The detec- tion mechanism is based on signature detection which consists of two parts. First one, general signature detec- tion (e.g., SIP METHOD, SIP URI, HEADERS) applicable to all the packets and second one is method specific (e.g., CALL-ID, Content-Type, INVITE _METHOD) differ from packets to packets. 2.2.10 SIP Message Modification In message modification attack, by running network sniffing tools (e.g.,Wireshark), attacker penetrates traffic and tries to modify signaling message for better control over the VoIP network. Suppose a user initiates a call to victim’s phone by sending SIP message to call server. Modification of SIP messages confuses and forces the server to connect rogue phone. User knows that he is connected to one user but actually the traffic is routed to attacker. SIP message modification is carried out by performing MITM attack such as MAC spoofing, IP spoofing or ARP poisoning. As SIP and RTP packets transmission are taken place over TCP and UDP connection; VoIP traffic must be encrypted by implementing SSL/TLS to prevent this attack17. 2.2.11 SIP Cancel/ Bye Attack Host (zombie) must be configured in promiscuous mode to lunch attack into VoIP network by sending SIP Cancel
or Bye packets. Abnormal packets are created and sent to an IP phone from its connected IP phone by spoofing its IP address which will proceed to terminate the ongo- ing call. Attacker can perform this attack continuously for certain period of time by spoofing more than one IP addresses which causes denial of service attack. As both signaling and transport protocols use no authentication prior to data transmission, so, this attack can be prevented by encrypt the communication channels. Second, provide authentication between end device and call server and at last verification of authenticity of signaling message by end devices before processing 19. 2.2.12 SIP Malformed Command In web based VoIP communication (e.g. Facebook, Google Hangout), Hyper Text Markup Language (HTML) plays a major role as it carries all the signaling informa- tion/ command in its body. Parsing SIP command within HTML code for all possible input is really a headache. Attacker tries to inject malformed SIP command in input field and send to server for processing as like SQL injec- tion. In response either it breaks the server authentication or degrades the performance of server and end devices. In counter measure, whether packets are coming from genuine user or not will be confirmed by call server by verifying authenticity of SIP message before processing. Dictionary and fuzzy tests must be performed on HTML code that filtered tricky SIP malformed packets used to exploit server. M. Su and C. Tsai propose two functions to resists malformed SIP packets and flooding attack on call servers20. First function filters malformed packets and second one uses Chi-square test to measure flooding attack on SIP server. 2.2.13 SIP Redirect Call server cache maintains data structure of Phone’s
caller ID, corresponding MAC and IP address. Attacker manipulates call server cache to confuse the call server for call redirection. So, SIP packets coming for receiver are redirected to attacker specified number. Attacker can perform DoS and DDoS attack by redirecting a single call A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud Indian Journal of Science and Technology6 Vol 9 (6) | February 2016 | www.indjst.org or all the calls to void device(s). So, call server must be strong password protected and SIP must be authenticated to prevent redirection attack19. 2.2.14 RTP Payload Captured packets will be played later to listening the conversation between the end users using sniffing tools. Attacker can insert own voice inside RTP payload which degrade the quality of conversation and some- time changed in the meaning of conversation. In RTP tampering, header fields (sequence number, synchroni- zation source Identifier, payload type, timestamp etc.) are tampered which make the packets either unusable or delayed, causes rejection at receiver end. In RTP redi- rection, header field of packets are modified with other receiver caller id and IP address causes packets intending for one will go to other. It can be prevented by configuring VoIP network with Secure Real-Time Transport Protocol (SRTP) instead of RTP21. It will encrypt the RTP packets propagate between callers. 2.2.15 Buffer Overflow
Buffer is the temporary storage allocated by OS in physical memory for processing data by computer program. Buffer is mainly divided into four types such as code, data, stack and heap segments. Attacker tries to perform buffer over- flow attack by targeting at least one of the segments. It helps to steal or modify the sensitive information or install malicious code and execute it. Buffer overflow attacks are mainly executed by four ways such as long jump, function activation record, pointer subterfuge and malicious code execution. It can be defended by writing secure code, performing bound checking or static and dynamic code analysis and runtime code instrumentation22. 2.2.16 Operating System In VoIP communication network, IP phones, Call server, TFTP server, gateway and DHCP server etc. requires OS (e.g., Windows, Linux, Mac) to run. So, vulnerabili- ties in OS make them vulnerable23. OS vulnerabilities in VoIP phones are mainly of two types. Hard phones have in build embedded OS which is less vulnerable and more protected than soft phones. VoIP soft phones are software packages which are installed on computers connected to data network. Old hardware, unsupported drivers, bad integration of APIs, unsecure administrator APIs expose OS to attack. Like IP phones, web server OS, DHCP server, and call manager can be exploited by attacker for seeking of sensitive and crucial infor- mation (e.g., password, IP table, VoIP configuration file). As default configuration of OS is not secure, it is exposed to malwares to install. Its execution opens well known ports which helps attacker to run abnormal pro- cesses (e.g., free call, toll fraud). It can be pre-empted by hardening OS24. 2.2.17 Malwares
A vulnerable piece of executable codes or program used by unknown third party to install in VoIP network and bring down its performance by hook or crook. Malicious programs or malwares are mainly classified as two cat- egories, first one simple malwares and second one is self-replicated malwares25. Logic bomb and Trojan horse are come under non self-replicated/simple malware. Self- replicating malware such as virus and worm, who spread its infection over the network within few hours or days. Trojan horses are dispatched over network for remote control over victim VoIP phones. Logic bomb helps the attacker to trigger other dangerous attacks (DoS, DDoS, sniffing etc.) in timely manner. It will be prevented by installing updated antivirus and patching up VoIP system software on regular basis. 2.2.18 Application Flaws As most of the VoIP communications are web based, it’s vulnerable to two major application flaws such as Structured Query Language (SQL) Injection attack and cross site scripting attacks. In SQL Injection attack, mali- cious commands are inserted in SQL statements to gain unauthorized access to server database. It can be prevented by implementing three primary defense mechanisms such as defensive coding, SQL injection vulnerabilities detection and runtime SQL injection attack prevention26. In cross site scripting attack, hacker uses the advantages of scripting languages to launch attack by injecting mali- cious code inside the web application. It can be prevented by configuring strong authentication and validation for web based VoIP application27. 2.2.19 TFTP Server Insertion Hacker tries to plant rouge TFTP server in the network by disabling/ spoofing actual TFTP server. It forces IP phones to receive wrong configuration information (e.g.,
