Tinjauan Keamanan VoIP

PAGE 1

H.323 versus SIP: A Comparison

This is, frankly, the best comparison of H.323 and SIP available anywhere. Virtually all of the others are misleading, out-of-date, and just plain wrong. To compound the problemto further propagate the error, as it werewe have also seen several papers written by naive students and rank-and-file engineers that blindly parrot what they have read in these comparisons. Furthermore, many, many people have formed their opinions of H.323 and SIP based not on each protocol's merits but solely on the misinformation provided by these comparisons and through other information provided by largely the same sources.

To counter this misinformation, we decided to put together this thorough, up-to-date comparison. As with ours, please consider the financial interests of the source of any information on this subject, be it an author, speaker, institution, forum, company, web site, or conference. Are the people providing information on this issue involved in both of theseand otherprotocols and have nothing besides perhaps an honest academic interest in one or the other protocol, or have they otherwise "hitched their wagon" to one?

Like everything else on the web, this is a living document which we will be updating as the standards evolve. In fact, there is much work in progress for both H.323 and SIP, but, in order to compare apples to apples and make this comparison meaningful, we have chosen to focus on what is currently defined rather than on what might be defined in the future. Also, note that commentary that is not vital to the main comparison text appears in a smaller font immediately below it.

H.323SIP

Philosophy

H.323 was designed with a good understanding of the requirements for multimedia communication over IP networks, including audio, video, and data conferencing. It defines an entire, unified system for performing these functions, leveraging the strengths of the IETF and ITU-T protocols.

As a result, it might be reasonable for users to expect about the same level of robustness and interoperability as is found on the PSTN today, although this admittedly varies across the globe.

H.323 was designed to scale to add new functionality. The most widely deployed use of H.323 is "Voice over IP" followed by "Videoconferencing", both of which are described in the H.323 specifications.

SIP was designed to setup a "session" between two points and to be a modular, flexible component of the Internet architecture. It has a loose concept of a call (that being a "session" with media streams), has no support for multimedia conferencing, and the integration of sometimes disparate standards is largely left up to each vendor.

As a result, SIP is now a 14-year old protocol with a vast number of interoperability problems. While SIP has been successfully deployed in some environments, those are generally "closed" environments where the means of interoperability has been PSTN gateways.

Complexity

H.323 is limited to multimedia conferencing, so the complexity of the system is constrained accordingly. No communication system is simple, but H.323 attempts to clearly define the basic set of functionality that all devices must support.

SIP was initially focused on voice communication and then expanded to include video, application sharing, instant messaging, presence, etc. With each capability, complexity increases and, unfortunately, there are no strict guidelines as to what functionality any given device must support. This leads to more complex systems with more interoperability problems. Since SIP was "marketed" as a simple protocol, in spite of the fact it only looks simple on the surface, we suggest you refer to the SIP Myths page.

Reliability

H.323 has defined a number of features to handle failure of intermediate network entities, including "alternate gatekeepers", "alternate endpoints", and a means of recovering from connection failures.

SIP has not defined procedures for handling device failure. If a proxy fails, the user agent detects this through timer expiration. It is the responsibility of the user-agent to send a re-INVITE to another proxy, leading to long delays in call establishment.

Message Definition

ASN.1, a standardized, extremely precise, easy-to-understand structural notation that is used by many other systems.

ABNF, or Augmented Backus-Naur Form, a syntactical notation. SIP uses the ABNF as defined in RFC 2234.

Message Encoding

H.323 encodes messages in a compact binary format that is suitable for narrowband and broadband connections. Messages are efficiently encoded and decoded by machines, with decoders widely available (e.g., Ethereal).

SIP messages are encoded in ASCII text format, suitable for humans to read. As a consequence, the messages are large and less suitable for networks where bandwidth, delay, and/or processing are a concern.

SIP messages get so large that they sometimes exceed the MTU size when going over WAN links, resulting in delays, packet loss, etc. As a result, effort has been made to binary encode SIP (e.g., RFC 3485 and RFC 3486).

Media Transport

RTP/RTCP, SRTP

RTP/RTCP, SRTP

Extensibility -

Vendor Specific

H.323 is extended with non-standard features in such a way as to avoid conflicts between vendors. Globally unique identifiers prevent feature and data element collision.

SIP is extended by adding new header lines or message bodies that may be used by different vendors to serve different purposes, thus risking interoperability problems.

The risk is admittedly small, but this problem has already been seen in the real world with similar extension schemes.

Extensibility -

Standard

H.323 is extended by the standards community to add new features to H.323 in such a way as to not impact existing features. However, new revisions of H.323 are published periodically, which introduce new functionality that is mandatory, yet done in such a way as to preserve backward compatibility.

SIP is extended by the standards community to add new features to SIP in such a way as to not impact existing features. However, new revisions of SIP are potentially not backward compatible (e.g., RFC 3261 was not entirely compatible with RFC 2543). In addition, several extensions are "mandatory" in some implementations, which cause interoperability problems.

Scalability -

Load Balancing

H.323 has the ability to load balance endpoints across a number of alternate gatekeepers in order to scale a local point of presence. In addition, endpoints report their available and total capacity so that calls going to a set of gateways, for example, may be best distributed across those gateways.

SIP has no notion of load balancing, except "trial and error" across pre-provisioned devices or devices learned from DNS SRV records. There is no means of detecting the load on a particular gateway or to know whether a device has failed, meaning that proxies simply have to try a PSTN gateway, wait for the call to timeout, and then try another.

Scalability -

Call Signaling

When an H.323 gatekeeper is used, it may simply provide address resolution through one RAS message exchange, or it may route all call signaling traffic. In large networks, the direct call model may be used so that endpoints connect directly to one another.

When using a SIP proxy to perform address resolution for the SIP device, the proxy is required to handle at least 3 full message exchanges for every call. In large networks, such as IMS networks, the number of messages on the wire may be excessive. A basic call between two users may require as many as 30 messages on the wire!

Scalability -

Statelessness

An H.323 gatekeeper can be stateless using the direct call model.

A SIP proxy can be stateless if it does not fork, use TCP, or use multicast.

