SECURITY  IN  TELECOMMUNICATIONS  AND  INFORMATION  TECHNOLOGY




































                                   Figure 52 – Security threats in multimedia communications

            The main security requirements for multimedia communications and IP telephony are as follows:
            •       User and terminal authentication: VoIP service providers need to know who is using their service in
                    order  to  correctly  account  for,  and  possibly  bill  the  service  usage.  As  a  prerequisite  for  the
                    authentication, the user and/or the terminal have to be identified. Then a user/terminal has to prove
                    that the claimed identity is in fact the true identity. This typically occurs through strong cryptographic
                    authentication procedures (e.g., protected password or ITU-T X.509 digital signatures);
            •       Server authentication: Since VoIP users typically communicate with each other through some VoIP
                    infrastructure  that  involves  servers,  gateways  and  possibly  multicast  techniques,  both  fixed  and
                    mobile users need to know if they are talking with the proper server and/or with the correct service
                    provider;
            •       User/terminal  and  server  authentication:  This  is  needed  to  counter  security  threats,  such  as
                    masquerade, man-in-the-middle attacks, IP address spoofing and connection hijacking;
            •       Call authorization: This is the decision-making process to determine if the user/terminal is actually
                    permitted to use a service feature (e.g., calling into the PSTN) or a network resource. Most often
                    authentication  and  authorization  functions  are  used  together  to  make  an  access  control  decision.
                    Authentication  and  authorization  help  to  thwart  attacks  like  masquerade,  misuse  and  fraud,
                    manipulation and denial-of-service;
            •       Signalling  security  protection:  This  addresses  protection  of  the  signalling  protocols  against
                    manipulation, misuse, confidentiality and privacy. Signalling protocols are typically protected by
                    using encryption as well as by integrity and replay protection measures. Special care has to be taken
                    to  meet  the  critical  performance  requirements  of  real-time  communication  to  avoid  any  service
                    impairment due to security processing;
            •       Voice and other media confidentiality: This is realized through encryption of the packets (to protect
                    against  eavesdropping)  of  multimedia  applications.  Advanced  protection  of  media  packets  also
                    includes authentication/integrity protection of the transmitted packets;



                                                                                  Application security    109