Call ID, SIP server IP address and phone number) which Ashutosh Satapathy and L. M. Jenila Livingston Indian Journal of Science and Technology 7Vol 9 (6) | February 2016 | www.indjst.org may provoke bill fraud attack. It will be prevented by encrypting and authenticating the channel between IP phones and TFTP server using TLS/ SSL. N. N. Mohamed et al. suggested compression and encryption technique to secure TFTP packets28. For compression, lossless algorithm (e.g., Huffman coding) and for encryption, symmetric encryption algorithm (e.g., AES, 3-DES) is used. Diffie-Hellman Key Exchange algorithm is used for distribution of symmetric key between client and server. 2.2.20 DHCP Server Starvation Attacker generates random MAC addresses and creates DHCP request for each MAC address. By flooding DHCP server with DHCP requests, consumes DHCP IP pool and to overflow later. It is to be continued until reserved IP addresses DHCP timers will be expired. Dinu and Togan proposed digital certificate based DHCP server authentication to stop DHCP server starvation attack29. It uses asymmetric key cryptography and digital certificates for DHCP server authentication and verifying DHCP response from it to prevent starvation. 2.3 Defense Mechanisms to Prevent Attacks Defense mechanisms provide basic counter measures to prevent potential VoIP attacks explained above are broadly classified into twelve types and listed in Table 2 7,30.
2.3.1 Physical Access Control (PAC) Physical securities can be implemented mainly three ways31. First, equipment should be placed and surrounded by multi-layer barriers, which will prevent from natu- ral disasters like cyclone, floods etc. (e.g., wall, multiple locks, fireproof safes etc.). Second, deployment of surveil- lance systems such as smoke and heat detectors, cameras, alarms that decreases occurrences of manmade disasters with maximum amount. At last, practices must be imple- mented to prevent before any attack has been occur and fast recovery from damages, if any attack has occurred. 2.3.2 ARP Cache Protection (ACP) Static ARP cache entries allow maintaining manual mapping between IP address to MAC address so that Table 2. Defense mechanisms against attacks Attacks Defense Mechanisms 1. Ph ys ic al A tt ac ks
2. M A C S po ofi ng 3. A R P Sp oo fin g 4. IP S po ofi ng 5. IC
M P Fl oo d 6. T C P/ U D P Fl oo ds 7. T C P/ U D P R
ep la y 8. S IP R eg is tr at io n H ija ck in g 9. M al fo rm ed
P ac ke ts 10 . S IP M es sa ge M od ifi ca tio n 11 . S IP C an ce
l/ By e A tt ac k 12 . S IP M al fo rm ed C om m an ds 13 . S IP
R ed ir ec t 14 . R T P Pa yl oa d 15 . B uff er O ve rfl ow 16 . O pe
ra tin g Sy st em 17 . M al w ar es 18 . A pp lic at io n Fl aw s 19 . T
FT P Se rv er In se rt io n 20 . D H C P se rv er S ta rv at io n
PAC √ ACP √ OSP √ √ √ √ PA √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ RC √ √ FC √ √ √ SVDT √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ CA √ √ SA √ √ √ √ √ √ √ ME √ IDS √ √ √ √ √ √ √ √ √ √ √ √ … Reading and summarizing a research article: Authors’ last names (year) conducted a study about ________________________. The participants were/the setting was ___________________________. (New paragraph) The findings were _____________________________. Discussion. (Possibly a new paragraph) The authors suggested _____________________. Discussion. Students should fill in the blanks with their own words. To copy directly from the article fails to show comprehension and considered plagiarism. To “fill in the blanks”, a student should read the journal article and pay specific attention to:
Sentence #1- Authors’ last names (year) conducted a study about _________________. · Read the Abstract; this will give an overview of the study’s (article’s) purpose. · Read the entire article without trying to summarize it. · Go back and read the Literature Review or Background section of the article. Toward the end of the section, the authors should identify gaps in the existing literature and tell the reader how the current study will fill that gap. The authors will also state their hypothesis (purpose) at the end of this section. · Section #2 - The participants were/the setting was ___________________________. · Read the Methods section of the paper. In this section, the authors will describe how the data was collected, who was included in the sample, and any instruments used. · A reader might want to consider sample size, demographic characteristics, or any interesting protocol. · It is not necessary to report every fact (i.e., 35% of the participants were male, 71%) Section #3 - The findings were _____________________________. · Read the Findings section of the article. · Some statistics may be confusing. Pay attention to key words such as “increased”, “decreased”, “improved”, and “reduced”. · “No change” may also be considered a significant finding. · Next, read the Discussion section. The authors will present the findings in general terms. Section #4 - The authors suggested _____________________. · Read the Discussion section and look for comments that the authors made about the intervention or program such as “Did it work?” or “Should it be continued?”. · Look for the author’s critique of why the study did or did not
produce results. Did anything unexpected influence the findings? · The author may suggest a future line of research or “next steps” to improve the body of knowledge. Additional Considerations: · A literature review is a summary of what research has been completed in a topic area; it should be summarized in your own words. · Read the entire article first and then go back and take notes. Jot down notes in your own words. This increases comprehension as well as decreases the likelihood of plagiarism. · The review is written in third person; no “I” or “you”. · Not every detail or fact needs to be reported. A reader will obtain a copy of the article if more information is needed. · Write the literature review in the past tense; the research has already been completed. · The article cannot “do”, “find”, or “say” anything. The authors are the people who conducted the study. · The above format is a guideline. It may be necessary to change the verbs or to expand an idea.