Scalability -

Address Resolution

H.323 defines an interface between the endpoint and gatekeeper for address resolution using ARQ or LRQ. The H.323 gatekeeper may use any number of protocols to discover the destination address of the callee, including LRQs to other gatekeepers, Annex G/H.225.0, TRIP, ENUM, and/or DNS. The endpoint does not have to be concerned with the mechanics of this process, and the processing requirements for address resolution placed on the gatekeeper by H.323 are for just a single message exchange.

Although out of scope of H.323, an H.323 endpoint may perform its own address resolution using ENUM and/or DNS and then place a direct call to the resolved address or provide the resolved address to the gatekeeper as an "alias".

While SIP has no address-resolution protocol, per se, a SIP user agent may route its INVITE message through a proxy or redirect server in order to resolve addresses. The SIP proxy may use various protocols to discover the destination address of the callee, including TRIP, ENUM, and/or |REFREF|1035||DNS|. The endpoint does not have to be concerned with the mechanics of this process. Unfortunately, the processing requirements placed on the SIP proxy are higher than with H.323 because at least 3 message exchanges must take place between the SIP device, SIP proxy, and the next hop.

Although out of scope of SIP, a SIP user agent may perform its own address resolution using ENUM and/or DNS and then place a direct call to the resolved address or through a proxy.

Addressing

Flexible addressing mechanisms, including URIs, e-mail addresses, and E.164 numbers.

H.323 supports these aliases:

E.164 dialed digits

generic H.323 ID

URL

transport address

email address

party number

mobile UIM

ISUP number

H.323 also supports overlap sending with no additional overhead, except conveyance of the newly received digits in a single message.

SIP only understands URI-style addresses. This works fine for SIP-SIP devices, but causes some confusion when trying to translated various dialed digits. The unofficial convention is that a "+" sign is inserted in the SIP URI (e.g., "sip:+18005551212@example.com") in order to indicate that the number is in E.164 format, versus a user ID that might be numeric.

SIP has support for overlapped signaling defined in RFC 3578, though additional digit received requires transmission of three messages on the wire (a new INVITE, a 484 response to indicate that the address is incomplete, and an ACK).

Billing

Even with H.323's direct call model, the ability to successfully bill for the call is not lost because the endpoint reports to the gatekeeper the beginning and end time of the call via the RAS protocol. Various pieces of billing information may be present in the ARQ and DRQ messages at the start and end of the call.

If the SIP proxy wants to collect billing information, it has no choice but to stay in the call signaling path for the entire duration of the call so that it can detect when the call completes. Even then, the statistics are skewed because the call signaling may have been delayed. Otherwise, there is no mechanism in SIP to perform any accounting/billing function.

Call Setup

A call can be established in as few as 1.5 round trips using UDP:

Setup ->

Of course, more elaborate call establishment procedures may be required to negotiate complex capabilities, negotiate complex video modes, etc.

A call can be established in as few as 1.5 round trips using UDP:

INVITE ->

Most real-world flows are more complex, as they often pass through one or more proxy devices, have intermediary response messages, and "negotiate" capabilities through a "trial and error" process that is far from scientific. Here is a more real-life SIP call flow.

Capability Negotiation

H.323 entities may exchange capabilities and negotiate which channels to open, including audio, video, and data channels. Individual channels may be opened and closed during the call without disrupting the other channels.

SIP entities have limited means of exchanging capabilities. RFC 3407 is the state of the art, which is more or less a "declaration" mechanism, not a negotiation procedure. The end result is still a "trial and error" approach in case the called party does not support the proposed media.

Call Forking

H.323 gatekeeper can control the call signaling and may fork the call to any number of devices simultaneously.

SIP proxies can control the call signaling and may fork the call to any number of devices simultaneously.

PSTN Interworking

H.323 borrows from traditional PSTN protocols, e.g., Q.931, and is therefore well suited for PSTN integration. However, H.323 does not employ the PSTN's circuit-switched technology--like SIP, H.323 is completely packet-switched. How Media Gateway Controllers fit into the overall H.323 architecture is well-defined within the standard.

SIP has no commonality with the PSTN and such signaling must be "shoe-horned" into SIP. SIP has no architecture that describes the decomposition of the gateway into the Media Gateway Controller and the Media Gateways. This has been a recent study of 3GPP and others in the form of IMS. Presently, there are about 4 "IMS" variants: 3GPP, ITU NGN, 3GPP2, and PacketCable. Pick the architecture you like best, I suppose.

Services

Services may be provided to the endpoint through a web-browser interface using HTTP or a feature server using Megaco/H.248. In addition, services may be provided to an endpoint as it places a call, as a call arrives, or during the middle of a call by a gatekeeper or other entity that routes the call signaling. As a result, H.323 is well-suited to providing new services.

SIP devices can receive service from a SIP proxy as the endpoint places a call, as a call arrives, or during the middle of a call. There is no defined way within SIP of providing services via a web browser or a feature server, as everything is done within the context of a "session".

One may provide ad-hoc services through other means, such as XML, SOAP, or CPL. However, there are no standards for this.

Video and Data Conferencing

H.323 fully supports video and data conferencing. Procedures are in place to provide control for the conference as well as lip synchronization of audio and video streams.

SIP has limited support for video and no support for data conferencing protocols like T.120. SIP has no protocol to control the conference and there is no mechanism within SIP for lip synchronization. There is no standard means of recovering from packet loss in a video stream (to parallel H.323's "video fast update" command).

Administrative Requirements

H.323 does not require a gatekeeper. A call can be made directly between two endpoints.

However, most devices do utilize a gatekeeper for the purpose of registration and address resolution.

SIP does not require a proxy. A call can be made directly between two user agents.

However, most devices do utilize a SIP proxy for the purpose of registration, address resolution, and call routing.

Codecs

H.323 supports any codec, standardized or proprietary. No registration authority is required to use any codec in H.323.

SIP supports any IANA-registered codec (as a legacy feature) or other codec whose name is mutually agreed upon.

Firewall/NAT support

Provided by H.323 "proxy" or by the endpoint, both in conjunction with a gatekeeper residing in the public network. H.323 also supports direct point-to-point media flows between devices that are located behind a NAT/FW. Refer to H.460.17, H.460.18, H.460.19, H.460.23, and H.460.24.

