For some, IP telephony is simply not as trusty as Ma Bell. And a number of VoIP security issues have recently popped up that reaffirm their fears, raising an unsettling question: Is telephone service over the public internet network secure enough to replace PSTN?
When it comes to phone service, be it delivered over the internet or the old-fashioned way, people expect one thing: They want it to just work.
For all the shortcomings of traditional PSTN service — high cost, a dearth of new features, lack of mobility — it is as trusty as a solid steel hammer driving home a nail. You pick up the handset, punch a few numbers and talk away.
No one has ever been unable to receive a PSTN call because of an Internet routing problem or an attack by hackers. A traditional phone user can hold a conversation reasonably certain that an unauthorized person is not listening in. And it's not easy for an unscrupulous soul to make a Baby Bell call on your nickel while sitting somewhere far from your home.
In the new world of Voice over IP, for some, this trust is still lacking. And a number of VoIP security issues have recently popped up that reaffirm their fears, raising an unsettling question: Is telephone service over the public internet network secure enough to replace PSTN?
Last year, VoIP service provider Vonage discovered that users had figured out a way to crack their provisioning encryption. Early this year, many IP telephony products using the H.323 protocol, including the venerable Cisco ATA 186 telephone adaptor, were found to have buffer overflows, creating potential security issues. In February, a routing issue brought down Free World Dialup for several hours. And last week, Broadvox Direct users discovered that an entire directory containing sensitive configuration files was open to any web browser.
Security concerns are even more troubling to the fledgling VoIP service provider industry. Not only do these issues potentially affect the technology's rate of adoption among consumers, fraud and abuse also threaten to eat into slim profit margins.
Service providers who offer bargain-rate plans with unlimited nationwide calling features have a direct interest in ensuring their systems are secure so that only paying customers utilize the service. Terminating telephone calls to the PSTN system represents a significant cost for an internet telephone service provider, and abuse of unlimited plans could be expensive.
"With the unlimited [calling plan] product there is the obvious possibility that someone would use the credentials with a PBX — or with multiple units — to make significantly more ‘unlimited' calls than a normal user" says, Ravi Sakaria , CEO and President of VoicePulse, a New Jersey-based internet telephone service provider.
Making Calls Despite Network Troubles
With VoIP over the public Internet, a number of factors can affect the ability to use a phone: a misconfigured NAT router, outages with cable or DSL providers, routing problems between a couple of Tier-1 providers, or even a denial of service attack.
Most every VoIP provider assumes the SIP device will be behind a NAT router of some kind and optimizes the configuration accordingly. This minimizes the amount of configuration the end users needs to perform.
VoIP providers usually have a number of different calling gateways, possibly in multiple locations, to ensure maximum availability and call quality.
“We have servers that monitor the health of the network, measure latency, load, current capacity, etc.” says Jeffery Williams, President of Broadvox Direct, a new Cleveland-based consumer VoIP provider. “When you place a call it selects a route that will best serve that call.”
Who Are You, And Whom Are You Calling?
When a call is made using VoIP, call setup information is communicated “in the clear,” making it easily readable. This means anyone with a packet sniffer, a piece of software that records the information being passed over a network, can gather quite a bit of information about the call setup. With the SIP protocol, the protocol used by the majority of VoIP providers today, two vital pieces of information are communicated during call setup: the phone number being called, and the authentication information (e.g. SIP username and password).
Many protocols used over the Internet essentially communicate login credentials in the clear. Protocols for reading and sending mail generally use plaintext authentication.
The designers of SIP implemented a hybrid of plaintext authentication: a challenge-response system. In SIP communications, the username is communicated in the clear, but the password is transmitted with a cryptographically secure hash such as MD5.
Security of a Voice Call
Beyond the call setup details and device configuration, there is one other important aspect to secure: the data stream containing voice. Today, most providers do not encrypt the voice data in any way. The reasons for this are a matter of practicality: encryption requires a lot of CPU horsepower.
The end-user SIP devices and soft switches used by providers have to be able to encrypt and decrypt information in near real-time without adversely affecting call quality. This is not an impossible problem to solve (SIP actually has provisions for end-to-end encryption), but it requires a significant investment in hardware and infrastructure necessary to support it on a large scale.
In order to actually intercept the call setup or voice data for an in-progress SIP call, you have to be at a location where the call is traveling through, either at the telephone service provider or the ISP. Since it's possible for a connection to change routes midstream, there are only a couple of points where it is practical to intercept a SIP call: On either the SIP client or proxy's premises, or at the ISP used by either endpoint. This isn't unique to SIP: a PSTN call can be intercepted in similar locations.
One hardware manufacturer is working towards encrypting the voice portion of a call. In an upcoming version for firmware for their SPA-2000 telephone adaptor, Sipura Technology will implement Secure-RTP (S-RTP), as described by the current Internet draft.
