IT-Security

Fraunhofer Institute SIT: secure transportation of voice data

15.08.2012 - Fraunhofer Institute SIT: secure transportation of voice data. Voice-over-IP (VoIP) is on a triumphal course through the global business world. Analysts estimate a rate of growth i...

Fraunhofer Institute SIT: secure transportation of voice data. Voice-over-IP (VoIP) is on a triumphal course through the global business world. Analysts estimate a rate of growth in a range of 20 % to 45 % per annual, expecting that VoIP will carry more than 50 % of business voice traffic (UK) in a few years. Success of VoIP will not be limited to cable networks, convergent speech and data transmission will affect next generation mobile networks as well. The cost savings through the adoption of VoIP on budget-priced Internet connections are hardly resistible for SMEs and larger organisations alike. Yet, the convergence of information and communication technology that comes along with VoIP promises further reduction of Opex at organisational levels. But as any convergent technology, VoIP is risking to inherit weaknesses of both the IT and CT worlds, and that is where the Hydra of security issues raises her heads.

The Challenge

Confidentiality of a call‘s contents is one of the more basic problems. The transportation of voice data in an IP network over many nodes clearly offers an attacker much more opportunity to eavesdrop than a PSTN where physical access to a dedicated communication line is needed. But fortunately, well established methods from IT security apply, yielding a broad range of countermeasures from switched VLANs, over VPNs, to end-to-end encryption of VoIP communication employing standards such as SRTP.

Other problems are more intricate, as they are associated with the distinct characteristics of voice communication. First, the lack of caller authentication entails that spamming – called SPIT in this context – becomes a major threat to the new communication medium, since automated SPIT calls can be generated at very low cost and their mushrooming would render VoIP virtually unusable.

Second, integrity of the VoIP data stream needs protection, as IP-based communication can for instance be hijacked with relatively simple, inexpensive methods.

Third, voice data is subject to advanced forgery attacks when stored over long time spans in a digital archive. This is a pestering problem in situations – as mostly in call-centres – where the archiving party has some self-interest in the calls‘ contents and may want to use them as evidence at a later time. Though special means for instance for integrity protection are incorporated in, e.g., SRTP on the level of single packets, a comprehensive approach is wanting.

VoIPS Technology

“The technology VoIPS we have developed protects all three features concurrently, with a fully disclosed method compatible to the most important VoIP standards SIP and RTP”, says Andreas Schmidt from the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt. VoIPS stands for “Voice-over-IP Signatures” and does precisely what the name suggests. VoIPS is a concept to achieve non-repudiation for natural language conversations by electronically signing packet-based, digital, communication.

Signing a VoIP-based conversation means to protect the integrity and authenticity of the bidirectional data stream and its temporal sequence which together establish the security context of the communication. VoIPS is conceptually close to the protocols SIP/RTP realising VoIP, and provides a high level of inherent security. It enables signatures over voice as true declarations of will, in principle between unacquainted speakers.

According to Schmidt, VoIPS amounts to a new paradigm for non-repudiation of digital data. The combination of integrity of recorded conversations, security about the identity of dialogue partners, and finally expressions of will be embodied in signatures, enables legally provable verbal contracts between unacquainted persons. The patented technology is not bound to any proprietary solution of a single technology provider as the concept can be used for every digital communication.

Within digital communication content is split into packages and transported to the respective recipient. VoIPS has to deal with the characteristics of this package based communication namely the possibility that packages get lost and that the method must not degrade the quality by introducing latencies. These requirements are met by the VoIPS protocol design.

Without tampering the stream of data packages intervals spanning a certain amount of packages are formed and cryptographically signed. To cope with certain package losses due to the nature of the underlying transport protocols a handshake protocol is performed signalling which packages arrived at the recipient. This basic interval scheme is applied for both communication directions from A to B and B to A.

At this point VoIPS created signed intervals protecting the packages in every interval. In the next step the cohesion between the intervals requires protective means to ensure that it is impossible to reorder or to remove certain intervals without being detected. This is done by interweaving the intervals to form a cryptographic chain.

The combination of intervals and interweaving provides for a strong integrity protection of the communication. The inventors Schmidt and Nicolai Kuntze from SIT and Christian Hett from Artec IT Solutions, an SME based in Karben by Frankfurt specialising in secure e-mail archiving via network appliances, aim at developing VoIPS to a fullfledged product within the next 18 months. Fraunhofer SIT strives to drive the development further by initiating a cooperation between SIT, Artec and the University of Kassel.

Apart from the technology and product development, an important part is the legal research that will be done by the University of Kassel. The research group lead by Prof. Rossnagel will help to create a safe fundament for VoIPS deployment in that respect. Especially archiving is of interest for potential users in the banking, financial, and government sectors as well as for call centres providing services for a variety of different sectors.

Recording of telephone based communication is one of the most vital applications in the telecommunication sector. The first archiving solution for voice communication (see illustration) was presented by Thomas A. Edison in the year 1911. Jerry Artishdad, owner and CEO of Artec IT Solutions says: “The VoIPS archive will extend our email archive appliance EMA to a secure, comprehensive communication archive.”

He indicates that major European technology providers for call centres have expressed their interest in VoIPS as a standardised solution for communication protection.

Contact:

Nicolai Kuntze
Fraunhofer Institute for Secure Information Technology SIT,
Darmstadt, Germany
Tel: +49 6151 869 276
Fax: +49 6151 869 224
nicolai.kuntze@sit.fraunhofer.de
www.sit.fraunhofer.de