More Related Content

DOCX
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
byrtodd33
 
PDF
1, prevalent network threats and telecommunication security challenges and co...
byAlexander Decker
 
PDF
Voice over IP
byTogis UAB Ltd
 
PDF
Voice over IP (VOIP) Security Research- A Research
byIJMER
 
PPT
VoIP Security
byDayanand Prabhakar
 
PDF
Raisul Haq Rajib (063435056)
bymashiur
 
PPT
Voice Over IP Overview w/Secuirty
byChristopher Duffy
 
PDF
Maheen.Mehnaz 071618056
bymashiur
 
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
byrtodd33
 
1, prevalent network threats and telecommunication security challenges and co...
byAlexander Decker
 
Voice over IP
byTogis UAB Ltd
 
Voice over IP (VOIP) Security Research- A Research
byIJMER
 
VoIP Security
byDayanand Prabhakar
 
Raisul Haq Rajib (063435056)
bymashiur
 
Voice Over IP Overview w/Secuirty
byChristopher Duffy
 
Maheen.Mehnaz 071618056
bymashiur
 

Similar to AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx

PPTX
An approach to mitigate DDoS attacks on SIP.pptx
byamalouwarda1
 
PPT
Voippresentation
byeliran2
 
PPTX
VOIP - Pankaj Karande
byShailesh Kabra
 
PPTX
Voip security
byShethwala Ridhvesh
 
PDF
It’s time to boost VoIP network security
byBev Robb
 
PDF
Sip Intrusion Detection And Prevention Recommendations And Prototype Impleme...
byguestbda3307
 
PPTX
Netas Nova Cyber Security Product Family
byCagdas Tanriover
 
PDF
Abdullah Al Mamun 062507056
bymashiur
 
PPT
Meletis Belsis - Voip security
byMeletis Belsis MPhil/MRes/BSc
 
PDF
Analysis of VoIP Forensics with Digital Evidence Procedure
byijsrd.com
 
DOC
Voip
byPTCL
 
PDF
Securing voip communications in an open network
byeSAT Publishing House
 
DOCX
VoIP Research Paper
byAashish Pande
 
PPT
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
byPositive Hack Days
 
PPTX
VOIP security
byRohit Gurjar
 
PPT
Securty Issues from 1999
byTomParker
 
PPT
Vo ip overview
byviroj tanggasemsun
 
PDF
why-your-network-needs-an-sbc-guide.pdf
bytardis2
 
PDF
Welcome to International Journal of Engineering Research and Development (IJERD)
byIJERD Editor
 
PPT
Common VoIP Security Issues and Solutions
bydheghouy
 
An approach to mitigate DDoS attacks on SIP.pptx
byamalouwarda1
 
Voippresentation
byeliran2
 
VOIP - Pankaj Karande
byShailesh Kabra
 
Voip security
byShethwala Ridhvesh
 
It’s time to boost VoIP network security
byBev Robb
 
Sip Intrusion Detection And Prevention Recommendations And Prototype Impleme...
byguestbda3307
 
Netas Nova Cyber Security Product Family
byCagdas Tanriover
 
Abdullah Al Mamun 062507056
bymashiur
 
Meletis Belsis - Voip security
byMeletis Belsis MPhil/MRes/BSc
 
Analysis of VoIP Forensics with Digital Evidence Procedure
byijsrd.com
 
Voip
byPTCL
 
Securing voip communications in an open network
byeSAT Publishing House
 
VoIP Research Paper
byAashish Pande
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
byPositive Hack Days
 
VOIP security
byRohit Gurjar
 
Securty Issues from 1999
byTomParker
 
Vo ip overview
byviroj tanggasemsun
 
why-your-network-needs-an-sbc-guide.pdf
bytardis2
 
Welcome to International Journal of Engineering Research and Development (IJERD)
byIJERD Editor
 
Common VoIP Security Issues and Solutions
bydheghouy
 

More from ronak56

DOCX
According to the textbook, the Federal Disaster Assistance Act of 19.docx
byronak56
 
DOCX
According to the Council on Social Work Education, Competency 5 Eng.docx
byronak56
 
DOCX
According to the text, economic outcomes measured by economic gr.docx
byronak56
 
DOCX
According to the Council on Social Work Education, Competency 5.docx
byronak56
 
DOCX
According to the Council for Exceptional Children (CEC), part of.docx
byronak56
 
DOCX
According to the article, Answer these two questions. Why did Ma.docx
byronak56
 
DOCX
According to Neuman’s theory, a human being is a total person as a c.docx
byronak56
 
DOCX
According to Rolando et al. (2012), alcohol socialization is the pr.docx
byronak56
 
DOCX
According to your readings, cloud computing represents one of th.docx
byronak56
 
DOCX
According to this idea that gender is socially constructed, answer.docx
byronak56
 
DOCX
According to Thiel (2015, p. 40), CSR literature lacks consensus fo.docx
byronak56
 
DOCX
According to recent surveys, China, India, and the Philippines are t.docx
byronak56
 
DOCX
According to Rolando et al. (2012), alcohol socialization is th.docx
byronak56
 
DOCX
According to the author, Social Security is an essential program, .docx
byronak56
 
DOCX
According to Morrish, the blame for the ever-growing problem of disc.docx
byronak56
 
DOCX
According to DuBrin (2015), Cultural intelligence is an outsiders .docx
byronak56
 
DOCX
According to Edgar Schein, organizational culture are the shared.docx
byronak56
 
DOCX
According to DuBrin (2015), the following strategies or tactics are .docx
byronak56
 
DOCX
According to DuBrin (2015), the following strategies or tactics .docx
byronak56
 
DOCX
Access the Mental Measurements Yearbook, located in the Univer.docx
byronak56
 
According to the textbook, the Federal Disaster Assistance Act of 19.docx
byronak56
 
According to the Council on Social Work Education, Competency 5 Eng.docx
byronak56
 
According to the text, economic outcomes measured by economic gr.docx
byronak56
 
According to the Council on Social Work Education, Competency 5.docx
byronak56
 
According to the Council for Exceptional Children (CEC), part of.docx
byronak56
 
According to the article, Answer these two questions. Why did Ma.docx
byronak56
 
According to Neuman’s theory, a human being is a total person as a c.docx
byronak56
 
According to Rolando et al. (2012), alcohol socialization is the pr.docx
byronak56
 
According to your readings, cloud computing represents one of th.docx
byronak56
 
According to this idea that gender is socially constructed, answer.docx
byronak56
 
According to Thiel (2015, p. 40), CSR literature lacks consensus fo.docx
byronak56
 
According to recent surveys, China, India, and the Philippines are t.docx
byronak56
 
According to Rolando et al. (2012), alcohol socialization is th.docx
byronak56
 
According to the author, Social Security is an essential program, .docx
byronak56
 