SIP does not define a NAT/FW traversal mechanism, as this is left to other standard. Some standards that have been defined or are being defined are STUN, TURN, ANAT, and ICE. ANAT is popular as a means of addressing IPv4/IPv6 interworking and appears to be widely implemented. As of January 2011, ICE is still not so widely adopted.

Transport protocol

Reliable or unreliable, e.g., TCP or UDP. Most H.323 entities use a reliable transport for signaling.

Reliable or unreliable, e.g., TCP or UDP. Most SIP entities use an unreliable transport for signaling.

Loop Detection

Routing gatekeepers can detect loops by looking at the CallIdentifier and destinationAddress fields in call-processing messages. If the combination of these matches an existing call, it is a loop. Infinite loops may be prevented by utilizing the hopCount field in the SETUP message.

The Via header facilitates this. However, there has been talk about deprecating Via as a means of loop detection due to its complexity. Instead, the Max-Forwards header seems to be the preferred method of limiting hops and therefore loops. In November 2005, a presentation was given on issues with max-forwards. So, what is the right solution?

Multicast Signaling

Yes, location requests (LRQ) and auto gatekeeper discovery (GRQ).

Yes, e.g., through group INVITEs.

Third-party Call Control

Yes, through third-party pause and re-routing which is defined within H.323. More sophisticated control is defined by the related H.450.x series of standards.

Yes, through SIP as described in RFC 3725.

Minimum Ports for VoIP Call3 (Call signaling, RTP, and RTCP.)3 (SIP, RTP, and RTCP.)

Conferencing Entity

Yes, an MC is required for this, but it could be co-located in a participating endpoint, or all endpoints could contain an MC. A stand-alone conference bride may provide this functionality and H.323 has well-defined procedures for such entities.

What distinguishes H.323 is not that it requires yet another onerous physical entity for conferencing (it does not) but that it just has a name for this functionality, an "MC," and that it provides a flexible means of implementing that functionality.

No; however, SIP user agents may perform conferencing themselves. A stand-alone conference bridge may also provide this functionality.

Original Title

"VISUAL TELEPHONE SYSTEMS AND EQUIPMENT FOR LOCAL AREA NETWORKS WHICH PROVIDE A NON-GUARANTEED QUALITY OF SERVICE"

It is now, "Packet-based multimedia communications systems."

Despite the word, "VISUAL," in the original title, H.323 has never described just a videoconferencing solution--support for video and data has always been optional. And the reference to LANs may be misleading because H.323 was intended from the start to support simple and "complex topologies" and not just single-segment networks, which "LOCAL AREA NETWORKS" may imply.

"Application-level protocol for inviting users to multimedia conferences [emphasis ours]"

It is now, "SIP: Session Initiation Protocol."

Note that the "multimedia conferences" referred to in the original title are loosely coupled multicast conferences, la MBone. This is because SIP was intended to be just a point-to-point version of SAP and not the "carrier-class solution addressing a wide area" that many would have you believe.

Lineage

H.323 is based on H.324, not H.320. However, H.324 was designed to be a better H.320.

1990 - H.320 approved.

1995 - H.324 approved.

1995 - H.323 working draft circulated.

1996 - H.323 approved.

1998 - H.323v2 approved.

1999 - H.323v3 approved.

2000 - H.323v4 approved.

2003 - H.323v5 approved.

2006 - H.323v6 approved.

As you can see, H.323 is no more a "legacy" protocol than SIP. Both protocols are the same age!

SIP is frequently allied with the Internet and the World Wide Web by way of HTTP.

1990 - WWW and HTTP described and implemented.

1996 - SIP Internet Draft circulated.

1999 - SIP (RFC 2543) approved.

2002 - SIP (RFC 3261) approved.

While backward compatibility was not maintained between the 1999 and 2002 documents, the version number remained the same "version 2.0".

Open-source projects

Yes, e.g., H.323 Plus.

Yes, e.g., Opal.

Media Topology

Unicast, multicast, star, and centralized.

Unicast, multicast, star, and centralized.

Authentication

Yes, via H.235.

Yes, via HTTP (Digest and Basic), SSL, PGP, S/MIME, or various other means.

Encryption

Yes, via H.235 (including use of SRTP, TLS, IPSec, etc.).

Yes, via SSL, PGP, S/MIME, or various other means.

DTMF Carriage

H.245 User Input Indication, RFC 4733, or via the audio stream. The alphanumeric choice of the H.245 UserInputIndication message is the baseline carriage common to all H.323 endpoints, so interoperability is assured.

There is no baseline carriage, which presents issues of interoperability. Transport of DTMF via the INFO method, RFC 4733, KPML, or the audio stream are all options.

Standards Documents

Refer to the H.323 Information Site.

Refer to the SIP Information Site.Tinjauan Keamanan VoIP

Bambang Sugiantoro

NIM : 23202008

Bambang@upnyk.ac.id

Abstrak

Report ini berisi tinjauan keamanan komunikasi VoIP , menggunakan arsitektur dan protokol : H.323 , Sip dan MGCP/MEGACO/H.248 . kemudian didiskusikan masalah sesuatu yang diperlukan dalam securiti keamanan VoIP . diakhiri dengan kendala dalam firewall keamanan VoIP .

Kata kunci : H.323. SIP, MGCP/MEGACO/H.248 , VoIP, protokol , firewall .I . Pendahuluan

I.1 Latar belakang

Voice over IP (VoIP) adalah teknologi yang dapat mentransfer voice dengan menggunakan circuit-switched networks atau over IP networks. Yang menarik disini ada sejumlah voice, video dan data traffic yang bertambah besar volumenya karena semakin banyak user yang online. Komunikasi menggunakan Voice over IP (VoIP) untuk perusahaan mempunyai banyak keunggulan di banding telepon tradisional( traditional phone) dengan PBXs based: dari segi beaya jelas relatif murah, walaupun call internasional tetap dengan beaya pulsa lokal ( saving cost), juga semakin beragam aplikasinya( application benefit).

