A Method For Evaluating The Security Of VoIP Services

VoIP is a new and very attractive technology. Its definition bypasses the transmission of voice over packet-switched IP networks to meet other multimedia applications and to ensure dynamism, mobility and innovative applications. Due to its great flexibility and economical advantage over traditional PSTN, its deployment widely increases by both enterprises and individuals. Based on a set of standard and proprietary protocols, VoIP products are not limited to end-user equipments, but include as well call processors and managers, signaling and media gateways, proxies and firewalls.VoIP inherits the adjacent security problems associated to the IP augmented with new specific ones. Vulnerabilities of signaling and media protocols could be exploited for eavesdropping, fraudulent usage and denial of service. VoIP is attractive for advertisers that can easily deploy Internet call centers and make automated calls at low costs.Security considerations for VoIP have been and still are the subject of a large audience in the industrial, academic and government communities. In fact, VoIP security is strongly constrained by its special characteristics like quality of service issues, address translation and dynamic call establishment across firewalls. Conventional data networks policies like encryption, authentication and data integrity are highly recommended. However, they don't totally fit into practical deployments of VoIP architectures which are of large scale, open and dynamic nature. Such policies are incompatible with network address translation, increase latency, and need a key distribution infrastructure. More stress should be put on second line of defense policies like proactive defense, intrusion detection and monitoring mechanisms for the mitigation or the prevention of attacks. Important work in both host and network intrusion detection has already been done by the industrial and academic research communities, focused in scope towards network intrusion detection for transport, routing and application level protocols. However, specific approaches for VoIP are still in a preliminary stage.Already submitted inherent vulnerabilities at the IP layer which this service is based, it brings with it new threats to security of computer systems. To improve the security of these services it should provide domain experts and developers of applications that are deployed solutions that automate the process of discovering vulnerabilities and ways to verify that these vulnerabilities are well covered by barriers effective deployments real.The thesis work is placed in this perspective and focus on the design of such environments for communicating systems. The approach is instantiated on the SIP protocol described in Section 1.4.The thesis is motivated to leverage existing conceptual solutions for the VoIP specific application domain. It focuses on the design, validation and implementation of new models and architectures for performing proactive defense, monitoring and intrusion detection in VoIP networks. The manuscript is composed of fourth parts and organized as follows:The first chapter gives an overall, yet brief introduction about VoIP signaling; media transfer and network address translation traversal protocols.The second chapter goes across a panorama of the VoIP threats. Among all possible threats, it focuses on VoIP specific ones with a description of the SIP protocol which is the preferred used case of the work done in this thesis. The work try to accomplish the first task of any security project which is the risk identification and classification risks, this chapter is concluded by presenting the best practices recommendations to minimize attacks on VoIP networks.The third chapter describes architecture for integrated analysis of VoIP security. This architecture automates the process safety audit of a VoIP infrastructure and ensures integration and interoperability of components via a unified information model.This architecture is an assessment approach which exploits different existing tool in order to build a common information model for VoIP assessment (specifically to SIP). Thus, information gathered in the model can later be used to conduct testing attacks in order to evaluate the network security level.Finally, this thesis addresses the issue of detecting vulnerabilities using fuzzing technique. It describes an automated attack approach capable to self improve and to track the state context of a target device. This approach has been implemented and was able to discover vulnerabilities in market leading and well known equipments and software.