According to Morrish, the blame for the ever-growing problem of disc.docx
byronak56
 
According to DuBrin (2015), Cultural intelligence is an outsiders .docx
byronak56
 
According to Edgar Schein, organizational culture are the shared.docx
byronak56
 
According to DuBrin (2015), the following strategies or tactics are .docx
byronak56
 
According to DuBrin (2015), the following strategies or tactics .docx
byronak56
 
Access the Mental Measurements Yearbook, located in the Univer.docx
byronak56
 

Recently uploaded

PDF
Plant Domestication | Complete Concept Explained BREEDING PLANT DOMESTICATION
bySatyam Sharma
 
PPTX
ANKYLOSING SPONDYLITIS OR BAMBOO SPINE.pptx
byDrNidhiAgarwal
 
PDF
Hunwick's Roman Roads and Ridge Roads, a Discussion Document
byJohn Pallister
 
PDF
Creating Motion Graphics and Videos with Generative AI
byShalin Hai-Jew
 
PPTX
GROWTH AND DEVELOPMENT..............pptx
byAneetaSharma15
 
PPTX
Targeted Drug Delivery System – Liposomes, Nanoparticles, Niosomes & Monoclon...
byseemashinde5197
 
PDF
Unit - I Communication Skills. B.pharmacy and D. Pharmacy
bySayyadTarannum
 
PPTX
GASTROINTESTINAL DISORDERS(1-Upper Gastrointestinal Bleeding 2-Lower Gastroi...
byDr PANKAJ PARMAR
 
PPTX
Presentation1jdhdhhhjjjdbbdnjenmmen.pptx
bypgiopration
 
PPTX
jkjkjkjkjkjkjkjfjeofu9 u93r u80 dhuybufy eiufcuetc i heiehf
bypreetheshparmar
 
PDF
Selection in Genetics and Plant Breeding | Complete Concept Explained 🌾
bySatyam Sharma
 
PPTX
What are Forecast Reports in Odoo 18 CRM
byCeline George
 
PDF
Gene Pool in Crop Plants: Diversity, Classification, and Role in Plant Breedi...
bySatyam Sharma
 
PDF
Genetic Erosion in Crop Plants: Causes, Consequences, and Conservation Strate...
bySatyam Sharma
 
PPTX
COMMUNICATION. pptx
byAneetaSharma15
 
PPT
Layers of the Earth crust and Lithosphere.ppt
bybonpat1954
 
PPTX
Gastro retentive drug delivery system pradip
byDrxpradipPatil
 
PDF
Plant Germplasm: The Foundation of Crop Breeding, Genetic Diversity and Food ...
bySatyam Sharma
 
PDF
JRF Plant Science Preparation Strategy by Experts | Complete Syllabus Discuss...
bySatyam Sharma
 
PDF
Opthalmoscope ppt-pdf-notesdownload .pdf
byAnmol Singh
 
Plant Domestication | Complete Concept Explained BREEDING PLANT DOMESTICATION
bySatyam Sharma
 
ANKYLOSING SPONDYLITIS OR BAMBOO SPINE.pptx
byDrNidhiAgarwal
 
Hunwick's Roman Roads and Ridge Roads, a Discussion Document
byJohn Pallister
 
Creating Motion Graphics and Videos with Generative AI
byShalin Hai-Jew
 
GROWTH AND DEVELOPMENT..............pptx
byAneetaSharma15
 
Targeted Drug Delivery System – Liposomes, Nanoparticles, Niosomes & Monoclon...
byseemashinde5197
 
Unit - I Communication Skills. B.pharmacy and D. Pharmacy
bySayyadTarannum
 
GASTROINTESTINAL DISORDERS(1-Upper Gastrointestinal Bleeding 2-Lower Gastroi...
byDr PANKAJ PARMAR
 
Presentation1jdhdhhhjjjdbbdnjenmmen.pptx
bypgiopration
 
jkjkjkjkjkjkjkjfjeofu9 u93r u80 dhuybufy eiufcuetc i heiehf
bypreetheshparmar
 
Selection in Genetics and Plant Breeding | Complete Concept Explained 🌾
bySatyam Sharma
 
What are Forecast Reports in Odoo 18 CRM
byCeline George
 
Gene Pool in Crop Plants: Diversity, Classification, and Role in Plant Breedi...
bySatyam Sharma
 
Genetic Erosion in Crop Plants: Causes, Consequences, and Conservation Strate...
bySatyam Sharma
 
COMMUNICATION. pptx
byAneetaSharma15
 
Layers of the Earth crust and Lithosphere.ppt
bybonpat1954
 
Gastro retentive drug delivery system pradip
byDrxpradipPatil
 
Plant Germplasm: The Foundation of Crop Breeding, Genetic Diversity and Food ...
bySatyam Sharma
 
JRF Plant Science Preparation Strategy by Experts | Complete Syllabus Discuss...
bySatyam Sharma
 
