Ravings Of A Strange Mind: Industry Archives

July 29, 2005

VoIP security

Yesterday, a Slashdot article was carrying the following quote in an article titled "Voip Security":

The fact that VoIP operates across standard networks makes it vulnerable to all manner of IP hacking - including man in the middle attacks,sniffing, session hijacking, etc.

This seems to be saying that VoIP is somehow less secure because it operates across networks that use standards. This is an interesting conclusion, because the implication is that this is somehow different from the situation with the existing telephone network that VoIP is replacing.

There are so many holes in this argument that it is hard to know where to start, but I'm going to try anyway.

The most obvious flaw in this statement is that the networks that VoIP operates on (including the Internet) only exist because there are standards. Without these standards, which act as treaties beween all of the people who want interconnect, there would be no way to build the network in the first place. To use an analogy, this is kind of like complaining about the fact that air pollution is a problem because we breath air. There's not a lot we can do about it.

Looking past this statement, the concern seems to be that VoIP networks are somehow more susceptible to interception or hacking than the technology it is replacing. Again, this argument does not hold water, because PSTN networks can be hacked in just as many ways as IP networks. As was pointed out by responders to the Slashdot article, any kid with a phone handset and a pair of alligator clips can clip onto a phone line and intercept calls, or make unlimited calls on someone else's account until they do something stupid and get caught.

So what's the problem?

As usual, I think it's all about perceptions. For some reason, VoIP networks are perceived as being less secure. And this is because the technology behind VoIP (i.e. the Internet) is understood to some extent by the the people making the claims. Those same people have little understanding of the PSTN network, because that has just become part of the invisible fabric of society. The reality is that both technologies currently have much the same problems and vulnerabilities. But there is on major difference - VoIP has much more room to actually address the issue of security.

The word "secure" tends to get used as a catch-all label for a grab bag of issues including call interception, phone fraud, and billing problems. As far as VoIP in concerned, the solution comes down to two issues: authentication, which means knowing that you are talking to the person you think you are talking to; and privacy, which relates to the ability to ensure that communication between two parties cannot be intercepted by an untrusted third party.

The two concepts of authentication and privacy are theoretically independent, but in practice there is little point in having privacy without authentication. This is because defeating a "man-in-the-middle" attack requires authentication, and there is little point in having private communications if it can be subverted by simply interposing a third party. So authentication is the first requirement, and then privacy will follow.

The PSTN network implements authentication by enforcing a relationship between a billing entity and a piece of wire or fibre. This works because the PSTN switches (which are under the control of servicde provider) are actually physical connected to a piece of network cable that goes to the customer. In the case of cell phones, authentication relies on a number embedded in the handset. Neither of these are particularly strong methods of authentication - cloning of cell phone handsets is rife and anybody who has seen a telephone technician attach a test handset to wire pairs in a street phone switch panel cannot possibly see this as being secure. Privacy is achieved by the same physical means, which in the end all comes down to security through obscurity, which we all know is a totally outmoded concept.

VoIP technology will change this. Not might change, but will change. I predict that the next few years will see cryptographically authenticated and encrypted VoIP networks become the standard. This technology will be based on exactly the same methods used by secure web sites, namely certificates and encryption. In fact, the standards already exist for authentication and privacy for both SIP and H.323 and the only reason they have not been widely implemented to date is just a matter of maturity (in the networks) and lack of demand (from consumers). That is already changing.

Apart from consumer demand, there are several factors driving the service providers towards fully authenticated and private VoIP communications. Emergency 911 support is one of them. There is also the desire to move to post-billing for VoIP which will require much more robust authentication than the simple account number and PIN that most vendors use currently.

A fully authenticated VoIP network requires an infrastructure to distribute issue, maintain and distribute certificates (or equivalent) to endpoints. I see this as being piggybacked onto some other authentication system, such as the keyring concept used by Phil Zimmerman's PGP network. It could also be done by the Passport system from Microsoft, or the similar offerings from any of the major portals such as Yahoo or AOL. Within a corporate environment, it could be done using smartcards or hardware built-in to the endpoint itself.

Regardless, there is no reason to believe that VoIP is any less secure than PSTN, and lots of reasons to see why it can be far more secure than PSTN could ever be. I'm looking forward to seeing it happen, and if possible, making it happen via OPAL :)

Posted by CraigS at 12:01 AM | Comments (1)