Identifying a Wolf in sheep’s clothingby Hemant Sengar

VoIP Fraud:

HAROKOPIO UNIVERSITY - DEPARTMENT OF INFORMATICS

AND TELEMATICS

MSc in Advanced Telecommunication

Systems and Applications

Data and Systems Security

Dr. Panagiotis Rizomiliotis

2

Hello!

We are:Elena Politi - 14207

Fotis Evangelou - 14203

Giorgos Fragiadakis - 14212

3

1. WHAT IS VoIP

4

Voice over Internet Protocol

Cheaper and more flexible than PSTN

5

A technology that enables people to use the Internet as the transmission medium for telephone calls.

Works through sending digitized voice samples in packets.

SIP ≡ Session Initiation Protocol Τhe dominant signaling channel to handle multimedia sessions.

RTP ≡ Real-time Transport ProtocolΤhe voice channel

VoIP Protocols

6

VoIP Architecture

Place your screenshot here

7

An examPle of SIP call EstaBlishment and TearDown

8Incorporating Active Fingerprinting into SPIT Prevention Systems Hong

Yan et. al.

2. Security RisksSIP based VoIP services are offered in an open architecture network which makes them attractive targets.

9

10

SIP scanning attack

Accounts with vulnerabilities (i.e. poor authentication) that are brutally attacked in order to steal credentials and be compromised.

Attacks via voicemail

Hackers exploit vulnerabilities in voicemail systems in order to launch various fraudulent activities (i.e. billing)

According to the article there are two common attacks to SIP-based elements:

Potential Threats, Vulnerabilities, Attacks and Their Impact in an SIP-Based VoIP Environment

11

The Global Fraud Loss Survey 2013

12Communications Fraud Control Association

Estimated fraud losses by service type

In simple numbers...The estimated Global Fraud Loss for 2013 was $46.3 Billion:

✖ $11.08 is due to VoIP fraud

✖ 15% increased from 2011

13

e.g. August 2012Mississippi Counties were hit by hackers stealing $100.000 worth of phone calls to Central Africa

3. ProBlem & Existing SolUtionsAttackers are being masqueraded as another user

and originate calls using forged identity

14

ProvideR’s exiSting Solution

Compromised

15

CateGories of PropoSed SoluTions

Identity & Trust value of callers

16

Stronger authentication mechanisms

Ascertain to the real path of call source

To date, related work is being focused on three different

scopes and proposes solutions which can be the

ingredients of a general and united solution

17

SoluTions till YesteRday

18

Another two solutions are presented in last decade, was directly

related to the article which we are presenting today.

SoluTions till YesteRday2

4. Unmasquerade The WolF Sengar’s approach

19

phaSes of VoiP SecuriTy

User Authentication Device Authorization

Identification

Classification

Verification

Fingerprinting

20

21

A. Classification

If same class of devices look similar and have same type of hardware then there should exist common attributes, that can put it apart from other classes of devices.

B. Fingerprinting

Each device has its own unique notion of time that makes it distinct within its own class of devices.

PHAS

E 1

Identification

22

The SIP Server confirms whether the device is associated with the particular user or not.

Verification

PHAS

E 2

5.Experimental methodology

23

a. ClassiFicatIonThe analysis of RTP payloads (or packets) can reveal information about the device that created it. The article discusses the following acoustic features:

✖ Silence Energy

✖ DC Offset

✖ Dithering Pattern

24

Experimental Evaluation

25

11 Different Hardphones

5 Softphones installed on a laptop computer

All of the phones register from one access location to the SBC

5-8 calls from each phone

Analysis of Various Softphones and Hardphones

26

B. FinGerpriNting

fig. REGISTER Message Flow

A unique identity of the calling device is created by achieving a proper registration

Experimental Evaluation

27

Group of devices share the same configuration files.

Devices use same synchronization system clock

The device location remains fixed

The signaling and media streams flow through the same SBC

Different manufacturing

stamp

Handset vs Handsfree

Experimental Results

28

The experimental process concludes to the following aspects that affect device identification

Subscriber’s Behavior

Phone's manufacturing release version

Laptop connection for softphones(wifi - Ethernet)

6. ConClusions

29

Device Authorization

Observing the signaling and media streams in order to determine the device information

Fingerprinting a remote device with a high speed degree of accuracy

Establishing a relationship between user ID and the authorized calling device

30

Sengar suggests

What we BelieveBack to PSTN

31

Hahahahahaha

32

Our Proposals Use stronger encryption where is possible

Better password management

Better collaboration between service providers and device manufacturers

Establish a unified SIP standard protocol

Thanks!Any questions?