Link xem tivi trực tuyến nhanh nhất xem tivi trực tuyến nhanh nhất xem phim mới 2023 hay nhất xem phim chiếu rạp mới nhất phim chiếu rạp mới xem phim chiếu rạp xem phim lẻ hay 2022, 2023 xem phim lẻ hay xem phim hay nhất trang xem phim hay xem phim hay nhất phim mới hay xem phim mới link phim mới

Link xem tivi trực tuyến nhanh nhất xem tivi trực tuyến nhanh nhất xem phim mới 2023 hay nhất xem phim chiếu rạp mới nhất phim chiếu rạp mới xem phim chiếu rạp xem phim lẻ hay 2022, 2023 xem phim lẻ hay xem phim hay nhất trang xem phim hay xem phim hay nhất phim mới hay xem phim mới link phim mới

intTypePromotion=1
ADSENSE

Ứng dụng OpenVPN để nâng cao bảo mật cho công nghệ thoại qua IP (VoiceIP)

Chia sẻ: Huyết Thiên Thần | Ngày: | Loại File: PDF | Số trang:8

17
lượt xem
0
download
 
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Bài viết "Ứng dụng OpenVPN để nâng cao bảo mật cho công nghệ thoại qua IP (VoiceIP)" nghiên cứu công nghệ VPN và các giao thức bảo mật của nó để cung cấp phương thức bảo mật VoIP. Mạng riêng ảo (VPN) là một mạng riêng để kết nối các máy tính của các công ty, tập đoàn hoặc tổ chức với nhau thông qua cơ sở hạ tầng Internet công cộng, cho phép truyền dữ liệu an toàn qua Internet. VPN có nhiều tùy chọn và nó có thể được sử dụng với một số giao thức bảo mật như IPSec, L2TP, PPTP, OpenVPN, IKEv2, SSTP. Mời các bạn cùng tham khảo chi tiết nội dung bài viết!

Chủ đề:
Lưu

Nội dung Text: Ứng dụng OpenVPN để nâng cao bảo mật cho công nghệ thoại qua IP (VoiceIP)

