Peer-to-Peer IP Telephony Security Challenges

Peer-to-peer VoIP phone services provide an inexpensive alternative to traditional switched services.  So many businesses are looking at ways to implement this Internet-based functionality.  Before you make a decision to toss out the old and bring in the new, it’s important to understand the risks associated with Internet phone service. 

Since Skype is the unquestioned leader in this space, I’ll use it as an example provider to examine how these services work, the potential risks they pose for your business, and possible ways to reduce that risk. 

In 2003, Skype Technologies launched a free peer-to-peer Internet telephone service.  At first, users could only call each other via their PCs.  In 2004, however, Skype introduced SkypeOut.  SkypeOut allows users to place calls from their PCs using traditional phone service.  Skype services, now estimated to be installed on 245 million computers worldwide, provide a very inexpensive way to communicate with anyone, anywhere.  Let’s walk through an example of how Skype works.

 

Skype Example - SuperNode

 

In the graphic above, Tom and Chris have Skype installed on their PCs.  Tom is placing a call to Chris.  Tom’s PC, using a private IP address, is unable to communicate directly to Chris’ PC.  The Internet only sees a NAT address presented by ESI’s perimeter devices. Like all peer-to-peer IP telephone services, each skype end point must communicate with the other end point’s IP address.  Skype has solved this problem with the use of supernodes.

A supernode can be any PC on the Skype network that has a public IP address (one that can be routed over the Internet) and is visible to an end point with a private IP address.  In our example, ESI has left all outbound ports open, so Tom’s PC searches the Skype network looking for a system it can use as a supernode.  Once it finds one, Tom’s PC establishes a relationship with the supernode so it can act as an intermediary to establish a voice connection with Chris.

Before the voice connection is established, Tom must enter his Skype user ID and password.  These are stored in the only central database in the Skype peer-to-peer network.  Once authenticated, Tom’s PC establishes an encrypted voice communication with Chris’ PC.  Chris hears a ring through the speakers on his PC.  He completes the call setup by using his Skype software to accept and process the call.  Tom and Chris then use microphones, headphones, speakers, etc. to communicate with each other with a high quality VoIP connection.

If Tom wanted to connect with a traditional telephone number instead of another PC with Skype software installed, he would have to use the SkypeOut service.  This is a for- fee service that routes Skype calls from the peer-to-peer network to the standard switched voice carriers.

This all sounds pretty simple.  It is.  It’s easy to implement, inexpensive, and it’s flexible.  In addition to voice, users can transfer files and participate in instant messaging conversations.  So with all these advantages, what’s the downside?

Skype will not release the details of its encryption scheme.  Although they claim to base it on the RSA standard, this isn’t verifiable.  Nor is it possible to test for vulnerabilities.  The best that can now be said about Skype encryption is that it prevents casual compromise of voice and data packets.

According to Gartner, the overall security of the Skype solution depends on many factors, in addition to encryption.  These factors include:

  1. The reliance on the security of all the other nodes in the network.  Threats related to monitoring conversations as they flow through a supernode and receiving malware that rides the voice or IM connection are possible.
  2. Skype program auto updates.  These updates occur without warning in a manner that is often transparent to Skype network users.  These changes may introduce new, unknown vulnerabilities. 

One of the biggests issues with Skype is the manner with which it establishes and maintains voice sessions.  Unlike other VoIP vendors, Skype founders didn’t believe the IETF standard SIP was suitable for their purposes.  So they came up with a new way — a proprietary way — to move voice over the Internet.  According to Gartner, there are problems with this approach.

Firewall vendors typically support SIP filtering.  This allows secure management of call packets.  But since Skype’s Proprietary Protocol (SPP for the purposes of this article) is not in widespread use, firewall vendors don’t see value in paying for the R&D necessary to incorporate SPP support into their products.

To enable Skype within an organization’s network, network administrators must provide Skype with unrestricted access to outgoing TCP connections.  If open ports in the firewall isn’t an option, administrators can set up port 443 (SSL) or port 80 (HTTP) in a non-standard configuration that allows SPP to pass.  Either approach punches holes in perimeter defenses.

Malware, like worms and keystroke loggers, can use the open ports to call home.  This common malware function allows unwanted software to either send sensitive data to an attacker or to retrieve additional, possibly more destructive, malware from a home server.  If administrators allow protocols other than SSL and HTTP to pass through ports 443 and 80, additional attack paths trageting servers or PCs behind company firewalls are possible.

If an organization feels that the reduced cost of peer-to-peer VoIP is worth the additional risk, here are a few risk management recommendations.

  1. Do not configure company Internet firewalls to allow either of the connection methods recommended by Skype – opening all outgoing ports or using nonstandard port 443 and port 80 configurations.  This effectively shuts down the use of Skype from the internal network.  Remote users can still connect with Skype by initiating a direct Internet connection rather than using a connection via the company network. 
  2. If an organization must use Skype from its internal network, only allow port 443 access.  In addition, ensure the PCs are protected with personal firewalls and up to date anti-virus and anti-spyware software.  Regular checks should be made to ensure root kits and keystroke loggers haven’t managed to ride the Skype trail to your resources.

Peer-to-peer VoIP might eventually become an enterprise solution.  This will require standardization on open standards and more cooperation with third party testers and analysts.  But until that day comes, be very careful about reducing costs at the expense of information security.

Author:  Tom Olzak 

Sources:

Evaluate the Security Risk of using Skype for Enterprise Telephony (Gartner #G00126501)

VoIP and Skype Security

Scientists warn Skype ideal for hackers

Leave a Reply

You must be logged in to post a comment.