Week 10 – Lecture 1

1. Security of SIP based Telephony

2. Network Address Translation (NAT)
3. Quiz 3
Simple SIP call flow
A more complicated SIP call flow
VoIP threats & attacks:
1. IP-level threats – common to other apps that use IP e.g.
email
2. Protocol and application-specific threats – the way SIP is
designed or implemented

Application-level flood attack –

a. Flood victim with fake calls (a call where attacker
hangs up or plays a recorded media file). Victim
cannot make calls or receive any incoming calls. Voice
spam - serious impact for some business esp. call
centres
 b. Disrupt or forcefully terminate a call – attacker uses a
tool to monitor network traffic. As soon as an ongoing
call is detected, send a SIP terminate message to
terminate a call prematurely.
c. Unregister an extension – VoIP phone must regularly
register with their VoIP server. If a fake message is sent
to a VoIP server to de-register a call, then the extension
can be made invalid because the VoIP server will no
longer know how to route traffic for that extension. In
effect, no calls can made to that extension.
d. Wiretapping is much easier (Point and Click
wiretapping) because victim’s PC can be compromised
via malware. Calls can be easily monitored and recorded
without a warrant or court order (e.g. call from CFO to
bank).
3. Content-related threats – interfere with the media stream
• VoIP Security Threats
https://www.youtube.com/watch?v=fCX7L2lNypQ
More Attacks…
• Can we create a way to securely identify the origin of a call
that can be used to combat robocalling, vishing and
telephony denial-of-service (TDOS) attacks?

• Robocalling – telephone equivalent of email spam

https://www.youtube.com/watch?v=E4CDuJof5e0 until 4:30
• Vishing – Hack Attack – Vishing
https://www.youtube.com/watch?v=BEHl2lAuWCk
What is Vishing and how does it work?*
https://www.youtube.com/watch?v=DoFA9_f4DRo
• Telephony denial of service (TDoS) *
https://securelogix.com/blog/a-video-on-telephony-denial-
of-service-tdos/
Securing VoIP & SIP
• Over the last decade, a growing set of problems have
resulted from the lack of security mechanisms for attesting
the origins of real-time communications. As with email,
the claimed source identity of a SIP request is not verified,
and this permits unauthorized use of source identities as
part of deceptive and coercive activities, such as
robocalling (bulk unsolicited commercial
communications), vishing (voicemail hacking, and
impersonating banks) and swatting (impersonating
callers to emergency services to stimulate unwarranted
large scale law enforcement deployments).
• SOURCE: https://www.disruptivetelephony.com/identity/
Securing VoIP & SIP
Typical configuration for unsecure VoIP communication:
• SIP – (Signal Initiation Protocol) for signalling
• RTP – (Real-time Transport Protocol) for real time
transmission of voice / video packets

Typical configuration for secure VoIP communication:

• Secure SIP (SIPS) – SIP used over TLS
• Secure RTP (SRTP) – data flow is encrypted using AES
OR
• Use a VPN channel – a VPN tunnel is created between the
VoIP phones
• However, UAs are required to support HTTP digest based
authentication only.*

• SIP messages between the SIP servers and UAs are in clear
text.*
• Therefore, man-in-the-middle (MITM) can freely
modify/spoof those fields that are not protected by the SIP
authentication.

• All these vulnerabilities in SIP authentication make it

possible to manipulate the SIP messages to corrupt the
billing of SIP-based VoIP systems
Network Address Translation
NAT Router Security Solutions https://www.grc.com/nat/nat.htm
Introduction: What is NAT?

• A NAT router creates a local area network (LAN) of

private IP addresses and interconnects that LAN to the
wide area network (WAN) known as the Internet.
Introduction: What is NAT?
• The most common use for NAT routers is serving as an
"interface" between the global public WAN Internet and a
private non-public LAN.

The private addresses

can be used over and
over again… but only
inside a network

• Animation of Network Address Translation Concept (NAT)

https://www.youtube.com/watch?v=ZBo_ZRRuN3U *