Sistem VoIP terus berkembang dengan berbagai feature, yang juga mempunyai fungsi: call waiting, call transfer, multiparty conferencing dll. Ada feature yang lain: dial dari komputer PC dan checking voice email menggunakan mail client dan kemampuan mengintegrasikan voice dan data. Dengan terpisahnya voice dan data network, VoIP termasuk sistem yang dapat menekan beaya maintenance, IP phone dapat dengan mudah dipindah, ditambah dan diubah. Hal ini disebabkan karena VOIP dapat dipasang di sembarang ethernet jack dan IP address, tidak seperti sistem telepon tradisional yang harus mempunyai port yang khusus di PBX.sistem VOIP juga scalable dalam menangani jumlah panggilan yang banyak( large call volume) dan traffic priorization yang akan menjamin bahwa voice packet dapat dengan cepat diproses di edge didalam jaringan, dalam bisnis VoIP mempunyai peluang berkembang, yang menjadi masalah adalah bagaimana menjaga keamanan VoIP ? agar terhindar dari para attacker yang tidak berkepentingan. 1. Implementasi keamanan di 3 perusahaan pengguna VoIP

Packet voice dapat disadap (sniffable) seperti halnya paket data, dan juga sistem operasi sistem operasi yang digunakan di server IP PBX ataupun divais gateway yang rentan terhadap serangan, voice dan data dapat digunakan untuk mendapatkan yang satu terhadap yang lainnya.

Worm dapat melumpuhkan mail server yang akan jelas merugikan dalam proses bisnis dan bagaimana jika worm dapat mematikan sistem phone ( phone system) dalam waktu yang bersamaan. Dalam report ini ada 3 profil perusahaan yang telah menggunakan VOIP dalam komunikasi bisnisnya untuk connect local , nasional maupun antar kantor cabang.

1.1 Digirad (www.digirad.com)

Menggunakan CA based, adalah perusahaan bergerak di bidang peralatan imaging, Digirad menggunakan IP-enable PBX dari avaya, yang mengkombinasikan voip dan standard phone didalam 2 kantor utamanya yang mempunyai jarak bermilmil, perusahaan ini menjalankan VOIP untuk 2 kantor regional berlokasidi Tampa FL dan Allentown, PA kita dapat melihat arsitektur dibawah ini Digirads VoIP deployment :

Figure diatas adalah menggunakan kombinasi private dan public network to carry VoIP traffic, 2 remote office konek dengan IP PBX via IPSec VPN tunnels. IP PBX juga konek ke PSTN untuk panggilan keluar dengan VoIP network.

Christoper roth manager IT Digirad berpendapat perusahaan memilih solusi ini dengan alasan were a cutting edge company ,so we want to project that image by using cutting technology in our infrastructure, I can put up regional office and get them a T1 and a VPN and we have a communications system2.2 ( www.CIBCnational-bank.com) perusahaan di Maitland, FL menggunakan VoIP untuk koneksi sekitar 400 sales paviliun dengan perusahaan pusat sebagai centre call center, sebagian digunakan untuk fasilitas sign up pelanggan baru (nasabah bank) yang berlokasi di daerah Florida dan Western State, perusahaan ini menggunakan VoIP dari cisco system.

Noel Black direktur network operations dari bank ini berpendapat we went with it cut out cost of the pstn and strategically integrate our corporate PBX into technology platform

2.3 Kanbay(www.kanbay.com) E-business solution perusahaan bergerak dibidang jasa service keuangan untuk industri , perusahaan ini terletak di Amerika Utara , United Kingdom, Asia/pasifik dan India. Kanbay telah mempunyai 5 alcatel omnipcx 4400s, yang telah support VoIP dan sistem phone standar(standard phone system), Kanbay memilih VoIP dengan alasan untuk menekan beaya panggilan internasional (call international) dan kualitas panggilan ( quality call) .CIO kanbay berpendapat he quality of standard phone call s was always hit or mis when dialing overseas. By converging our voice data on the same network, we have a reliable and consintent voice communication between facilities

2. Keep IT Privat

Kita dapat mendengarkan dengan jelas teman kita yang sedang berbicara dengan phone tradisional bila kita berada di dalam 1 ruangan yang sama., dari sini kita dapat simpulkan perlukah call privacy ?. VoIP adalah sebuah packet technology, menyerupai data packet seperti didalam LAN dan WAN. Voice paket dapat ditangkap oleh sebuah agent, ada beberapa cara untuk memecahkan problem ini, metode yang termudah adalah dengan me route-kan voice traffic over dengan private network.

Ketiga profil perusahaan diatas telah menggunakan VoIP call private network dalam penggunaannya, juga menggunakan point to point connection, carrier based IP VPN service dan frame relay network dengan ATM core. Hal yang paling utama adalah bahwa public internet tidak ada yang menjamin dari segi keamanannya dan reliabilitasnya. Alan Beard ( network architect dari CIBC) berpendapat I wouldnt recommend that any one run a business-critical voice service over the public network, the availability isnt always guaranteed , and there is posibility that you could encounter variable performance

Ketika menggunakan kekuatan untuk route public internet perusahaan menggunakan IPSec VPNs untuk authentication dan encryption untuk melindungi dari sniffer. Digirad mempunyai 2 remote office, oleh karena masing-masing remote office hanya mempunyai 2 IP phone, kami tidak membangkitkan sejumlah traffic dengan firewall dan tidak diperhatikan pula tentang encrypted related latency-nya.disamping menjamin call privacy, IPSec VPNs juga memudahkan VoIP packet melewati firewall, untuk opening dan closing firewall menggunakan port H.323 dan Session initiation protocol (SIP). Signaling dan call setup protocol untuk traffic packet multimedia berjalan IPSec tunnel untuk firewall. penyadapan voice traffic di internet sangat mungkin tetapi sangat sulit, penangkapan dapat dilakukan didalam VoIP dengan cara memasang Radio shack, maka attacker dengan mudah akan menyadap VoIP call dan men-decode kan.( ini juga dikatakan oleh Doyle direktur Inhouse Engineer)

Seorang network administrator harus mempunyai resouce untuk proteksi terhadap VoiP di jarngan LAN, jika para karyawan perusahaan telah menggunakan softphone, komputer PC enable dengan voice capabilities, seorang admin dapat meng-install VPN client untuk keamanan dengan menngunakan end to end encrypted tunnel, tetapi jika tidak dilakukanpun bisa menggunakan IP handset. John Lacour (technology strategist dari Netscreen Technologies (www.netscreen.com)) berpendapat they dont have the processing power to handle IPSec on top voice coding and decoding, one option is dedicated VPN device that sits on the desktop next to the IP handset, but solution can be costly and administrative burden if rolled out tu numerous employees.