Version 2.0 of the Sipura firmware, say company officials, will include option to make an outbound call secure by entering a feature service code before the called number is dialed. After the units successfully authenticate each other, audio packets in both directions will be encrypted based on the draft S-RTP RFC.
Sipura's implementation of S-RTP involves a public-private key authentication mechanism in addition to encryption of the actual audio packets. At the beginning of a call, a unique audible tone alerts users that the call is secure.
"The SPA has the processing power to provide end-to-end encryption without sacrificing voice quality, and initializing a secure call is as easy as dialing a star code and the telephone number of the person you are calling," said Sherman Scholten, Sipura Technology's Director of Marketing. "This is a first where a low-cost VoIP endpoint can support industrial strength security."
Protecting the Authentication Credentials
When most consumers receive a SIP device directly from a VoIP provider, the device is “locked”: pre-configured to the provider's service and not configurable by the end user. While this does protect the device from unauthorized configuration changes, thus potentially driving up support costs for the provider, the primary reason is to protect the SIP credentials (at least the password because the username is communicated in a readable way as described previously).
In some circumstances, a VoIP provider will disclose the username and passwords to an end user. For example, VoicePulse provides the SIP username and password for some of their plans. iConnectHere, the consumer division of deltathree, Inc., which provides hosted, private-labeled Internet telephony products and services worldwide, also provides SIP username and passwords for their accounts.
Because these plans are available either with a per-minute charge or include only a limited number of minutes before per-minute overage charge kick in, the provider is less concerned with the potential for abuse.
Protecing the Device Configuration
SIP devices distributed by service providers are usually remotely configured and provisioned. The devices are set to periodically download a configuration file from a server. Trivial File Transfer Protocol (TFTP) is a common method used to obtain these files. The Sipura SPA-2000 also uses HTTP to obtain this information.
This approach, though, has a problem. Anyone with a packet sniffer is able to determine the location and the file the device is downloading, and possibly download the configuration file itself. In fact, this is how several Broadvox Direct users were able to locate the directory containing configuration files for about 185 users.
The configuration files for the devices can be completely unencrypted, but almost all providers opt to encrypt the configuration files. On the Cisco ATA-186, the configuration files can be encrypted with a 128-bit RC4 algorithm. The Sipura SPA-2000 incorporates RC4 as well as the Advanced Encryption Standard (AES) at up to 256 bits. The encryption keys can either be device-specific or generic. RC4 and AES are strong, industry-standard encryption protocols. As evidenced by the recent Broadvox Direct incident, improper use of these protocols can result in configuration information leakage.
This isn't the first time this type of thing has occurred with a VoIP provider. A less publicized incident involving Vonage about nine months ago resulted from Vonage not using a strong enough encryption key to encrypt the configuration files for their Cisco ATA-186 devices. This allowed anyone who was able to capture their configuration file to easily decrypt the configuration file. Vonage has since switched to more secure encryption keys, making it far more difficult to decrypt the configuration files.
Phone calls to Vonage to discuss security concerns were not returned.
Sakaria declined to talk about the specifics of the encryption schemes VoicePulse uses, but praised the tools built-in to the adaptor his company distributes.
“The SPA-2000 offers a number of options,” he said. “It's the most flexible device available in terms of its provisioning and encryption capabilities.”
Sipura provides a number of provisioning options, and is providing additional provisioning enhancements in the upcoming version 2.0 firmware for their SPA-2000.
One major enhancement will be the ability to download configuration using HTTPS. This provides an extra layer of encryption for the configuration information, obscures the actual location of the configuration file and provides another mechanism for authentication: client certificates. With HTTPS authentication, it would have been very difficult to obtain the directory information users of Broadvox Direct were able to sniff out.
"HTTPS with the addition of an SSL Client Certificate on the SPA allow service providers to streamline and strengthen the end-point provisioning process." Said Sherman Scholten, Marketing Director for Sipura. "Sipura Technology telephone adapters provide secure provisioning functionality based on SSL/TLS encryption and authentication. Beginning this month, each unit will contain a certificate that can uniquely and securely identify the end-point to remote servers owned by VoIP service providers."
So, how secure is IP telephony?
The only truly secure method of communication is for two parties to be in the same, sound-proofed room with no other listening devices present. All methods of communication, even the PSTN, are subject to some form of eavesdropping. Even encrypted communications can potentially be broken if the algorithm is implemented incorrectly or there is a sudden increase in the available computing power to allow the encryption to be broken in a brute-force manner.
The industry as a whole — from service providers to hardware manufacturers — is taking forceful steps to ensure that communications over the Internet are safe and secure. At this rate, it won't be long before IP telephones are as “trusty” as old Ma Bell.