Opthalmoscope ppt-pdf-notesdownload .pdf
byAnmol Singh
 

AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx

  • 1.
    Abstract Voice over InternetProtocol (VoIP) is an advanced telecommunication technology which transfers the voice/video over high speed network that provides advantages of flexibility, reliability and cost efficient advanced telecommunication features. Still the issues related to security are averting many organizations to accept VoIP cloud environment due to security threats, holes or vulnerabilities. So, the novel secured framework is absolutely necessary to prevent all kind of VoIP security issues. This paper points out the existing VoIP cloud architecture and various security attacks and issues in the existing framework. It also presents the defense mechanisms to prevent the attacks and proposes a new security framework called Intrusion Prevention System (IPS) using video watermarking and extraction technique and Liveness Voice Detection (LVD) technique with biometric features such as face and voice. IPSs updated with new LVD features protect the VoIP services not only from attacks but also from misuses. A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud Ashutosh Satapathy* and L. M. Jenila Livingston School of Computing Science and Engineering, VIT University, Chennai - 600127, Tamil Nadu, India; [email protected], [email protected] Keywords: Defense Mechanisms, Liveness Voice Detection, VoIP Cloud, Voice over Internet Protocol, VoIP Security Issues
  • 2.
    1. Introduction The rapidprogress of VoIP over traditional services is led to a situation that is common to many innovations and new technologies such as VoIP cloud and peer to peer services like Skype, Google Hangout etc. VoIP is the technology that supports sending voice (and video) over an Internet protocol-based network1,2. This is completely different than the public circuit-switched telephone net- work. Circuit switching network allocates resources to each individual call and path is permanent throughout the call from start to end. Traditional telephony services are provided by the protocols/components such as SS7, T carriers, Plain Old Telephone Service (POTS), the Public Switch Telephone Network (PSTN), dial up, local loops and anything under International Telecommunication Union. IP networks are based on packet switching and each packet follows different path, has its own header and is forwarded separately by routers. VoIP network can be constructed in various ways by using both proprietary protocols and protocols based on open standards. 1.1 VoIP Layer Architecture VoIP communication system typically consist of a front end platform (soft-phone, PBX, gateway, call manager), back end platform (server, CPU, storage, memory, net- work) and intermediate platforms such as VoIP protocols, database, authentication server, web server, operating sys- tems etc. It is mainly divided into five layers as shown in Figure1. 1.2 VoIP Cloud Architecture VoIP cloud is the framework for delivering telephony services in which resources are retrieved from the cloud data center through web applications and soft- ware, instead of a direct link to server3. Information and applications are stored on cloud servers in a distributed
  • 3.
    fashion. Apart fromcloud computing characteristics such as on demand service, resource pooling, opti- mize resource allocation, pay as you go, elasticity and scalability4,5, VoIP cloud contains mainly six components as shown in Figure 2. *Author for correspondence Indian Journal of Science and Technology, Vol 9(6), DOI: 10.17485/ijst/2016/v9i6/81980, February 2016 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud Indian Journal of Science and Technology2 Vol 9 (6) | February 2016 | www.indjst.org 1.2.2 DHCP Server It is used for dynamically distributing network configu- ration parameters such as Internet Protocol (IP) address, address of TFTP server etc. 1.2.3 Application Server These servers are designed to install, host and operate applications and provide services to end users, IT industries and organizations. 1.2.4 Time Server The main principle of time server is to maintain syn- chronization over the network. The actual time from server clock is distributed to its clients using a computer
  • 4.
    network. 1.2.5 TFTP Server Ithelps to update the network configuration used by the phones, routers, firewalls and perhaps provide a setting file that might contain operational parameters for VoIP network. e.g., software updates, codec used in a particular region. 1.2.6 Intrusion Prevention System (IPS) It monitors networks and systems behavior for malicious instances. The major roles of intrusion prevention sys- tems are to find out suspicious instances and their log information, try to block/stop them and report to con- cern admin. 2. Literature Review VoIP technology was started in February 1995 by Vocaltec, Inc. in Israel. It transfers the voice over high speed network, cheaper comparing to PSTN and reach- able to everywhere through internet by loon developed by Google with 4G LTE speed6. 2.1 VoIP Security Issues VoIP transfers the voice over the data network through different network elements such as switches and rout- ers. Connecting PSTN to internet i.e. VoIP as a carrier for voice/video traffic, the security problems are not only common in circuit switch network (PSTN, POTS) such as eavesdropping (tapping) and toll fraud attack but also 15 42. Liao HJ, Lin CHR, Lin YC, Tung KY. Intrusion detection system: A comprehensive review.
  • 5.
    Journal of Networkand Computer Applications. 2013; 36(1):16–24. 43. Audiopedia. Honeypot (computing). Available from: https://www.youtube.com/watch?v=2fXAw33jOBk. [Cited 2014 Dec]. 44. Goel R, Sardana A, Joshi RC. Wireless honeypot: framework, architectures and tools. International Journal of Network Security. 2013; 15(5):373–83. 45. Li Z, Grochulla M, Thormahlen T. Multiple active speaker localization based on audio- visual fusion in two stages. Proceedings IEEE International Conference on Multisensor Fusion Integration Intelligence Systems (MFI); Hamburg: Germany; 2012. p. 262–68. 46. Zhu ZY, He QH, Feng XH, Xiongli Y, Wang ZF. Liveness detection using time drift between lip movement and voice. Proceedings IEEE International Conference on Machine Learning Cybernetics (ICMLC); Tianjin: China; 2013. p. 973– 78. 47. Chetty G. Biometric liveness detection based on cross modal fusion. IEEE 12th International Conference on Information Fusion (FUSION). Seattle: WA; 2009. p. 2255–62. Figure 1. VoIP layer architecture. Figure 1. VoIP layer architecture.
  • 6.
    16 Figure 2. VoIPcloud architecture. Figure 3. Proposed VoIP cloud architecture. Figure 4. Video watermarking scheme for signaling message. Figure 2. VoIP cloud architecture. 1.2.1 Call Server Phones are registered with this component. It handles security and admission control while connecting the phones. The Voice data of a call carried by the transport protocol may or may not flow through the call server. Ashutosh Satapathy and L. M. Jenila Livingston Indian Journal of Science and Technology 3Vol 9 (6) | February 2016 | www.indjst.org problems related to IP network. Security issues in VoIP are broadly classified into three categories.
  • 7.
