|Voice over IP (Internet Telephony)|
(From NIST, Security Considerations for VoIP Systems 800-58, p. 11 (April 2004))
"Before any voice can be sent, a call must be placed. In an ordinary phone system, this process involves dialing the digits of the called number, which are then processed by the telephone company's system to ring the called number. With VOIP, the user must enter the dialed number, but after that a complex series of packet exchanges must occur. The problem is that computer systems are addressed using their IP address, but the user enters an ordinary telephone number to place the call. The telephone number must be linked with an IP address to reach the called party, much as an alphabetic web address, such as www.nist.gov must be linked to the IP address of the NIST web server. A number of protocols are involved in determining the IP address that corresponds to the called party's telephone number.
"Once the called party answers, voice must be transmitted by converting the voice into digitized form, then segmenting the voice signal into a stream of packets. The first step in this process is converting analog voice signals to digital, using an analog-digital converter. Since digitized voice requires a large number of bits, a compression algorithm must be used to reduce the volume of data to be transmitted. Next, voice packets are inserted into data packets to be carried on the Internet. The protocol for the voice packets is typically the Real Time Protocol, RTP. RTP packets have special data fields that hold data needed to correctly re-assemble the packets into a voice signal on the other end. But voice packets will be carried as payload by UDP protocols that are also used for ordinary data transmission. In other words, the RTP packets are carried as data by the UDP packets, which can then be processed by ordinary network nodes throughout the Internet. At the other end, the process is reversed: the packets are disassembled and put into the proper order, digitized voice data extracted from the packets and uncompressed, then the digitized voice is processed by an digital-to-analog converter to render it into analog signals for the called party's handset speaker."
See FCC & VoIP
- NIST Special Publication 800-58 Security Considerations for Voice Over IP Systems, NIST 1/7/2005
- Performance and Security Analysis of SIP using IPsec, National Institute of Standards and Technology, January, 2004.
- Collaboration Will Investigate Vulnerabilities of Rapidly Growing Internet Phone and Multimedia Systems, NSF 4/7/2006
- Internet Draft: End-to-middle Security in the Session Initiation Protocol (SIP), K. Ono, S. Tachimoto, February 2004, Work in Progress
- Internet Draft: Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for Multimedia Session Establishment Protocols, J.Rosenberg, February 2004, Work in Progress
- Internet Draft: A Mechanism to Secure SIP information inserted by Intermediaries, M.Barns, October 2003, Work in Progress
- J. Rosenberg and H. Schulzrinne, SIP Traversal through Residential and Enterprise NATs and Firewalls. Internet Draft, Internet Engineering Task Force, Mar. 2001.
- Hannes Tschofenig, Rainer Falk, Jon Peterson, Douglas Sicker, James Polk, Jeff Hodges, "Using SAML to Protect the Session Initiation Protocol," IEEE Network, pp. 14-18, September 2006
- Douglas C. Sicker, Tom Lookabaugh and Patrick S. Ryan, A Model for Emergency Service of VoIP Through Certification and Labeling, Federal Communications Law Journal, Vol. 58, pp. 146 - 200, 2005.
- Sicker, D.C., Lookabaugh, T., "VoIP Security: Not an Afterthought," ACM Queue Magazine, Vol. 2 No 6, pp. 56-64, 2004.
- Sicker, D., and Stuka, M., "An Evaluation of VoIP Traversal of Firewalls and NATs within an Enterprise Environment," Information Systems Frontiers Journal, V. 6, No. 3, pp. 219-228, 2004.
- CASE STUDY Voice over IP cost benefits and security concerns Based on a successful implementation by the Australian Universities, sponsored by CSIRO.
- J. Halpern, IP Telephony Security in Depth. White Paper, Cysco Systems, 2002.
- A. Conry-Murray, Emerging Technology: Security and Voice over IP Lets Talk. Commweb, Nov. 2002.
- R. Barbieri, D. Bruschi, E Rosti, Voice over IPsec: Analysis and Solutions. Proceedings of the 18th Annual Computer Security Applications Conference, 2002.
- O. Arkin, Why E.T. Cant Phone Home?: Security Risk Factors with IP Telephony based Networks . Sys-Security Group, Nov. 2002.
- Traversing Firewalls and NATs With Voice and Video Over IP: An Examination of the Firewall/NAT Problem, Traversal Methods, and their Pros and Cons . Wainhouse Research, Apr. 2002.
- J. Thalhammer, Security in VoIP-Telephony Systems. Master Thesis, Institute for Applied Information Processing and Communications, Graz U. of Technology,
- M. Marjalaakso, Security Requirements and Constraints of VoIP. Department of Eleectrical Engineering and Telecommunications, Helsinki University of Technology, 2001.
- Anonymous, H.323 and firewalls: The problems and Pitfalls of Getting H.323 safely through firewalls Developer note, Intel Corporation, Apr. 1997.