Security and Privacy Issues Related to VoIP and Skype

Question: Describe the Report for Security and Privacy Issues Related to VoIP and Skype. Answer: Introduction The VoIP is a technology that helps users to make a voice call over the public internet instead of using the PSTN (Public Switched telephone network). Day by day the use of VoIP is getting increased due to its low cost and flexibility. Today it is observed that MNC companies are conducting their hiring process (interview) over the Skype video conferencing. For privacy and security reasons people often ask for anonymity of their conversation. That is no other person than two people who are involved in the conversation, will have knowledge about the conversation (Habiba, Islam Amin, 2014). On the other hand different law enforcement agencies need to track these conversations in order to fight the crime and terrorism. This paper comprises discussion about the different security and privacy issues related to VoIP, different challenges and its impact on the real life. The technology used in the VoIP and impact of these technologies in real life is also discussed in this report. Challenges, problems, and relevant technologies In case of VoIP, this technology encrypts the voice or multimedia messages into data packets to transmit through private or public IP network (Matousek, Kmet Basel, 2014). This emerging technology is popular due to its flexibility and cost effectiveness than the traditional telephony. With all the benefits this deployment of VoIP technology faces several challenges that are acting like an obstacle in its user acceptance. According to Lazzez (2013), this challenge includes interoperability, complex architecture and security issues, etc. Since the computer IPs are mainly designed to transmit data, therefore it does not provide smooth flow of voice signal transmitted using Skype application. Interoperability: The compatibility between the different VoIP equipment manufactured by different vendors is a critical issue that affects the connectivity between the users at both the end. Complex architecture: In VoIP services, the complexity of the network and its architecture causes for extra overhead to the network administrator and service providers. Security issues: As the VoIP technology is still in its initial stages, therefore different security loop holes and vulnerabilities that are exploited by the intruders and hackers. There are two types of vulnerabilities which can be used by the hackers to exploit the security and privacy of the users. These two vulnerabilities can be categorized in to inherited vulnerability and users own vulnerability. Inherited vulnerability: These kinds of vulnerabilities are originated from the infrastructure of the network (Matousek, Kmet Basel, 2014). Like, network architecture, used operating system, etc. Like the use of the VoIP services within a wireless network can cause additional security concerns for the users. Users own vulnerability: These kind vulnerabilities include the security risks that are caused due to the use of chosen protocol, network devices (such as switches and routers). The attacks on VoIP applications include attack on the availability, confidentiality, and integrity of the services (Matousek, Kmet Basel, 2014). The attack against availability of service is about making interruption in the service, malicious messages, call hijacking, etc. several researches showed that there are some security flaws in Skype that are helpful for the hackers to steal the data of users chat and calling history. On the other hand attack on the confidentiality is targeted to capture users data, call pattern tracking, Eavesdropping media, credentials and other media by unauthorized means. For the attacks against integrity of the services is about intercepting the data or signaling other users data after intercepting it (Krawitz Howard, 2015) using the flaws of Skype and other VoIP applications. The attack on the integrity is carried out by the hackers to exploit and alter the intercepted data. This alteration includes injecting, deleting and replacing a certain amount of data in the intercepted data. The examples of attack on the integrity of data can be given by media injection, call black holing and VoIP call rerouting (Matousek, Kmet Basel, 2014). In the end, attack on the social context is about manipulating the social context of both the parties who are involved in the communication. In this type of attacks, the attacker misinterprets themselves as a trusted entity to the other party to convey wrong information on a specific issue. The VoIP services use the P2P (Peer to Peer) model rather than client server model to provide the services to the users (Matousek, Kmet Basel, 2014). The Skype application too uses the P2P architecture to provide better user experience. Even though the client server architecture model is popular model to implement an application that is based on distributed computing concept but in case of VoIP services the P2P model is suggested to maintain the quality of the services. 