The VoIP communication security protocols

Piotr Zawadzki

Abstract


The presently offered VoIP services pose a serious security problem – they are vulnerable to eavesdropping, impersonation, session hijacking and denial of service attacks. The paper presents security analysis of the proposed VoIP protocol stack, including signaling protocol SIP, key management protocols ZRTP and MICKEY and transport layer security protocol SRTP. The VoIP network security subsystem upgrade path is also described.

Keywords


VoIP; security; protocols

Full Text:

PDF

References


Butcher D., Li X., Guo J.: Security Challenge and Defense in VoIP Infrastructures. IEEE Transactions on Systems, Man and Cybernetics - Part C: Applications and Reviews, Vol. 37, No. 6, 2007, p. 1152-1162.

BromirskiM.: Telefonia VoIP. BTC, Warszawa 2006.

Rosenberg J., Schulzrinne H., Camarillo G., Johnston A., Peterson J., Sparks R., Handley M., Schooler E.: SIP: Session Initiation Protocol. RFC 3261. [@:] http://www.faqs.org/rfcs-/rfc3261.html.

Schulzrinne H., Casner S., Frederick R., Jacobson V.: RTP: A Transport Protocol for Real-Time Applications. RFC 3550. [@:] http://www.faqs.org/rfcs/rfc3550.html.

Baugher M., McGrew D., Naslund M., Carrara E., Norrman K.: The Secure Real-time Transport Protocol (SRTP). RFC 3711. [@:] http://www.faqs.org/rfcs/rfc3711.html.

Arkko J., Carrara E., Lindholm F., Naslund M., Nornnan K.: Baugher M., McGrew D., Naslund M, Carrara E., Norrman K.: MJXEY: Multimedia Internet KEYing. RFC 3830. [@:] http://www.faqs.org/rfcs/rfc3830.html.

Zimmermann P., Johnston A., Callas J.: ZRTP: Media Path Key Agreement for Secure RTP. RFC draft. [@:] http://tools.ietf.org/draft/draft-zimmermann-avt-zrtp/.

Hunter B.: Simplifying PKI Usage through a Client-Server Architecture and Dynamic Propagation of Certificate Paths and Repository Addresses, Proceedings of the 13th International Workshop on Database and Expert Systems Applications (DEXA 02), 2002, p. 505.

Slagell A., Bonilla R., Yurcik W.: A survey of PKI components and scalability issues, Proceedings of IEEE International Performance Computing and Communications Conference, 2006, p. 64.




DOI: http://dx.doi.org/10.21936/si2008_v29.n4B.504