Kanbay memberikan solusi yaitu dengan cara memonitor internal network traffic dengan menggunakan Intrusion Detection System (IDS) dengan performance zero tolerance, jadi jika ada penyusup attack NIC akan dapat dipantau.

3. Firewall dan Packetized Voice

Firewall dengan VoIp mempunyai relasi yang tidak selalu seirama, pada layanan real-time(real time service), VoIP berupaya menekan supaya tidak ada delay, tapi keadaan firewall harus memproses dulu VoIP packet yang dibebankan, maka bisa akan terjadi traffic flow. H.323 dan SIP mempercayakan kepada TCP untuk signaling dan call setup. Dan UDP untuk media paket. Dengan H.323 dan SIP firewall mengerti kapan port akan di open atau di close untuk VoIp traffic, port akan di open selama ada call.Bagaimanapun juga VoIP akan menggunakan Real Time Protocol (RTP) untuk menyampaikan media paket., kelebihannya disini RTP dapat menggunakan berbagai port semabarang mulai dari 1024 sampai 65,5534. Masalah akan muncul juga jika terjadi pertambahan volume panggilan (call volume). Lacour (Netscreen) berpendapat bahwa voice traffic dapat mempengaruhi kinerja proses load di firewall, hal .disini voice traffic dapat mengetahui voice packet dilakukan H.323 dan pesan dari SIP ( SIP messaging). Jika jumlah call bertambah banyak, firewall akan bekerja keras ( delaying packet) dan kualitas voice akan mengalami degradasi sekitar 50 100 millisecond.

Ukuran paket yang dikirimkan juga mempengaruhi performance firewall, ketika peralatan networking cukup comfortable dalam menangani paket yang besar, maka untuk menangani paket yang berukuran lebih kecil akan membuat kolaps, biasanya voice traffic berukuran antara 50 bytes 200 bytes. Firewall bisa mendukung (support interface) 100Mbit/sec, akan tetapi CPU akan mengalami max outway sebelum 50 byte paket, jika kita merasa ternyata firewall tidak bisa cukup bagus dalam menjalankan jobnya, salah satu solusinya adalah tunnel voice traffic menggunakan IP Sec VPN tunnel, bagaimanapun ini juga memerlukan power di VPN gateway untuk menjamin bahwa enkripsi dan dekripsi tidak memberi kontribusi dal hal call latency.

Pilihan lain dapat menggunakan device untuk menangani traffic multimedia, yaitu dengan membuat proxy proxy VoIP dan firewall yang akan mengambil beban dari proses dari traffic multimedia. Perusahaan yang mendukung adalah :Dynamicsoft(www. Dynamicsof.com), Kagoor Network(www.kagoor.com), Jasomi Network(www.jasomi.com),netrake(www.netrake.com)

4. VoIP Lockdown

Peralatan dengan IP PBX dan VoIP gateway ( semacam proxy SIP ). Posisi server ibarat hati yang rentan terhadap attack, contoh pada peralatan cisco s windows based mudah terkena NIMDA worm. Sistem operasi rentan terhadap serangan, Kanbay memilih Ip PBX, alcatel 4400s dengan BSD( berkeley software distribution), banyak virus yang dibuat untuk platform microsoft dari pada varian nya UNIX, pada pendekatan standart menggunakan locking down VoIP system anatara lain seperti : Removing unnecesarry service untuk mereduksi attack vector , virus update dan isolasi terhadap VoIP server, ada yang lainya lagi dengan cara scan ulang infrastruktur yang dimiliki, dicari kelemahannya lalu tata ulang arsitekturnya.

Arkin(pendiri Sys-Security riset dan konsultan www.Sys-security.com) berpendapat : PSTN adalah jenis phone yang dumb terminal lain halnya dengan VoIP yang mempunyai sifat divais cerdas (integence), yang mempunyai kemampuan untuk beriteraksi dengan VoIP atau IP telephony. VoIP juga mempunyai masalah karena support dengan komputer PC jika terjadi running voice dan data applications pada paltform yang sama. Seorang attacker dapat memasang program trojan horse di komputer pc tsb, maka voice network dapat terserang juga, untuk mencegah serangan data network, sebaiknya dipisahkan voice dan data via VLANs, dengan segmentasi yang tangguh, serangan terhadap data network tidak akan mempengaruhi voice traffic dan voice quality. Yang terakhir amankan gateway VoIP anda dari serangan virus

II. Karakteristik beberapa protokol Keamanan VoIP

Beberapa protokol Keamanan VoIP yang akan didiskusikan adalah : H.323, SIP (Session Initiation Protocol) and MGCP (Media Gateway Control Protocol). H.32x series dimulai sejak tahun 1990-an , H.323 dikembangkan pertama kali pada tahun 1996 , January 1998 pengembangan telah berhasil digunakan dalam multimedia conferencing over wide area networks . [1]. H.323 terus berlanjut di develop dengan menggunakan v3 dan v4 pada bulan May 1999 [2].

SIP pertama dikembangkan oleh Multiparty Multimedia Session Control (MMUSIC) working group in IETF (Internet Engineering Task Force).SIP menggunakan standard RFC 2543, March 1999. Sip menggunakan MIME type carried , Session Description Protocol (SDP), RFC 2327di develop oleh MMUSIC. group ini juga menangani IP telephony (iptel) . Call Processing Language (CPL) yang berhubungan dengan feature SIP, dan PSTN juga Internet Internetworking (pint) working group dengan based di untuk SIP [3, 4].