    2.1.1 Real TimeIssues From last decade onwards, VoIP is used for several illegal activities such as hacking, terrorism, match fixing etc. Recently in October 2014, phone Hackers had broken into the phone network of the company, Foreman Seeley Fountain Architecture and routed $166, 000 worth of calls from the firm to premium rate telephone numbers in Gambia, Somalia and Maldives. It would have taken 34 years for the firm to run of those charges legitimately, based on its typical phone bill. 2.1.2 Network Related Issues Attacks related to destroy, block, expose, alter, disable, steal or gain unauthorized access to information in VoIP network (e.g. threats include social, denial of service, ser- vice abuse, physical access, interruption of service etc.) are listed in Table 1 followed by different types of attacks7,8. 2.1.3 Voice Related Issues As VoIP system carries voice traffic, so victim’s voice can be mimicked by an attacker/intruder. A talking and sing- ing robot that mimics human vocalization, developed by M. Kitani, Kagawa University is vulnerable to VoIP communication9. 2.2 VoIP Attacks This section deals with different types of VoIP attacks. 2.2.1 Physical Attacks The attacker performs this attack by stealing, breaking network equipment or direct control over equipment by getting unauthorized access to prohibited area for seeking of information. Some of the physical attacks are dumpster diving, shoulder surfing, hardware key logger and overt access etc. It can be prevented by keeping the documents and records safely inside locker and electronic equipment
  • 8.
    must be passwordprotected. At last, outer layer security can be provided by deploying security guards at enter and exit points. 2.2.2 MAC Spoofing The technique of masking a MAC address upon actual MAC address through software emulation is known as MAC spoofing. Here the hacker’s system is taken over MAC address of one of the node which is already config- ured and permitted as VoIP end device by disconnecting or turning off it from rest of the network. It can be pre- vented by number of ways10. When ARP packet arrives, direct extraction of MAC address from LAN card and from OS registry; Compare the MAC address of LAN card with OS. If it doesn’t match, then delete the entry from OS registry. Lock down the system by registering its MAC address with a DHCP IP address. At last secure the communication channel by encrypting it. 2.2.3 ARP Spoofing Hacker spreads forgery Address Resolution Protocol (ARP) packets inside VoIP network by modifying ARP buffer. Here, attacker binds own system MAC address with IP address of genuine server which causes the traffic imply for server is diverted to attacker. It advances hacker Table 1. VoIP network threats classification Threat Type Description Social threats These threats point straight against individuals such as misconfigurations, security holes or defective protocol implementation in VoIP system. (e.g., Phishing, Theft of identity or Service,
  • 9.
    Social engineering, Spametc.) Eavesdropping, interception and modification threats These threats include illegal/ Un- authorization access and modification of signaling and transport message. (e.g., Call rerouting, interception of RTP sessions etc.) Denial of service threats DoS threats repudiate individual access to VoIP services. DDOS attacks strike all of user’s or business transmission potentials. (e.g., SYN/UDP floods, ICMP floods, etc.) Service abuse threats These threats cause inappropriate utilization of VoIP services when those facilities are provided for business purposes. (e.g., toll fraud and billing avoidance etc.) Physical access threats These threats are illegal physical access to
  • 10.
    VoIP devices orphysical layer of the VoIP network. (e.g., Hardware key logger, theft of media, retrieval of discarded stuffs etc.) Interruption of services threats These threats cause VoIP services/ facilities to unviable and unavailable. (e.g., power loss due to bad climate, resource consumption due to over purchase/ extra subscription, issues that degenerate call quality etc.) A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud Indian Journal of Science and Technology4 Vol 9 (6) | February 2016 | www.indjst.org not only listen to VoIP calls but also reply and terminate the VoIP calls intended for other. ARP poisoning followed by denial service threats or eavesdropping, interception or modification threats which cause severe damages to vic- tim. So, Enhanced ARP can be implemented to prevent ARP spoofing11. 2.2.4 IP Spoofing Attacker gets into the VoIP network by tricking the IP address of any authorized machine which helps him to spread malicious message inside the network. IP spoofing helps attacker to launch further attacks such as DoS attack, theft of services, toll fraud etc. by impersonating autho- rized host inside VoIP network. Basically IP spoofing can
  • 11.
    be prevented withmaximum probabilities by configuring broader gateway router. First, router disallows incom- ing packets for destination address coming from source address within one network. Second, router disallows to send packets from local network to another; those don’t have source addresses within that local address range. Y. Ma developed an effective trace route based method for counter measure against IP spoofing and it is worked with trusted adjacent nodes information i.e. acceptance of packets for a node is completely depends upon trace route result from its adjacent nodes12. 2.2.5 ICMP Flood Internet Control Message Protocol (ICMP) is one of the network layer protocols that carry error and query mes- sages sent by either intermediate nodes or end node. Attacker tries to overflow the receiver cache by flood the respective node with ICMP packets. It forces the node to drop successive ICMP packets until free space available at node’s cache even if request packets come from genu- ine node. Routers are configured to set optimum points for traffic coming from different networks. It will help the routers to not only block unnecessary ICMP packets by matching ICMP requests and responses but also prevent cache overflow. The VoIP system must be configured sepa- rate VLAN for packets originating within a single network which are monitored by firewall. Barbhuiya et al. have developed an error detection framework to identify dif- ferent types of ICMP attack13. It consists of two modules. Verification module verifies origination of ICMP packets and Congestion check module extracts bandwidth utili- zation information using Simple Network Management Protocol (SNMP). 2.2.6 TCP/ UDP Floods In TCP flooding attack, hacker creates huge number of SYN
  • 12.
    packets with abnormalsource IP addresses and sends to receiver. Receiver node allocates space in its Transmission Control Buffer (TCB) to each SYN requests. In response to SYN packets, receiver sends SYN+ACK packets and waiting for ACK packets. The SYN+ACK packets carry abnormal IP addresses cause failure to receive ACK packets which prevents receiver node to clear TCP SYN requests from buffer and buffer to overflow later. Attacker can use TCP flood attack against VoIP signaling protocol such as H.323 and SIP; as both are connection oriented protocols. Haris et al. have succeed to detect TCP flood attack in communication by analyzing payload and unus- able area of the HTTP protocol (e.g., port, flags, source IP, header length)14. In UDP flood attack, large number of UDP packets are created with arbitrary source addresses and port num- bers and then sends to victim node. Receiver node will check whether any processes are running on those ports and find most of the ports are closed. In reply, receiver node creates large number of destination unreachable packets. Increase the number of ICMP packets causes the victim node and the network to overflow. The UDP flood attack prevents genuine nodes to communicate the victim node at a particular span of time. Attacker can use UDP flood attack against VoIP transport protocol such as RTP and RTCP; as both are connection less pro- tocol. Bardas et al. proposed a proportional packet rate assumption technique to differentiate UDP traffic for detecting forge IP addresses responsible for UDP flood attacks15. 2.2.7 TCP/ UDP Replay First, attacker tries to obtain network sensitive information such as session cookies, password, voice data, signal- ing data. The information captured by sniffing tools can
  • 13.
