Influence of security mechanisms on quality of service with VoIP - Prof. Dr. Norbert Pohlmann
Influence of security mechanisms on quality of service with VoIP
P. Backs, N. Pohlmann:,
While Voice over IP (VoIP) is advancing rapidly in the telecommunications market, the interest to protect the data transmitted by this new service is also rising. However, in contrast to other internet services such as email or HTTP, VoIP is real-time media, and therefore must meet a special requirement referred to as Quality-of-Service to provide a comfortable flow of speech. Speech quality is worsened when transmitted over the network due to delays in transmission or loss of packets. Often, voice quality is at a level that even prevents comprehensive dialog. Therefore, an administrator who is to setup a VoIP infrastructure might consider avoiding additional decreases in voice quality resulting from security mechanisms, and might leave internet telephony unprotected as a result. The inspiration for this paper is to illustrate that security mechanisms have negligible impact on speech quality and should in fact be encouraged.
Telephony systems are the most important communication media in modern society. Nonetheless, most users still tolerate the inherent security weaknesses in voice transmission over telephones. Indeed, circuit-switched telephone communication is not encrypted and the call participants are not authenticated. Circuit-switched telephony security is based on physical protection of the telephone line, which leaves communication data completely exposed to an attacker gaining physical access. The same situation applies to VoIP; the attacker must have access to the telephony device of a call participant or the network media carrying the voice data. In comparison to classic telephone technology, however, access to transport media is achieved far more easily. So-called Spoofing Attacks can be used to fake the identification (ID) of a caller, allowing the redirection of VoIP traffic through the system of an attacker to be easily eavesdropped. Another threat is inherent to internet routing technology, as IP packets are not meant to be transported over fixed routes from one host to another. Instead, routes are determined dynamically and beyond the control of communicating peers. In this way, a malicious system could be found along the route of a packet, exposing voice content if not secured properly. Furthermore, the ability to intercept voice data traffic is not dependent on special hardware, as is the case with ISDN, for example. Instead, a