2. Application of different supportive technologies Basically, for VoIP services, two main technologies are required. These are internet and signaling protocols (Krawitz Howard, 2015). The signaling protocols that are used in VoIP services are H.23 and SIP (Session initiation protocol). The above mentioned protocols are mainly responsible for setting up a communication route between the senders and receivers IP address. In addition to this, a piece of software named "CODEC" is also used to convert the analog audio sound into digital signals in Skype (Habiba, Islam Amin, 2014). Once the voice (analog data) is converted into digital data, then it becomes relatively easy to convert them into data packets which are to be transmitted through the internet In order to send data over the internet, VoIP uses RTP (real time protocol). It is the same protocol that is used by the computers to receive streaming media at real time. Diagram 1: The process of establishing connection between two peers using Skype (Source: Matousek, Kmet Basel, 2014, pp-65) Vague areas in the Research paper In the selected articles, only the possible vulnerabilities and the solutions are discussed in using the client server network model. There are several issues that are not addressed by the authors adequately. One of them is use of client model instead of P2P model. Use of Client server model instead of P2P model: Whereas the according to the different criticisms the P2P (Peer to peer) architecture is best for the VoIP technologies (Yang, Dantu Wijesekera, 2012). It is the best choice due to the resistance against the single point failure (Habiba, Islam Amin, 2014). This is possible as this model treats each and every component as single and equal component. Therefore it can be said that, in the article, there is no justification for the selection of the client server architecture for the implementation of the VoIP services (Krawitz Howard, 2015). In addition to this, the process of converting the analog voice signal to the digital signal is also not described in detail for the reader. Research Questions Q1. What are the important uses of VoIP and Skype? Q2.What are the challenges faced by the users regarding privacy and security issues with the use of VoIP and Skype? Q3. What are the different measures that can be used by the users to minimize the security and privacy issues? Q4. What are the possible adverse effects of the privacy and security risks if they are not addressed properly? Accuracy of the information in the considered research paper The information given in the article is accurate and sufficient about the VoIP technology using the client server architecture. As an example, it described the VoIP architecture in the client server network model (Abdulhamid et al., 2014). The article clearly describes the way of in which the VoIP services (like Skype) relies on the set of connected central servers usually known as gatekeepers. The article also clearly describes the use of the media transport protocol, RTP (Real time Transport Protocol) and SRTP (Secure real time transport protocol) for the data packet transmission Furthermore, the selected paper also described different attacks on the VoIP services, like attack on the availability of the services to its users (Krawitz Howard, 2015). This kind of attacks is carried in the form of DoS (denial of services). General tools that are used by the attackers to affect the users privacy and security of users credentials are malformed messages, call flooding, spoofed messages, impersonating servers in the architecture, etc. The eavesdropping, call pattern tracking and data mining processes are described. For Eaves dropping, one of the network devices is compromised by the hacker or attacker to reroute the target media to the attackers device who are using Skype application. Call pattern tracking is used by the hackers to find a potential target device inside a targeted network (Habiba, Islam Amin, 2014). Issues not addressed adequately in the research paper While analyzing the research papers, it is observed that the papers have not addressed some issue related to the service of the VoIP and Skype. Some of them are discussed below. Reliability issues: The selected report had not addressed the reliability of VoIP services. The quality and confidentiality of the communication are dependent on the different security measures that are adopted by the service providers. Security and stability related issues: On the other hand, the stability of the VoIP calls is dependent on the availability of the internet connection (Abdulhamid et al., 2014). In addition to this, the security related to the VoIP calls is also important which is not addressed in proper manner. As an example it can be said, the VoIP services and other features are provided by Skype voice services, but it stores the call transcripts into a massive database which can be exposed in public domain if any hacker, third party, and government get access to this database. QoS related issues: Moreover, the latency in the data transmission is also not discussed in the report. The latency in the data transmission can be a reason behind the low quality service. This latency can result from three reasons, Propagation delay. Queuing delay. Handling delays in the network. Diagram 2: Latency in the VoIP services (Source: Krawitz Howard, 2015, pp-25) Importance and impact of the detected issues in real world The issues that are not addressed in the paper like latency in the data packet transmission, or