Page 131 - 2015 Security in Telecommunications and Information Technology
P. 131
SECURITY IN TELECOMMUNICATIONS AND INFORMATION TECHNOLOGY
Figure 52 – Security threats in multimedia communications
The main security requirements for multimedia communications and IP telephony are as follows:
• User and terminal authentication: VoIP service providers need to know who is using their service in
order to correctly account for, and possibly bill the service usage. As a prerequisite for the
authentication, the user and/or the terminal have to be identified. Then a user/terminal has to prove
that the claimed identity is in fact the true identity. This typically occurs through strong cryptographic
authentication procedures (e.g., protected password or ITU-T X.509 digital signatures);
• Server authentication: Since VoIP users typically communicate with each other through some VoIP
infrastructure that involves servers, gateways and possibly multicast techniques, both fixed and
mobile users need to know if they are talking with the proper server and/or with the correct service
provider;
• User/terminal and server authentication: This is needed to counter security threats, such as
masquerade, man-in-the-middle attacks, IP address spoofing and connection hijacking;
• Call authorization: This is the decision-making process to determine if the user/terminal is actually
permitted to use a service feature (e.g., calling into the PSTN) or a network resource. Most often
authentication and authorization functions are used together to make an access control decision.
Authentication and authorization help to thwart attacks like masquerade, misuse and fraud,
manipulation and denial-of-service;
• Signalling security protection: This addresses protection of the signalling protocols against
manipulation, misuse, confidentiality and privacy. Signalling protocols are typically protected by
using encryption as well as by integrity and replay protection measures. Special care has to be taken
to meet the critical performance requirements of real-time communication to avoid any service
impairment due to security processing;
• Voice and other media confidentiality: This is realized through encryption of the packets (to protect
against eavesdropping) of multimedia applications. Advanced protection of media packets also
includes authentication/integrity protection of the transmitted packets;
Application security 109