MGCP v1.0 telah dipublikasikan, sebagai IETFs RFC2705, pada October 1999 oleh by Media Gateway Control (MEGACO) Working Group (WG). IETF MEGACO WG adalah induk yang mengembangkan MGCP kemudian dengan versi baru dinamakan MEGACO, yang mana telah disepakati sebagai RFC. Secara bersamaan ITU-T telah berhasil mengembangkan standard yang serupa yaitu H.248, sekarang telah bekerja sama antara MEGACO and H.248 dipublikasikan sebagai single document [2]. Ketiga protokol diatas mempunyai beberapa kemiripan , yaitu memerlukan address di dalam melakukan komunikasi VoIP. Terdapat perbedaan dari masing masing protokol yaitu [5]: Intelligence everywhere o H.323 Intelligent endpoints and dumb network o SIP Intelligent network and dumb endpoints o MGCPPerbedaan protokol juga terletak pada term complexity dan flexibility. H.323 mempunyai spesifikasi flexibility yang lebih baik dibanding SIP.

2.1. Protocol Architectures

Semua protokol VoIP bekerja pada application layer protocols. VoIP protocols dioperasikan pada level paling atas dari IP, contohnya: Internet Protocol. Protokol VoIP tidak terbatas pada transport layer protocols saja , tetapi pada TCP atau UDP juga

Gambar 2, The Protocol Architecture

Jika kita lihat H.323 bagian yang sebelah kiri . terdiri dari 5 protokol yang penting yaituH.255.0, RAS (Registration, Admission and Status channel) dan Q.931, dan H.245. elemen kunci dari H.323 architecture adalah gatekeepers, gateways, terminals dan MCUs (Multipoint Conference Units). RAS dikhususkan untuk message structure, commands dan procedures, seperti terminal registrasi ke gatekeeper, jadi digunakan di antara terminal dan and gatekeeper. Pada Q.931 di khususkan pada call signalling messages dan procedures. Di setiap sesi H.323, a single H.245 control channel yang dihasilkan telah sesuai.H.450.x itu seperti apa , dan bagaimana penambahan pelayanan (telephony services ) dapat hubunganya dengan H.323 architecture. H.235 adalah pendukung yang khusus (security framework ) untuk H.323 dan o system lain yang menggunakan H.245-based control.

SIP dan MGCP lebih banyak saling kait mengkait dari pada H.323 dan tidak memberikan keuntungan atau diperlukan oleh sebagian protokol mungkin diakibatkan diantara perbedaan elemen network.

Pada perkembangannya , voice, memerlukan encoded dan codec pada waktu tertentu. Encoded audio stream adalah telah lewat di application layer protocol RTP (Real-Time Transport Protocol) yang berjalan di atas UDP dan digunakan untuk transfer real-time information streams di the Internet sebagai implikasinya. RTCP provides status dan control information diperlukan RTP.

Ada 2 penyelesaian dalam securiti untuk VoIP:

built-in internal mechanisms of VoIP protocols; atau

by using external, application (e.g. TLS) or network layer protocols (contoh IPSEC).

2.2. ITU-Ts H.323

Addressing di H.323 adalah based on transport address, yang terdiri dari beberapa network address and TSAP Identifier. Dalam kasus TCP/IP networks transport address sama seperti pada IP address and TCP port. H.323 menggunakan 3 perbedaan type dari channels, yaitu : Call Connection Channel, Call Control Channel and Media Channels. Media Channels biasanya meroutekan langsung diantara participant yang saling call. Tetapi Call Control Channel dan Call Connection Channel dapat di routekan via gatekeeper atau directly diantara participan yang dipilih oleh gatekeeper. gatekeeper mungkin atau tidak mungkin di sajikan dalam ruang internet yang berbeda[6].

H.235 mengandung ketentuan yang direkomendasikan penggunaan H.235 support untuk a key recovery technique tetapi tidak diperlukan khusus untuk opearasinya

Call Connection Channel cukup aman TLS (TCP-port 1300). Dengan initial connection setup, the Call Connection Channel pertama akan membuka case yang tidak gatekeeper present. Jika gatekeeper present, yang pertama channel yang di open adalah RAS dengan menggunakan channel gatekeeper. Pada RAS channel, ada beberapa authentication mechanism yang digunakan tetapi tidak banyak , ini terjadi encrypting the traffic diantara terminal dan gatekeeper. Setelah connection establishment procedures H.245 Call Control Channel dibuka menggunakan secured mode jika telah dinegosiasikan. Information on Media Channels berisi encryption keys via the H.245 Call Control Channel [6].

Gambar 3, H.323 Network Architecture

Authentication

Ada 2 tipe dari authentication yang dapat dipergunakan :

1) symmetric encryption-based diperlukan no prior contact diantara entiti yang berkomunikasi

2) Kemampuan untuk memiliki beberapa prior shared secret (pada H.235 direkomendasikan sebagai subscription based). Dapat berupa authenticate symmetric or asymmetric [6].

Pada symmetric encryption-based authentication, terdapat Diffie-Hellman key-exchange available yang digunakan untuk mengenerate shared secret antara 2 entiti. Juga dapat digunakan untuk authentifikasi : application atau protocol-specific request messages, bukan user terminal [6].

Subscription-based authentication mempunyai 3 variasi , yaitu :

password-based with symmetric encryption;

password-based with hashing (also symmetric);

certificate-based with signatures (asymmetric).

Authentication yang lain yang juga bisa digunakan untuk authentication mechanism adalah IPSEC based connection dan TLS

Encryption

Encryption dapat digunakan di layer RTP (lihat gambar 2) yang digunakan untuk transport information streams. Encryption dapat digunakan untuk packet-by-packet basis, yang mempunyai spesifikasi policy tentang bagaimana kapabilitas enkripsi dari masing masing paket

2.3. IETFs SIP

SIP adalah text-based protocol, menyerupai HTTP and SMTP, untuk initiating interactive communication sessions diantara user. Yang terdiri dari : voice, video, chat, interactive games, and virtual reality [3].

Gambar 4, SIP Network Architecture

Authentication

Semua authentication mechanisms untuk SIP adalah challenge-response based. Ada 3 alternatif , yaitu:

Basic authentication;

Digest authentication; dan

PGP authentication.

Mempunyai arsitektur client-server, basis komunikasi yang di terapkan adalah requests dan responses. Pada requests, juga sangat mungkin dengan SIP untuk authenticate responses,tetapi pilihan ini tidak di gunakan.

Encryption

Kapabilitas enkripsi SIP sangat terbatas , hanya PGP-based encryption, headers message yang mungkin digunakan.