  1. ỨNG DỤNG OPENVPN ĐỂ NÂNG CAO BẢO MẬT CHO CÔNG NGHỆ THOẠI QUA IP (VOICEIP) Vương Thị Nhung Trường Đại học Hà Nội Tóm tắt: Công nghệ thoại qua IP (VoIP) ngày càng phổ biến hiện nay, việc áp dụng các giải pháp VoIP tại các tổ chức thường nhằm mục đích tối ưu hóa chi phí thoại và cải thiện hiệu quả công việc. Vì VoIP phụ thuộc vào kết nối Internet, nó sẽ gặp phải các mối đe dọa và tấn công mà máy tính gặp phải. Do đó, cần phải tìm hiểu các biện pháp bảo mật cho VoIP. Bài viết này nghiên cứu công nghệ VPN và các giao thức bảo mật của nó để cung cấp phương thức bảo mật VoIP. Mạng riêng ảo (VPN) là một mạng riêng để kết nối các máy tính của các công ty, tập đoàn hoặc tổ chức với nhau thông qua cơ sở hạ tầng Internet công cộng, cho phép truyền dữ liệu an toàn qua Internet. VPN có nhiều tùy chọn và nó có thể được sử dụng với một số giao thức bảo mật như IPSec, L2TP, PPTP, OpenVPN, IKEv2, SSTP. Bài viết này đề xuất một mô hình sử dụng VPN và OpenVPN để đảm bảo việc truyền giọng nói một cách an toàn. VPN cung cấp một đường hầm riêng giữa người gọi và OpenVPN cung cấp tính toàn vẹn dữ liệu, xác thực dữ liệu, bảo mật dữ liệu và các cuộc tấn công chống phát lại, kết hợp lại các công nghệ này có thể cung cấp một giải pháp an toàn cho VoIP. Từ khóa: IPsec, Voice over IP, Voice over IP security, VPN, OpenVPN. Abstract: Voice over IP (VoIP) technology is increasingly popular nowadays, the application of VoIP solutions at organizations often aims to optimize voice costs and improve work efficiency. Since VoIP relies on an Internet connection, it has weaknesses with any threats and problems that a computer faces. Therefore, security countermeasures against VoIP vulnerabilities should be open for discussion. This articles investigate VPN and its security protocols to offer VoIP security. Virtual private network (VPN) is a private network to connect computers of companies, corporations or organizations together through the public Internet infrastructure, that allows secure transmission of data over the Internet. VPN has many options and it can be used with several security protocols such as IPSec, L2TP, PPTP, OpenVPN, IKEv2, SSTP. This article proposes a model using VPN and OpenVPN for securing the voice transmission. VPN provides a private tunnel between callers and OpenVPN provides data integrity, data authentication, data confidentiality and anti-replay attacks, together this suite could provide a completely secure solution for Voice over the Internet. Keywords: IPsec, Voice over IP, Voice over IP security, VPN, OpenVPN. IMPLEMENT OPENVPN TO ENHANCE VOIP SECURITY I. INTRODUCTION Voice over IP (VoIP) technology is increasingly popular nowadays, the 169
  2. application of VoIP solutions at organizations often aims to optimize voice costs and improve work efficiency. VoIP (short for Voice over Internet Protocol) means the technology of transmitting human voice over a computer network using the TCP / IP protocol suite [1]. It uses existing network infrastructure (on LAN, WAN, Internet) to transfer voice signals. This technology is essentially based on packet switching, to replace the old circuit switching voice transmission. It combines multiple voice channels on a signal line, and these signals are transmitted over the Internet, so can reduce costs [1]. To do this, IP phones, often with built-in signaling protocols such as SIP or H.323, connect to an enterprise's IP PBX (IP PBX) or service provider. IP phones can be regular phones (except that instead of connecting to the telephone network via RJ11 communication line, the IP phone connects directly to the LAN via Ethernet cable, RJ45 interface) or voice software (soft-phone) installed on the computer [2]. VoIP offers several advantages over traditional PSTN telephones [2]. International VoIP call charges are often much cheaper than PSTN networks because voice signals are packaged and transmitted on the same network infrastructure. Fax can also be used via IP network or some supported VoIP services such as automatic answering, displaying incoming calls, displaying missed calls, diverting calls, making lists of phone numbers. Using both conventional phones and IP phones (wired or wireless) via LAN (Local Area Network) will ensure that business communications are not interrupted when the problem occurs. Unlike traditional phone systems, you may even make a call during a power outage in a VoIP system, if the power is out, VoIP will not be able to make a call [2]. There are also some issues related to that, home security systems or emergency numbers may not work as expected. Furthermore, VoIP are unable to connect to emergency services (emergency, fire alarm ...). VoIP also inherits the main problems of routing over broadband connectivity, too [2]. There are inherent security problems of the Internet due to shared equipment and data transmission environment. The new protocol specifically for VoIP has yet to address security issues (for example, the risk of eavesdropping on VoIP calls is quite high because data packets must be forwarded through multiple intermediaries before reaching the listener) or with unauthorized access, hackers can take advantage of security holes to gain access to the network. VoIP is a new and widely-used technology, therefore, this article addresses some security issues related to VoIP and propose a model to tackle security issues of phone calls over the Internet. II. SECURITY ISSUES OF VOICE OVER IP Because VoIP relies on an Internet connection, it has weaknesses with any threats and problems that a computer faces. This technology is also a new technology, so there is much debate about possible attacks, VoIP may also be attacked by viruses and other 170