    be used byattacker to take over the ongoing session. Sometime victim’s voice can be impersonated by directly playing back recorded voice data or slightly modifying voice data and send to destination which helps the hacker to retrieve more information between caller and callee. Encrypt the sessions is the best way to stop penetration. Ali et al. proposed an enhanced port knocking technique to block TCP replay and port scanning attacks16. It is worked on source port sequences authentication instead of destination port sequence number. Ashutosh Satapathy and L. M. Jenila Livingston Indian Journal of Science and Technology 5Vol 9 (6) | February 2016 | www.indjst.org 2.2.8 SIP Registration Hijacking VoIP phones use SIP or other signaling protocols to register own MAC and IP addresses with call server. In the reply, each phone will get unique call ID which allows it to make or receive VoIP call. Attacker tries to capture registration packets and replaces MAC address from the packets with own MAC address. It helps the rogue node to register with victim IP address which causes call intending for victim node will be forwarded to attacker. SIP registration hijacking allows burglars to track, block and manipulate voice traffic. As end node registration is based on TCP connection, attack will be prevented by implementing SSL/TLS security policies 17. 2.2.9 Malformed Packets The hacker creates malicious packets and forwards them to nodes inside VoIP networks with the help of networking protocols. The target node processes those packets, causes
  • 14.
    open unnecessary portsand processes which degrade per- formance of the nodes to handle VoIP traffic. New patches and software will be installed to maintain the node up-to- date and shutdown the security holes which are vulnerable to attack. New generation firewalls must be installed to provide protection against vulnerable packets by filtering packets based on inbound rules, outbound rules and con- nection security rules. Geneiatakis et al. have succeeded in developing a framework that provides defense against malformed packets for VoIP infrastructure18. The detec- tion mechanism is based on signature detection which consists of two parts. First one, general signature detec- tion (e.g., SIP METHOD, SIP URI, HEADERS) applicable to all the packets and second one is method specific (e.g., CALL-ID, Content-Type, INVITE _METHOD) differ from packets to packets. 2.2.10 SIP Message Modification In message modification attack, by running network sniffing tools (e.g.,Wireshark), attacker penetrates traffic and tries to modify signaling message for better control over the VoIP network. Suppose a user initiates a call to victim’s phone by sending SIP message to call server. Modification of SIP messages confuses and forces the server to connect rogue phone. User knows that he is connected to one user but actually the traffic is routed to attacker. SIP message modification is carried out by performing MITM attack such as MAC spoofing, IP spoofing or ARP poisoning. As SIP and RTP packets transmission are taken place over TCP and UDP connection; VoIP traffic must be encrypted by implementing SSL/TLS to prevent this attack17. 2.2.11 SIP Cancel/ Bye Attack Host (zombie) must be configured in promiscuous mode to lunch attack into VoIP network by sending SIP Cancel
  • 15.
    or Bye packets.Abnormal packets are created and sent to an IP phone from its connected IP phone by spoofing its IP address which will proceed to terminate the ongo- ing call. Attacker can perform this attack continuously for certain period of time by spoofing more than one IP addresses which causes denial of service attack. As both signaling and transport protocols use no authentication prior to data transmission, so, this attack can be prevented by encrypt the communication channels. Second, provide authentication between end device and call server and at last verification of authenticity of signaling message by end devices before processing 19. 2.2.12 SIP Malformed Command In web based VoIP communication (e.g. Facebook, Google Hangout), Hyper Text Markup Language (HTML) plays a major role as it carries all the signaling informa- tion/ command in its body. Parsing SIP command within HTML code for all possible input is really a headache. Attacker tries to inject malformed SIP command in input field and send to server for processing as like SQL injec- tion. In response either it breaks the server authentication or degrades the performance of server and end devices. In counter measure, whether packets are coming from genuine user or not will be confirmed by call server by verifying authenticity of SIP message before processing. Dictionary and fuzzy tests must be performed on HTML code that filtered tricky SIP malformed packets used to exploit server. M. Su and C. Tsai propose two functions to resists malformed SIP packets and flooding attack on call servers20. First function filters malformed packets and second one uses Chi-square test to measure flooding attack on SIP server. 2.2.13 SIP Redirect Call server cache maintains data structure of Phone’s
  • 16.
    caller ID, correspondingMAC and IP address. Attacker manipulates call server cache to confuse the call server for call redirection. So, SIP packets coming for receiver are redirected to attacker specified number. Attacker can perform DoS and DDoS attack by redirecting a single call A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud Indian Journal of Science and Technology6 Vol 9 (6) | February 2016 | www.indjst.org or all the calls to void device(s). So, call server must be strong password protected and SIP must be authenticated to prevent redirection attack19. 2.2.14 RTP Payload Captured packets will be played later to listening the conversation between the end users using sniffing tools. Attacker can insert own voice inside RTP payload which degrade the quality of conversation and some- time changed in the meaning of conversation. In RTP tampering, header fields (sequence number, synchroni- zation source Identifier, payload type, timestamp etc.) are tampered which make the packets either unusable or delayed, causes rejection at receiver end. In RTP redi- rection, header field of packets are modified with other receiver caller id and IP address causes packets intending for one will go to other. It can be prevented by configuring VoIP network with Secure Real-Time Transport Protocol (SRTP) instead of RTP21. It will encrypt the RTP packets propagate between callers. 2.2.15 Buffer Overflow
  • 17.
    Buffer is thetemporary storage allocated by OS in physical memory for processing data by computer program. Buffer is mainly divided into four types such as code, data, stack and heap segments. Attacker tries to perform buffer over- flow attack by targeting at least one of the segments. It helps to steal or modify the sensitive information or install malicious code and execute it. Buffer overflow attacks are mainly executed by four ways such as long jump, function activation record, pointer subterfuge and malicious code execution. It can be defended by writing secure code, performing bound checking or static and dynamic code analysis and runtime code instrumentation22. 2.2.16 Operating System In VoIP communication network, IP phones, Call server, TFTP server, gateway and DHCP server etc. requires OS (e.g., Windows, Linux, Mac) to run. So, vulnerabili- ties in OS make them vulnerable23. OS vulnerabilities in VoIP phones are mainly of two types. Hard phones have in build embedded OS which is less vulnerable and more protected than soft phones. VoIP soft phones are software packages which are installed on computers connected to data network. Old hardware, unsupported drivers, bad integration of APIs, unsecure administrator APIs expose OS to attack. Like IP phones, web server OS, DHCP server, and call manager can be exploited by attacker for seeking of sensitive and crucial infor- mation (e.g., password, IP table, VoIP configuration file). As default configuration of OS is not secure, it is exposed to malwares to install. Its execution opens well known ports which helps attacker to run abnormal pro- cesses (e.g., free call, toll fraud). It can be pre-empted by hardening OS24. 2.2.17 Malwares
