OUSPG

[This page is CSS2 enabled. Your browser might not fully support it]

Security analysis and experiments for Voice over IP RTP media streams

$RCSfile: index.html,v $ $Revision: 1.2 $ $Date: 2006/05/26 10:56:30 $

ABSTRACT

The Real-Time Transport Protocol (RTP), a transport protocol for real-time applications is the standard for transmitting encoded voice and video in IP telephony, including networks built using elements depending on Session Initiation Protocol (SIP) and H.323 protocol family. Different security requirements were analyzed, potential vulnerabilities were identified, and means of attacking them were built. As a case study, we assessed six implementations using the found attack methods trying to compromise the classical information security principles: confidentiality, integrity and availability. All of the implementations available for evaluation failed to perform in a secure manner under the test. We managed to eavesdrop the media stream and to inject a third party voice into an ongoing call. Finally, we successfully performed Denial-of-Service (DoS) attacks.

[This page is CSS2 enabled. Your browser might not fully support it]