 |
Seminar on Network Security
Introduction of the topics and some material for the session ofVoIP Security
Tutored by Jari Arkko, Tommi Linnakangas and Bengt SahlinVoice over IP (VoIP) refers to technology making it possible to transfer voice data over an IP network, thus making it possible to make phone calls over the Internet. As Internet is a public network where it is very easy to intercept or manipulate data traversing through the nodes, there is a need for security mechanisms to protect the traffic. The security issues in VoIP are at large unsolved.
Security requirements and constraints in VoIP
-
VoIP traffic is transferred in an IP network according to a specific
message format. To make a phone call through the network, there is a need
for some mechanism set up the the connection. The need to provide
sufficient security implies a set of security requirements on VoIP. The
architecture of VoIP puts restrictions for the security solutions in the
network.
The purpose of this study is to provide a general description of VoIP. The study should cover the architecture of VoIP and describe the security requirements and constraints for VoIP.
References:
http://www.protocols.com/voip
Real Time Transport Protocol (RTP) security
-
The Real Time Transport Protocol is a protocol defined by IETF standards
to transport real time streams through an IP based network. The protocol
can for example be used to carry voice information. Security mechanisms
are needed to protect traffic carried by RTP.
The purpose of this study is to describe RTP and the security provided in the protocol. The paper should compare RTP against IPSec (and possibly other security mechanisms) in terms of security, simplicity and overhead.
References:
RTP RFCs and drafts
http://www.ietf.org/html.charters/avt-charter.html
http://www.cs.columbia.edu/~hgs/rtp/faq.html
Authentication of SIP calls
-
The Session Initiation Protocol (SIP) is a protocol defined by IETF
standards to set up phone calls. The calls can be set up between two nodes
in an IP network, between a traditional telephone terminal and an node in
the IP network, and vice versa. To set up the call, there is a need for a
mechanism to authenticate the end node equipments to ensure that the call
is set up between the correct parties. This paper should study how the
authentication can be performed.
References:
SIP RFCs and drafts
http://www.ietf.org/html.charters/sip-charter.html
http://www.softarmor.com/sipwg/
The Security architecture of H.323
-
H.323 is a standard covering multimedia communications that do not
provide a guaranteed Quality of Service. This study should present the
security architecture of H.323.
References:
http://www.protocols.com/voip
PacketCable security architecture
-
PacketCable is a project aimed at identifying, qualifying and
supporting Internet-based voice and video products over cable
systems.
This study should present the security architecture of PacketCable. It should also compare the security to security provided by IPSec, and security provided through the Kerberized Internet Negotiation of Keys (KINK).
References:
http://www.packetcable.com
http://www.packetcable.com/specifications.html
http://search.ietf.org/internet-drafts/draft-thomas-kink-charter-00.txt
Legal interception and VoIP security
-
Traditional telephone systems provide ways to legally intercept phone
calls. In the Internet, no mechanisms exist for intercepting traffic that
is secured by strong cryptography. The purpose of this paper is to study
possible mechanisms for providing legal interception in VoIP calls, and
analyse the impact of such potential mechanisms on the security of VoIP.
References:
http://www.protocols.com/voip
http://www.packetcable.com/specs/pkt-sp-esp-I01-991229.pdf
http://www.packetcable.com/specs/pkt-tr-escf-V01-991229.pdf
This page is maintained by Network Security teaching staff,
E-mail: netsec@tml.hut.fi.
The page has been last updated on September 11, 2000
URL: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/intro/voip.html