the issue of reliability have a huge impact on the quality of the services as well as on the security and confidentiality of user data (Habiba, Islam Amin, 2014). Effect of QoS related issues: The latency in the transmission of data packets gives much more time to the hackers or intruders in the network to intercept the data packets reroute the connection to the hackers device. If a user is communicating with someone through Skype then, this latency in the data packet transmission causes echo of senders voice at the receivers end. Effect of stability related issues: In addition to this stability of the connection also has a huge impact on the VoIP services quality. For VoIP application like Skype it is observed that, with weak internet connections the stability and quality of the voice calls are degraded. Lessons learned from the discussions By analyzing the different advantages and drawbacks of the VoIP services it can be stated that, quality of the service. In order to maintain a better quality of the services, it is important to use servers (like "ASTERISK") which are capable of handling the complex dial plans, voice, video and text codecs. Use of these servers can be helpful in reducing the time which is required for a data packet to cross a network connection and the time a data packet or frame is held by network device before forwarding to the next node (Abdulhamid et al., 2014). Using this server the quality of the service that is degraded due to the packet delay, echo in the data transmission, data packet loss, distortion of the data packets can be avoided. Conclusion In the above sections of the report, we discussed about the different factors that are important to mitigate the different risks and privacy issues involved in the VoIP services. As this technology is still in its initial stages, hence there is scope to improve the quality of the services and privacy of the users who are using the Skype like applications for VoIP services. The assurance of the low latency, high-security measures, high availability and reliability of the service will attract the users to use these services. It is important since, the latency in the transmission of data packets gives much more time to the hackers or intruders in the network to intercept the data packets reroute the connection to the hacker's device. In addition to this, it is the responsibility of the different service providers to monitor the users that, they are not using these services for unethical means and criminal intentions which can affect and breach the privacy of any other user. References Abdulhamid, S. M., Ahmad, S., Waziri, V. O., Jibril, F. N. (2014). Privacy and national security issues in social networks: The challenges.arXiv preprint arXiv:1402.3301. Good, D. W., Lui, D. F., Leonard, M., Morris, S., McElwain, J. P. (2012). Skype: a tool for functional assessment in orthopaedic research.Journal of telemedicine and telecare,18(2), 94-98. Greenwald, G., MacAskill, E., Poitras, L., Ackerman, S., Rushe, D. (2013). Microsoft handed the NSA access to encrypted messages.The Guardian,12. Habiba, U., Islam, M. I., Amin, M. R. (2014). Performance Evaluation of the VoIP Services of the Cognitive Radio System, Based on DTMC.JIPS,10(1), 119-131. Hiew, Y. L. L., Tan, B. H. (2015). Comparing asynchronous and synchronous interaction using online technology.Pertanika Journal of Scholarly Research Reviews,1(1), 40-49. Karthikeyan, S., Manikandan, G., Nishanth, T., Abraar, S. (2015). A New Distributed Application and Network Layer Protocol for VoIP in Mobile Ad Hoc Networks. Krawitz, M., Howard, J. (2015). Should Australian courts give more witnesses the right to Skype?.Journal of Judicial Administration,25. Lazzez, A. (2013). VoIP Technology: Security Issues Analysis.arXiv preprint arXiv:1312.2225. Leu, J. S., Lin, W. H., Hsieh, W. B., Lo, C. C. (2014). Design and implementation of a VoIP broadcasting service over embedded systems in a heterogeneous network environment.The Scientific World Journal,2014. Matousek, P., Kmet, M., Basel, M. (2014). On-line monitoring of VoIP quality using IPFIX.Advances in Electrical and Electronic Engineering,12(4), 325. Miraz, M. H., Ganie, M. A., Ali, M., Molvi, S. A., Hussein, A. H. (2015). Performance evaluation of VoIP QoS parameters using WiFi-UMTS networks. InTransactions on engineering technologies(pp. 547-561). Springer Netherlands. Mosier, J., Joseph, B., Sakles, J. C. (2013). Telebation: Next-generation telemedicine in remote airway management using current wireless technologies.TELEMEDICINE and e-HEALTH,19(2), 95-98. Patinge, S. A., Soni, P. D. (2013). Metamorphosis in VOIP Cloud Computing services used in VOIP.International Journal of Application or Innovation in Engineering and Management,3(2), 236-239. Rehman, U. U., Abbasi, A. G. (2014, December). Security analysis of VoIP architecture for identifying SIP vulnerabilities. InEmerging Technologies (ICET), 2014 International Conference on(pp. 87-93). IEEE. Sadiwala, R., Saxena, M. (2015). Performance Evaluation of Next Generation Networks using OPNET Simulator.Performance Evaluation,2(4). Yang, X., Dantu, R., Wijesekera, D. (2012). Security Issues in VoIP Telecommunication Networks.Handbook on Securing Cyber-Physical Critical Infrastructure: Foundations and Challenges, 763-789.