1.1. 2.4. IETFs and ITU-Ts MGCP/MEGACO/H.248

Pendekatan MGCP/MEGACO/H.248 untuk authentication dan encryption sebagai clear dan straightforward. Menurut RFC2885 August 2000, IPSEC harus digunakan untuk authentication dan encryption untuk protocol connections. IKE juga harus diterapkan . Encryption keys untuk Media Gateways yang digunakan adalah via IPSEC-secured protocol connections, contohnya media connections tidak dapat di enkrip via IPSEC [7].

Gambar 5, MGCP/MEGACO Network Architecture2. 3. Securiti diperlukan untuk VoIP

2.3.1. Definisi Element kunci VoIP System

Apa itu VoIP? Bentuk lain dari telephony dimana digitised voice packets yang dikirimkan menggunakan Internet. Addressing dari packets berbasis Internet Protocol (IP). Menyerupai sekuriti yang traditional telephony, dan cuman ditambahkan beberapa karakter khusus dari internet

Gambar 6, Simplified VoIP System

Secara umum VoIP system berisi beberapa elemen kunci:

the participants to a call (penelpon dan yang ditelpon adalah 2 person yang saling berkomunikasi);

terminal devices (contoh IP telephones, PCs) yang digunakan untuk initiate dan receive calls;

gateways and servers which refer to all kinds of intermediate devices that are needed during a phone call; dan

communications media, i.e. data links connecting gateways dan terminal devices together, hence forming an end-to-end communications path untuk VoIP packets to travel. Media data links dapat digunakan wires (copper, fibre), atau wireless ketika gelombang radio dimanfaatkan.

VoIP traffic, i.e. VoIP packets, dapat di klasifikasikan : call signalling, call control, and media communications. Tergantung dari VoIP protocol dan policiesyang digunakan, komunikasi memungkinkan menggunakan satu channel atau banyak channels yang berbeda. Channels TCP/UDP adalah koneksi 2 network elements. TCP ports membedakan channels yang daritujuan ke a single network element atau dari yang lain dan network address, IP address, biasannya sama. Keamanan hal yang sangat diperlukan dalam komunikasi contoh : authenticated and encrypted.

Gambar 7, Classification of Distinct Information Streams Needed in VoIP

2.1. 3.2. Basic Threats to Traditional Telephony

phone call secara umum dibagi menjadi 2 tipe yaitu harus menjaga informasi dari segi kepercayaan dan yang satunya memelihara privacy dari 2 orang yang berkomunikasi (callers and callees).pertukaran informasi dengan melakukan pembicaraan(spoken information). Service provider harus mengumpulkan statistical information untuk keperluan accounting dan billing .

Kemungkinan ancaman yang dapat terjadi :

phone disturbance, Disturbance of someones life by giving him or her unwanted phone calls possibly at unpleasant times and frequently;

calling free of charge by using someone elses phone number, Hacking the signalling system so that it enables to make phone calls by using some other persons identity and with his expense;

masquerading of either caller or callee, Toms intention is call to his overseas business friend, Mark. Mark is not present but Bob who is, hears the ringing of Marks mobile phone, picks it up and answers to it: Mark speaking. Tom does not have easy ways for ensuring whether the guy who picked up the phone really is the one who he is claiming to be or not.

availability attacks, Access from and to phone devices or services are restrained by misusing signalling system, or cutting simply wires.

Yang telah disebutkan diatas adalah serangan serangan yang real terjadi dan dapat terjadi pada traditional telephony. 3.3. Security Characteristics of VoIP vs. Traditional Telephony

1. 1.Pada VoIP, packet yang dikirimkan tidak di enkrip, semua attacker dapat menyadap dengan packet sniffer. packet sniffer dapat general-purpose computer attached, untuk contoh, corporates local area network. pada traditional telephony, mobile telephony excluded, attacker memerlukan peralatan khusus, supaya secara fisik dapat konek , dengan jaringan , selama proses call.

2. 2. Imagine a LAN, cara yang digunakan seseorang menggunakan IP telephone orang lain, ini terjadi bila terkoneksi atau voice-equipped PCs (connected to LAN) untuk initiate dan menerima phone calls. Sejumlah 100 terminal , maka yang 99 dapat disadap menggunakan packet karena terhubung dengan LAN

3. 3. Internet dapat dibuat aman. Circuit-switched networkstidak sepenuhnya aman .

3.4. 3.4. Functional Security Requirements

1. Pertukaran informasi dari kedua partisipan harus di jaga (kept confidential ), dan dijaga agar jangan ada pihak ketiga yang mengakses 2. Hanya service provider yang mempunyai access untuk keperluan statistical information dan dan informasi harus di jaga keamanannya dari pihak yang tidak berkepentingan3.5. 3.5. Technical Security Requirements

Securiti sangat diperlukan, langkah langkahnya sebagai berikut :1. All connections between network elements should be encrypted; 2. The endpoints of all connections should always be authenticated in two-ways to prevent man-in-the middle attacks; 3. End-to-end user authentication should be provided at terminal devices; 4. Both clients and servers should be protected against Denial of Service type of attacks. 3. 4. Security Constraints of VoIP

Kendala sekuriti menjadi alasan mengapa keamanan tidak dapat di capai semua, kendala dapat pada desain dari protokol VoIP atau tidak lengkapnya implementasi , arsitektur yang lemah, ada banyak elemen infrastruktur misalnya firewalls dan . IPSEC security gateways menggunakan NAT, yang dapat digunakan untuk tambahan sekuriti pada jaringan .

Ada 3 level yang dapat di identifikasi yaitu: link-level security, secured packets dan chosen fields in a packet. Dan masing masing level mempunyai pilihan dapat all information atau part information tergantung sensitifitas (sensitivity of the information transferred).

Ketika security telah diimplementasikan di link-level, securiti bersifat transparent untuk users dan applications dikarenakan masing masing mempunyai zero knowledge untuk mendeteksi apa yang akan terjadi ketika paket lewat di IP -layer dan memasuki link layer.

Tidak setiap paket mengandung informasi yang mempunyai (high sensitivity) dan high priority menjadi secured. Jika sekuriti di implementasikan pada packet level, security is tidak bersifat transparent lagi.

