• Denial of service
• Theft of service
• Invasion of privacy
Security is seen as a priority for MSF, and will be addressed in our 2003 work program. See section 6 for more details.
Denial of Service
A denial of service attack prevents legitimate users of a network from accessing the features and services offered by that network. Denial of service attacks are extremely difficult in the PSTN but all too common in IP networks. There have been several successful attacks on web servers on the Internet, even including the high security government sites. In a complex network, there are many possible denial of service attacks. Some examples include sending false signaling messages so that a call agent is fooled into believing that a party has gone on-hook, bombarding a device with pings or other packets so frequently that it has no spare processing power to process legitimate requests and hacking a Subscriber Gateway to send ftp or other data traffic as high priority voice traffic.
Theft of Service
Theft of service attacks are aimed at the service provider, where the attacker simply wants to use a service without paying for it. The most common form in the current PSTN is called subscriber fraud, where a subscriber sets up an account with a service provider using false billing information, for example a stolen credit card. Other forms of theft are more technical, often utilizing black boxes or similar to fool the network into providing free service. It is interesting to note that fraudulent long-distance calls were more common when the network used in-band DTMF signaling which could be mimicked using a blue box.
Even in a VoIP access network using for example DSL, bandwidth is still a limited resource – especially the low packet loss and jitter required for good voice quality. Therefore, the network needs to be protected from subscribers misusing this high-priority bandwidth, one example would be if two SIP User Agents could set up a direct call between them, accessing the high priority bandwidth but bypassing the SIP Server(s) and hence not get billed.
Invasion of Privacy
Subscribers to the PSTN expect that their calls are private, and that no third party can eavesdrop (with the exception of lawful interception). The PSTN achieves this privacy mainly by physical security mechanisms i.e. the wire from a subscriber’s home is only connected to the local exchange or digital loop carrier and cannot easily be accessed. This is not necessarily the case with VoIP networks, in particular cable and wireless networks use a shared media which allow eavesdropping unless encryption is used. However it is important to note that there is no “one size fits all” approach to security for VoIP, for example networks that use an ATM based DSL access are fundamentally point to point networks and for these networks encryption is unnecessary provided that the core network is suitably secured.
No comments:
Post a Comment