  3. malicious codes. Attackers can block communications, eavesdrop and perform fake attacks by manipulating IDs and disrupting your service. Actions that consume a lot of network resources such as downloading files, playing online games, etc. also affect VoIP services. A number of researchers [1] [2][3][4] indicates several VoIP security vulnerabilities. Some of typical attacks to VoIP can be named: Man in the middle: Eavesdropping via VoIP technology is even more at risks due to the many nodes sharing the same link between the listener and the receiver. An attacker can hear the call by capturing IP packets flowing through intermediary nodes. There are quite a lot of free tools and tools associated with network cards that support Man in the middle attacks. Unauthorized access attack: An attacker may invade the network resources due to subjective reasons of the network administration. For example, the default password of the gateway and switch is not changed, the attacker may take advantage to invade. Old switches still use telnet to remote access, and plaintext passwords can be exploited once an attacker sniffs the network. Caller ID spoofing: Caller ID is a service that allows user to know the number of the caller. Caller ID spoofing is an impersonation technique that allows or changes the caller's ID number with the numbers set by user. Compared to the network communication phones, it's much easier to spoof VoIP phone numbers, there are quite a few tools and websites that allow this. Denial of Service (DoS): DoS attack condition occurs when device in the local network is the destination of flooding the packets, resulting in loss of communication between the nodes of the network structure [1], [2]. Attacked by DoS, services are broken and reduce CPU bandwidth and resources. For example: some IP phones will stop working if they receive UDP packets greater than 65534 bytes at port 5060. III. VIRTUAL PRIVATE NETWORK A. Virtual Private Network 1) Definition Virtual private network (VPN) is a private network to connect computers of companies, corporations or organizations together through the public Internet infrastructure [5]. The growing demand for secure data transmission in an organization or company leads to the need for VPN solutions. In addition, the tendency of remote, decentralized network work for enterprise enterprises with many branches and the growth of mobile employees also increases the demand for accessing information resources of company. VPN provides remote access to an organization's resources anytime, anywhere, connects office branches together and controls access of customers, suppliers and external entities to the organization's resources [5]. 171
  4. VPN provide several advantages [5] including: - Cost saving: compared to leased line, VPN setup cost is lower due to using Internet infrastructure. - Flexibility: VPN has removed the geographical barrier for the network, ready to connect private networks together easily through the Internet environment. - Increased security: Transmission data will be hidden for unauthorized users and only visible to authorized users. VPN use encapsulation protocols, encryption algorithms and authentication methods to secure data during transmission. - Secure IP address: because the information sent on the VPN is encrypted, the addresses inside the private network are shielded and only use public addresses outside the Internet. 2) Types of VPN VPN technology can be classified into two basic types: Site-to-Site VPN and Remote Access VPN [6]. Site to Site VPN: is also known as Router to Router VPN. It is commonly used in companies and large enterprise. Today, many companies have branches all over the country or the world; therefore, they use the Site to Site VPN network to connect the main office's network to other branches. This form of connection is called "Intranet". In addition, the Site to Site network is also useful in establishing links between companies and external parties, called "Extranets". In simple terms, Site to Site VPN builds a virtual bridge that connects remote networks together over an Internet connection, ensuring the transmission of information is safe and secure. Remote Access VPN: This type usually applies to mobile workers or home workers who want to connect to the corporate network securely. It is also applicable to small remote offices connected to the company's Central Office. Remote Access VPN is also known as User-to-Server, allowing remote users to use the VPN Client software to connect to the VPN Server. B. VPN protocols 1) PPTP Developed by Microsoft Corporation, Point-to-Point Tunneling (PPTP) creates a virtual private system based on dial-up connection, also known as VPN. Since it appeared PPTP is widely used as a standard VPN protocol. It is the first VPN protocol supported by Windows, PPTP operates based on authentication standards such as MS_CHAP v2 which is currently the most popular [5]. The advantage of PTTP is the ability to set up easily and not consume a lot of system resources. And this is why many businesses choose this VPN as the solution. Although using the 128-bit encryption standard, PPTP only has a few vulnerabilities such as MS-CHAP v2 Authentication is 172
  5. the most severe [5]. So PPTP can be cracked in round 2 seconds here. Although the vulnerability has been overcome by Microsoft, the tech giant also recommends alternative protocols such as SSTP or L2TP. 2) LT2P Before the introduction of the L2TP standard (August 1999), Cisco used Layer 2 Forwarding (L2F) as the standard protocol for creating VPN connections. L2TP came later with features integrated from L2F. L2TP is a combination of Cisco L2F and Mircosoft Point-to-Point Tunneling Protocol (PPTP). Microsoft supports the PPTP and L2TP standards in WindowNT and 2000 versions. L2TP is used to create independent, multi-protocol connection for dial-up virtual private network (Virtual Private Dial-up Network). L2TP allows users to connect through corporate security policies to create VPN or VPDN as an extension of the corporate intranet [5]. However, L2TP does not provide encryption. L2TP is a combination of PPP (Point-to-Point protocol) with Cisco's L2F (Layer 2 Forwarding) protocol so it is very effective in connecting dial, ADSL, and other remote access networks. This extended protocol uses PPP to allow VPN access by remote users. 