4.1. 4.1. Delay Sensitivity of VoIP

masalah yang terjadi pada VoIP pada kualitas pelayanannya. ada delay ketika percakapan berlangsung disebabkan jitter dan latency dari paket yeng diterima di dalam jaringan internet [11. Quality of service, latency dan jitter adalah problems VoIP.

Syarat untuk secured end-to-end connection secara penuh adalah whole path, diantara device dan , telah diprotecte dari against man-in-the-middle attacks [6]. Public key cryptography based authentication adalah salah satu yang bisa digunakan.

Tetapi jika encrypted packets yang terlalu kompleks dan memerlukan waktu , membutuhkan resource walaupun keamanannya terjamin tetapi akan membuat bottleneck dan penambahan delay sensitive delivery of VoIP packets.

4.2. 4.2. Specified Message Format

SIP, H.323 dan protokol VoIP digunakanuntuk initiate sessions, misal : audio sessions. information yang diperlukan untuk membuat media channel diantara dua entities yang bersifat encapsulated VoIP message.didalamnya ada informasi IP address. Ketika NAT telah menggunakan internal addresses diperlukan translation ke external addresses agar menjadi applicaple body harus telah dienkripsi ketika NAT device melakukan translation [11].

4.3. 4.3. End-to-End and Hop-by-Hop Security

Ada 2 konsep dan cara untuk mengimplementasikan authentication dan encryption. Yaitu : end-to-end, dan hop-by-hop.

end-to-end mengcovers konneksi dari sender ke recipient. Hop-by-hop mencover sekurang-kurangnya satu hop dari koneksi.

Advantages of hop-by-hop security [8]:

No need for end users to have public keys;

Only service providers need to have public keys; and

It models current web security that has proven to work.

Major limitation of hop-by-hop security [8]:

Requires transitive trust model.

Pada end-to-end security messages di enkripsi dan atau authentifikasi semua baik dari sender maupun recipient.

4.4. 4.4. Real-life Examples of Security Problems

H.323

H.235 mendukung security architecture H.323 protocol suite. Terdapat beberapa perbedaan untuk authentication dan juga untuk encryption. Menggunakan TLS pre-defined port 1300 untuk melakukan establishment dari the Call Connection Channel a priori.

NAT and Firewall Traversal

Karena H.323-compliant applications menggunakan dynamically allocated sockets untuk audio, video dan data channels firewall bisa mengikuti trafik H.323 Firewall juga harus support dengan H.323-enabled dengan H.323 proxy, atau mampu untuk snoop ke control channel yang dipakai dynamic sockets untuk H.323 sessions [10].

4. 5. Kesimpulan

Report ini mendiskusikan tentang keberadaan VoIP architectures, security services , securiti yang diperlukan secara umum dan yang terakhir kendala VoIP security. . End-to-end security sangat sulit untuk di implementasikan. Hop-by-hop security memberikan solusi dan lebih mudah di implementasikan. juga sedikit tentang NAT dan firewall

Referensi

[1]Huovinen, L., Niu S., IP Telephony, [Referenced: 19.12.1997]http://www.hut.fi/~lhuovine/study/netsec97/user_auth.html

[2]Lawrence, J., MGCP Update, Presentation given at VON Europe 2000, [Referenced: 6.7.2000], http://www.trillium.com/whats-new/1119183/sld001.htm

[3]IETF, SIP Working Group, [Referenced: 26.10.2000] http://www.ietf.org/html.charters/sip-charter.html

[4]IETF, RFC 2543, 1999 [Referenced: 23.11.1999]http://www.ietf.org/rfc/rfc2543.txt?number=2543

[5]Oran, D., Sigcomm99 Tutorial M1: Voice Over IP, Cisco Systems, Massachusetts, USA, 1999, 71 p.

[6]ITU-T, ITU-T Recommendation H.235 (02/98), Security and encryption for H-Series (H.323 and other H.245-based) multimedia terminals, 1998

[7]IETF, Megaco Protocol version 0.8, RFC2885, 2000, [Referenced: 31.8.2000] http://www.ietf.org/rfc/rfc2885.txt

[8]Rosenberg, J., SIP Security, [Referenced: 8.5.2000]http://www.dynamicsoft.com/resources/pdf/SIP2000-Security.pdf

[9]Thernelius, F., SIP, NAT and Firewalls, Masters Thesis, Kungl Tekniska Hgskolan, Stockholm, 2000 http://www.cs.columbia.edu/~hgs/sip/drafts/Ther0005_SIP.pdf

[10]Kotha, S., Deploying H.323 Applications in Cisco Networks, White Paper, [Referenced: 2.7.2000]http://www.cisco.com/warp/public/cc/pd/iosw/ioft/mmcm/tech/h323_wp.htm

[11]Rosenberg, J., Computer Telephony: The Session Initiation Protocol (SIP): A Key component for Internet Telephony. June 2000

[12]Goncalves, M., Voice Over IP Networks, McGraw-Hill, 2000

[13]This piece of information is based on numerous discussions between the writer of this paper and some product vendors. The nature of these discussions is confidential and therefore the vendors can not be referenced by name.

[14.]Security reseacher Ofir Arkin has written several paper on vulnerabilities associated with popular IP phones. Link to these papers available at : www.Sys-Security.com.

[15] Pingtel post a response to arkins paper at www.pingtel/PingtelAtStakeAdvisoryResponse.jsp/.

[16] PingTel also publishes a best practices guide for deploying IP phones. Go to www.pingtel.com/docs/best_practices_20x.txt/.

[17] Cisco systemresponds to arkins paper at www.cisco.com/warp/public/707/trivial_ip_phones.html[18] cisco system also offers a detailed white paper on VoIP security at www.cisco.com/warp/public/cc/so/cuso/sqfr/safip_wp.htm[19] RFC 3303 , architecture and and framework, VoIP security devices with firewalls go to www.ietf.org

PSTN

Site A

IP PBX

Remote Site I

With two phone IP

Vo IP on

Private T1

lines

INTERNET

Internet

Vo IP traffic from remote sites tunneled over internet to IP PBX via VPN

FIREWALL/

VPN

FIREWALL/

VPN

Remote Site II

With two phone IP

Site B

IP/traditional

phone

Gambar 1