  • 18.
    A vulnerable pieceof executable codes or program used by unknown third party to install in VoIP network and bring down its performance by hook or crook. Malicious programs or malwares are mainly classified as two cat- egories, first one simple malwares and second one is self-replicated malwares25. Logic bomb and Trojan horse are come under non self-replicated/simple malware. Self- replicating malware such as virus and worm, who spread its infection over the network within few hours or days. Trojan horses are dispatched over network for remote control over victim VoIP phones. Logic bomb helps the attacker to trigger other dangerous attacks (DoS, DDoS, sniffing etc.) in timely manner. It will be prevented by installing updated antivirus and patching up VoIP system software on regular basis. 2.2.18 Application Flaws As most of the VoIP communications are web based, it’s vulnerable to two major application flaws such as Structured Query Language (SQL) Injection attack and cross site scripting attacks. In SQL Injection attack, mali- cious commands are inserted in SQL statements to gain unauthorized access to server database. It can be prevented by implementing three primary defense mechanisms such as defensive coding, SQL injection vulnerabilities detection and runtime SQL injection attack prevention26. In cross site scripting attack, hacker uses the advantages of scripting languages to launch attack by injecting mali- cious code inside the web application. It can be prevented by configuring strong authentication and validation for web based VoIP application27. 2.2.19 TFTP Server Insertion Hacker tries to plant rouge TFTP server in the network by disabling/ spoofing actual TFTP server. It forces IP phones to receive wrong configuration information (e.g.,
  • 19.
    Call ID, SIPserver IP address and phone number) which Ashutosh Satapathy and L. M. Jenila Livingston Indian Journal of Science and Technology 7Vol 9 (6) | February 2016 | www.indjst.org may provoke bill fraud attack. It will be prevented by encrypting and authenticating the channel between IP phones and TFTP server using TLS/ SSL. N. N. Mohamed et al. suggested compression and encryption technique to secure TFTP packets28. For compression, lossless algorithm (e.g., Huffman coding) and for encryption, symmetric encryption algorithm (e.g., AES, 3-DES) is used. Diffie-Hellman Key Exchange algorithm is used for distribution of symmetric key between client and server. 2.2.20 DHCP Server Starvation Attacker generates random MAC addresses and creates DHCP request for each MAC address. By flooding DHCP server with DHCP requests, consumes DHCP IP pool and to overflow later. It is to be continued until reserved IP addresses DHCP timers will be expired. Dinu and Togan proposed digital certificate based DHCP server authentication to stop DHCP server starvation attack29. It uses asymmetric key cryptography and digital certificates for DHCP server authentication and verifying DHCP response from it to prevent starvation. 2.3 Defense Mechanisms to Prevent Attacks Defense mechanisms provide basic counter measures to prevent potential VoIP attacks explained above are broadly classified into twelve types and listed in Table 2 7,30.
  • 20.
    2.3.1 Physical AccessControl (PAC) Physical securities can be implemented mainly three ways31. First, equipment should be placed and surrounded by multi-layer barriers, which will prevent from natu- ral disasters like cyclone, floods etc. (e.g., wall, multiple locks, fireproof safes etc.). Second, deployment of surveil- lance systems such as smoke and heat detectors, cameras, alarms that decreases occurrences of manmade disasters with maximum amount. At last, practices must be imple- mented to prevent before any attack has been occur and fast recovery from damages, if any attack has occurred. 2.3.2 ARP Cache Protection (ACP) Static ARP cache entries allow maintaining manual mapping between IP address to MAC address so that Table 2. Defense mechanisms against attacks Attacks Defense Mechanisms 1. Ph ys ic al A tt ac ks
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
    PAC √ ACP √ OSP√ √ √ √ PA √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ RC √ √ FC √ √ √ SVDT √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ CA √ √ SA √ √ √ √ √ √ √ ME √ IDS √ √ √ √ √ √ √ √ √ √ √ √ … Reading and summarizing a research article: Authors’ last names (year) conducted a study about ________________________. The participants were/the setting was ___________________________. (New paragraph) The findings were _____________________________. Discussion. (Possibly a new paragraph) The authors suggested _____________________. Discussion. Students should fill in the blanks with their own words. To copy directly from the article fails to show comprehension and considered plagiarism. To “fill in the blanks”, a student should read the journal article and pay specific attention to:
  • 30.
    Sentence #1- Authors’last names (year) conducted a study about _________________. · Read the Abstract; this will give an overview of the study’s (article’s) purpose. · Read the entire article without trying to summarize it. · Go back and read the Literature Review or Background section of the article. Toward the end of the section, the authors should identify gaps in the existing literature and tell the reader how the current study will fill that gap. The authors will also state their hypothesis (purpose) at the end of this section. · Section #2 - The participants were/the setting was ___________________________. · Read the Methods section of the paper. In this section, the authors will describe how the data was collected, who was included in the sample, and any instruments used. · A reader might want to consider sample size, demographic characteristics, or any interesting protocol. · It is not necessary to report every fact (i.e., 35% of the participants were male, 71%) Section #3 - The findings were _____________________________. · Read the Findings section of the article. · Some statistics may be confusing. Pay attention to key words such as “increased”, “decreased”, “improved”, and “reduced”. · “No change” may also be considered a significant finding. · Next, read the Discussion section. The authors will present the findings in general terms. Section #4 - The authors suggested _____________________. · Read the Discussion section and look for comments that the authors made about the intervention or program such as “Did it work?” or “Should it be continued?”. · Look for the author’s critique of why the study did or did not
  • 31.
    produce results. Didanything unexpected influence the findings? · The author may suggest a future line of research or “next steps” to improve the body of knowledge. Additional Considerations: · A literature review is a summary of what research has been completed in a topic area; it should be summarized in your own words. · Read the entire article first and then go back and take notes. Jot down notes in your own words. This increases comprehension as well as decreases the likelihood of plagiarism. · The review is written in third person; no “I” or “you”. · Not every detail or fact needs to be reported. A reader will obtain a copy of the article if more information is needed. · Write the literature review in the past tense; the research has already been completed. · The article cannot “do”, “find”, or “say” anything. The authors are the people who conducted the study. · The above format is a guideline. It may be necessary to change the verbs or to expand an idea.