3) IPSec IPsec is integrated in many "standard" VPN solutions, especially in Site-to-Site VPN solutions to connect two LANs together. IPSec in tunnel mode secures packets exchanged between two gateways or between the clients and the gateway. IPSec operates at the Network layer, it does not depend on the Data-Link layer like the protocols used in other VPNs such as L2TP, PPTP [5] [7]. IPSec supports many algorithms used to ensure data integrity, consistency, confidentiality and authentication of data transmission on a public network infrastructure. The techniques that IPSec uses provide the following 4 common features: data confidentiality, data authentication, data integrity and anti-replay [5] [7]. Authentication is done via Internet Key Exchange (IKE) or with digital certificates, which is a more secure method or via a shared key (preshared key). IPSec VPN can protect against most common attacks including Denial of Service (DoS), replays and "man-in-the-middle". 4) IKEv2 IKEv2 stands for English-Internet Key Exchange Version 2, a protocol based on IPsec tunneling technology, developed by Cisco and Microsoft. The protocol appears on Windows 7 onwards as well as Linux and other platforms including Blackberry. This protocol is also known as VPN Connect as the name of Microsoft Corporation. It works to recreate the VPN connection automatically when the connection is temporarily closed. IKEv2, also known as Mobility and Multi-homing protocol, is a standard that makes network roam easily. In addition, it is also quite useful with Blackberry devices 173
  6. because it is the few protocol that supports this platform. Although it supports fewer operating systems compared to IPsec, IKEv2 is not inferior to stability, security and performance [6]. 5) OpenVPN OpenVPN is an open source commercial software that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections [5] [7]. It uses a customized security protocol that uses SSL/TLS for key exchange. It was written by James Yonan and released under the GNU General Public License (GPL). OpenVPN allows parties to authenticate each other using a pre-shared key, public key infrastructure or username/password. When used in a multiclient-server configuration, it allows the server to issue one authentication certificate to each client. It uses the OpenSSL encryption library as well as the TLS protocol and contains many security and control features. The speed of OpenVPN depends on the encryption algorithm it uses but is usually faster than IPsec. Although OpenVPN is included by default in many VPN services, it is not supported in any operating system. Some 3rd party software supports both Android and iOS. In terms of setup, it is not easy to compare OpenVPN with L2TP / IPsec and PPTP, since there are many types of OpenVPN software being used today. Currently, OpenVPN has not been cracked by the NSA. It appears that OpenVPN when combined with strong encryption is the only VPN protocol that is completely secure. 6) SSTP Launched by Microsoft Corporation in Windows Vista Service Package 1, SSTP (secure socket tunneling) now appears on SEIL, Linux and RouterOS, but mostly for Windows versions. Using SSL v3, the feature is quite similar to OpenVPN such as the ability to reduce the state of NAT firewall. SSTP is a fairly stable and easy to use VPN protocol, especially for Windows operating systems. However, owned by Microsoft and and in cooperation with NSA so the security is still not high [6]. IV. THE PROPOSED MODEL This article proposes a model of using OpenVPN to secure Voice transmission over the public Internet after making comparison of different security VPN protocols. VPN protocols provides a private tunnel between senders/receivers or callers. If VPN is deployed, it provides not only VoIP security but also other security features that comes along with VPN such as: local email, file sharing and many more in a secure manner. Data and voice would be encrypted to protect the intrusion from attackers. Man in the middle cannot eavesdrop because data is encrypted and visible to only authorized users. OpenVPN offers higher performance and faster speed than other VPN technologies where speed is an important consideration in voice transmission. Furthermore, other VPN protocols use popular security algorithms, that is standardized and available for 174
  7. many platforms. However, it is also the problem. It has been studied and invented for a long time, easily a target for an attacker or security specialists. A typical model of Site-to-Site OpenVPN for VoIP is depicted as in Figure 1. Figure 8: OpenVPN model for VoIP An OpenVPN server is set up at the Cental Office together with VoIP server. Remote connections might be Remote worker that installs OpenVPN client, or use IP phone or a network of analog phone to make VoIP call to the main office. Branches could use OpenVPN to both remote access to the Central Office, together with features of VoIP, fax and local applications or services. With OpenVPN, users from any places, any branches could make a VoIP calls in secure manner through a private tunnel where data is encrypted and users are authenticated to protect voice/data transmission. V. CONCLUSION This article proposes an OpenVPN model to secure VoIP transmission, although OpenVPN has some deficiencies such as: complex configuration, model suited for large enterprises, it is still a good solution to VoIP security with data security, confidentially and authentication and provides cheap-cost and secure phone calls for the organizations compared to conventional phone calls. REFERENCES [1]. Shaw, U. & Sharma, B. (2016). A survey paper on voice over internet protocol (VOIP). International Journal of Computer Applications, 139(2), 16-22. 175
  8. [2]. Ransome, J. F. & RittingHouse, J. (2005). VoIP Security. Elsevier Digital Press. [3]. Hasan, M. Z., & Hussain, M. Z. (2017). Collective Study On Security Threats In VOIP Networks. International Journal of Scientific and Technology Research, 6(01). [4] Mentsiev, A. U. & Dzhangarov, A. I. (2019). VoIP security threats. Инженерный вестник Дона, (1 (52)). [5]. Angelo, R. (2019). Secure protocols and virtual private networks: An evaluation. Issues in Information Systems, 20(3). [6]. Wu, Z., & Xiao, M. (2019, May). Performance Evaluation of VPN with Different Network Topologies. In 2019 IEEE 2nd International Conference on Electronics Technology (ICET) (pp. 51-55). IEEE. [7]. Novickis, T., Poll, E., & Altan, K. (2016). Protocol state fuzzing of an OpenVPN (Doctoral dissertation, MS thesis, Fac. Sci. Master Kerckhoffs Comput. Secur., Radboud Univ. Nijmegen, Nijmegen, The Netherlands). 176
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

 

Đồng bộ tài khoản
2=>2