Abstract Voice over Internet Protocol

Abstract Voice over Internet Protocol (VoIP) is an advanced telecommunication technology which transfers the voice/video over high speed network that provides advantages of flexibility, reliability and cost efficient advanced telecommunication features. Still the issues related to security are averting many organizations to accept VoIP cloud environment due to security threats, holes or vulnerabilities. So, the novel secured framework is absolutely necessary to prevent all kind of VoIP security issues. This paper points out the existing VoIP cloud architecture and various security attacks and issues in the existing framework. It also presents the defense mechanisms to prevent the attacks and proposes a new security framework called Intrusion Prevention System (IPS) using video watermarking and extraction technique and Liveness Voice Detection (LVD) technique with biometric features such as face and voice. IPSs updated with new LVD features protect the VoIP services not only from attacks but also from misuses.

A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud

Ashutosh Satapathy* and L. M. Jenila Livingston

School of Computing Science and Engineering, VIT University, Chennai – 600127, Tamil Nadu, India; ashutosh.satapathy2013@vit.ac.in, jenila.lm@vit.ac.in

Keywords: Defense Mechanisms, Liveness Voice Detection, VoIP Cloud, Voice over Internet Protocol, VoIP Security Issues

1. Introduction The rapid progress of VoIP over traditional services is led to a situation that is common to many innovations and new technologies such as VoIP cloud and peer to peer services like Skype, Google Hangout etc. VoIP is the technology that supports sending voice (and video) over an Internet protocol-based network1,2. This is completely different than the public circuit-switched telephone net- work. Circuit switching network allocates resources to each individual call and path is permanent throughout the call from start to end. Traditional telephony services are provided by the protocols/components such as SS7, T carriers, Plain Old Telephone Service (POTS), the Public Switch Telephone Network (PSTN), dial up, local loops and anything under International Telecommunication Union. IP networks are based on packet switching and each packet follows different path, has its own header and is forwarded separately by routers. VoIP network can be constructed in various ways by using both proprietary protocols and protocols based on open standards.

1.1 VoIP Layer Architecture VoIP communication system typically consist of a front end platform (soft-phone, PBX, gateway, call manager), back end platform (server, CPU, storage, memory, net- work) and intermediate platforms such as VoIP protocols, database, authentication server, web server, operating sys- tems etc. It is mainly divided into five layers as shown in Figure1.

1.2 VoIP Cloud Architecture VoIP cloud is the framework for delivering telephony services in which resources are retrieved from the cloud data center through web applications and soft- ware, instead of a direct link to server3. Information and applications are stored on cloud servers in a distributed fashion. Apart from cloud computing characteristics such as on demand service, resource pooling, opti- mize resource allocation, pay as you go, elasticity and scalability4,5, VoIP cloud contains mainly six components as shown in Figure 2.

*Author for correspondence

Indian Journal of Science and Technology, Vol 9(6), DOI: 10.17485/ijst/2016/v9i6/81980, February 2016 ISSN (Print) : 0974-6846

ISSN (Online) : 0974-5645

A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud

Indian Journal of Science and Technology2 Vol 9 (6) | February 2016 | www.indjst.org

1.2.2 DHCP Server It is used for dynamically distributing network configu- ration parameters such as Internet Protocol (IP) address, address of TFTP server etc.

1.2.3 Application Server These servers are designed to install, host and operate applications and provide services to end users, IT industries and organizations.

1.2.4 Time Server The main principle of time server is to maintain syn- chronization over the network. The actual time from server clock is distributed to its clients using a computer network.

1.2.5 TFTP Server It helps to update the network configuration used by the phones, routers, firewalls and perhaps provide a setting file that might contain operational parameters for VoIP network. e.g., software updates, codec used in a particular region.

1.2.6 Intrusion Prevention System (IPS) It monitors networks and systems behavior for malicious instances. The major roles of intrusion prevention sys- tems are to find out suspicious instances and their log information, try to block/stop them and report to con- cern admin.

2. Literature Review VoIP technology was started in February 1995 by Vocaltec, Inc. in Israel. It transfers the voice over high speed network, cheaper comparing to PSTN and reach- able to everywhere through internet by loon developed by Google with 4G LTE speed6.

2.1 VoIP Security Issues VoIP transfers the voice over the data network through different network elements such as switches and rout- ers. Connecting PSTN to internet i.e. VoIP as a carrier for voice/video traffic, the security problems are not only common in circuit switch network (PSTN, POTS) such as eavesdropping (tapping) and toll fraud attack but also


42. Liao HJ, Lin CHR, Lin YC, Tung KY. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications. 2013; 36(1):16–24.

43. Audiopedia. Honeypot (computing). Available from: https://www.youtube.com/watch?v=2fXAw33jOBk. [Cited 2014 Dec].

44. Goel R, Sardana A, Joshi RC. Wireless honeypot: framework, architectures and tools. International Journal of Network Security. 2013; 15(5):373–83.

45. Li Z, Grochulla M, Thormahlen T. Multiple active speaker localization based on audio- visual fusion in two stages. Proceedings IEEE International Conference on Multisensor Fusion Integration Intelligence Systems (MFI); Hamburg: Germany; 2012. p. 262–68.

