Future Networks

VoIP security: facts instead of prejudices

It is repeatedly claimed that IP telephony is not secure. Especially after Snowden’s announcement that the NSA monitors Skype. So how secure is VoIP in reality?
One thing should be made clear: IP telephony is not always the same as Internet telephony. Yet critics often cite the security weaknesses of the Internet as their main argument for the alleged lack of information security which Voice over IP (VoIP) offers. However, telephony services can also be provided via secure IP networks; the Internet need not necessarily be used. Anyone who asks how susceptible VoIP really is to cyber attacks must therefore make a distinction between
  • over the top (OTT) providers such as Skype and WhatsApp who do not operate their own network and offer telephony services mainly via the public Internet and
  • telecommunications companies who thanks to their own infrastructure can offer VoIP via secure private networks.
Deutsche Telekom for example transports the data for landline calls via its own network, i.e. via connections in the Telekom IP backbone, which are logically separate from the connections for other services. As a result, IP telephony in the carrier network offers a level of security comparable to that of the old telephone network, the PSTN (Public Switched Telephone Network).
The drawback: if one of the people making the call has a different telephone provider, the data will pass through its network too. How immune to eavesdropping the call is therefore depends on all the networks that are involved. Having said that, this was the case with the old telephone network as well. Most telephone network operators in Germany and abroad go to great lengths to ensure that their infrastructure is secure.

Access and in-house network a weakness

Essentially, an attacker needs more specific know-how when attacking VoIP than is the case with the PSTN. After all, there were no provisions for encryption on the “last mile” with ISDN or analog telephony. Encryption was rare in local networks (LAN) too. In order to eavesdrop on a call, an attacker only needed physical access to the LAN or the relevant line, e.g. in the cellar of a building. With a SIP voice connection, however, the call between two people can be transmitted in encrypted form under specific circumstances, making eavesdropping virtually impossible. In the future, it will also be possible to encrypt certain Telekom VoIP connections between the person making the call and the new voice exchanges: via the secure SIP over TLS (or SIPS (Session Initiation Protocol Secure)) and SRTP (Secure Real Time Protocol) encryption protocols. For this to be possible, however, the telecommunications system (TC system) used or the SIP telephony client must support both protocols.
So does the switchover to SIP connections not require much of a rethink when it comes to security? Actually, it does. After all, attacks in the past affected the telephony infrastructure of a company rather than its data networks. With IP telephony, voice and data use the same network: the local area network (LAN) within individual sites and, in the case of a central TC system, the cross-site wide area network (WAN). The security of VoIP therefore influences the security of the data networks too. And vice versa: an attacker could eavesdrop on employees’ telephone calls via a hacked router or PC connected to the WAN. And this is possible from a remote location.

Network separation not an option

Naturally, companies could physically separate the voice and data network. However, this would cancel out many of the benefits of Voice over IP: for example the facility to handle telephony and data together via the existing LAN cables or to use telephone systems on standardized servers in the data center.
So what measures should companies take in order to make telephony – and therefore their data too – secure? There is no easy solution. After all, each company must assess on an individual basis what level of VoIP security it requires. However, there are at least two fundamental aspects: the use of session border controllers (SBC, VoIP firewall) and the need for encryption.

Protective wall for the public network

Every company operates a firewall between the Internet and the company network. In many cases, a second protective wall for the IP-based voice networks of the carriers is needed in order to ensure VoIP security. Depending on the level of security needed, this protective wall can be implemented in three versions:

  1. Single routers at each location: Only the firewall in the existing router (stateful packet inspection firewall) – or minimal SBC functions – secure voice data traffic between the local company network and the local SIP connection. This security architecture may be sufficient for many requirements.
  2. Upgraded routers at each location: More complex routers with SBC functions which separate the internal and external network and support encryption offer greater VoIP security. Naturally, such routers are more expensive.
  3. A central session border controller (SBC): This network component is specially designed for VoIP security. It recognizes attacks for example, fends off DDoS attacks, supports the encryption of signaling and voice data and converts these into other formats (transcoding). The Federal Office for Information Security (BSI) therefore recommends that global corporations use an SBC to secure an IP system connection. However, the fact that an SBC often costs a four to five-digit figure means that it is not worthwhile as a means of local protection for each location. Companies should therefore think about centralizing their VoIP infrastructure and relaying VoIP connections to the carrier network via a central, redundant SBC.

Secret language please

If a company wants to encrypt its IP telephony, this is much easier than with ISDN. After all, IP encryption is a fixed part of virtually all operating systems and can usually be used for VoIP encryption too. The function is therefore integrated into many softphones and IP telephones etc.
Companies now need to ask themselves how much they want to encrypt. For internal communications, this means either in the WAN only or within location in the LAN too. Most WANs consist of secure VPNs based on the MPLS protocol and provided by a network operator. However, call data can be further encrypted, for example with SRTP and SIPS. To ensure the very highest security standards, companies can even set up further IPSec encryption for the MPLS-VPN. Encryption in the LAN is worthwhile if for example companies would like to prevent their own employees eavesdropping on calls.
However, encrypting external telephone calls on an end-to-end basis is complex. After all, the end devices used by both people making the call need to use the same encryption technology. However, there is no adequately established standard for this technology so far. It is therefore only worth providing the two people making a telephone call with suitably equipped smartphones in the case of highly critical calls, for example between company directors.

Conclusion

The VoIP services which Telekom provides via its All-IP infrastructure are separate from other communications services, independent of the Internet and offer a level of security comparable to that of calls made via the old PSTN telephone network. They could even be more secure – after all, a hacker requires more technical knowledge when attacking VoIP than is the case with ISDN. However, attackers can hack companies’ VoIP components from a remote location and thus gain access to their data networks too. Session border controllers between the carrier network and company networks and the end-to-end encryption of critical calls provide a solution here – depending on the company’s security requirements.

Further articles