46. Zhu ZY, He QH, Feng XH, Xiongli Y, Wang ZF. Liveness detection using time drift between lip movement and voice. Proceedings IEEE International Conference on Machine Learning Cybernetics (ICMLC); Tianjin: China; 2013. p. 973–78.

47. Chetty G. Biometric liveness detection based on cross modal fusion. IEEE 12th International Conference on Information Fusion (FUSION). Seattle: WA; 2009. p. 2255–62.

Figure 1. VoIP layer architecture.

Figure 1. VoIP layer architecture.


Figure 2. VoIP cloud architecture.

Figure 3. Proposed VoIP cloud architecture.

Figure 4. Video watermarking scheme for signaling message.

Figure 2. VoIP cloud architecture.

1.2.1 Call Server Phones are registered with this component. It handles security and admission control while connecting the phones. The Voice data of a call carried by the transport protocol may or may not flow through the call server.

Ashutosh Satapathy and L. M. Jenila Livingston

Indian Journal of Science and Technology 3Vol 9 (6) | February 2016 | www.indjst.org

problems related to IP network. Security issues in VoIP are broadly classified into three categories.

2.1.1 Real Time Issues From last decade onwards, VoIP is used for several illegal activities such as hacking, terrorism, match fixing etc. Recently in October 2014, phone Hackers had broken into the phone network of the company, Foreman Seeley Fountain Architecture and routed $166, 000 worth of calls from the firm to premium rate telephone numbers in Gambia, Somalia and Maldives. It would have taken 34 years for the firm to run of those charges legitimately, based on its typical phone bill.

2.1.2 Network Related Issues Attacks related to destroy, block, expose, alter, disable, steal or gain unauthorized access to information in VoIP network (e.g. threats include social, denial of service, ser- vice abuse, physical access, interruption of service etc.) are listed in Table 1 followed by different types of attacks7,8.

2.1.3 Voice Related Issues As VoIP system carries voice traffic, so victim’s voice can be mimicked by an attacker/intruder. A talking and sing- ing robot that mimics human vocalization, developed by M. Kitani, Kagawa University is vulnerable to VoIP communication9.

2.2 VoIP Attacks This section deals with different types of VoIP attacks.

2.2.1 Physical Attacks The attacker performs this attack by stealing, breaking network equipment or direct control over equipment by getting unauthorized access to prohibited area for seeking of information. Some of the physical attacks are dumpster diving, shoulder surfing, hardware key logger and overt access etc. It can be prevented by keeping the documents and records safely inside locker and electronic equipment must be password protected. At last, outer layer security can be provided by deploying security guards at enter and exit points.

2.2.2 MAC Spoofing The technique of masking a MAC address upon actual MAC address through software emulation is known as

MAC spoofing. Here the hacker’s system is taken over MAC address of one of the node which is already config- ured and permitted as VoIP end device by disconnecting or turning off it from rest of the network. It can be pre- vented by number of ways10. When ARP packet arrives, direct extraction of MAC address from LAN card and from OS registry; Compare the MAC address of LAN card with OS. If it doesn’t match, then delete the entry from OS registry. Lock down the system by registering its MAC address with a DHCP IP address. At last secure the communication channel by encrypting it.

2.2.3 ARP Spoofing Hacker spreads forgery Address Resolution Protocol (ARP) packets inside VoIP network by modifying ARP buffer. Here, attacker binds own system MAC address with IP address of genuine server which causes the traffic imply for server is diverted to attacker. It advances hacker

Table 1. VoIP network threats classification

Threat Type Description Social threats These threats point straight against

individuals such as misconfigurations, security holes or defective protocol implementation in VoIP system. (e.g., Phishing, Theft of identity or Service, Social engineering, Spam etc.)

Eavesdropping, interception

and modification


These threats include illegal/ Un- authorization access and modification of signaling and transport message. (e.g., Call rerouting, interception of RTP sessions etc.)

Denial of service threats

DoS threats repudiate individual access to VoIP services. DDOS attacks strike all of user’s or business transmission potentials. (e.g., SYN/UDP floods, ICMP floods, etc.)

Service abuse threats

These threats cause inappropriate utilization of VoIP services when those facilities are provided for business purposes. (e.g., toll fraud and billing avoidance etc.)

Physical access threats

These threats are illegal physical access to VoIP devices or physical layer of the VoIP network. (e.g., Hardware key logger, theft of media, retrieval of discarded stuffs etc.)

Interruption of services threats

These threats cause VoIP services/ facilities to unviable and unavailable. (e.g., power loss due to bad climate, resource consumption due to over purchase/ extra subscription, issues that degenerate call quality etc.)

A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud

Indian Journal of Science and Technology4 Vol 9 (6) | February 2016 | www.indjst.org

not only listen to VoIP calls but also reply and terminate the VoIP calls intended for other. ARP poisoning followed by denial service threats or eavesdropping, interception or modification threats which cause severe damages to vic- tim. So, Enhanced ARP can be implemented to prevent ARP spoofing11.

2.2.4 IP Spoofing Attacker gets into the VoIP network by tricking the IP address of any authorized machine which helps him to spread malicious message inside the network. IP spoofing helps attacker to launch further attacks such as DoS attack, theft of services, toll fraud etc. by impersonating autho- rized host inside VoIP network. Basically IP spoofing can be prevented with