Data communication was standardized on IP a long time back, then came Voice over IP (VoIP), and the latest jewel in IP's crown is Surveillance. The benefits of moving to IP are fairly well known. For one, since it's the de facto standard of communication, interoperability issues amongst devices are gone. Second are cost savings, especially in the wake of VoIP. As you're using the same network for voice and data communication, you save on infrastructure costs. Plus, of course you can use your existing data links between your various branch offices for voice as well, thereby saving on STD bills. As, surveillance has also moved over IP, you can now monitor remote locations from anywhere, and have much more fine grained control over physical security.
All this doesn't mean that everything is hunky-dory in this technology. Issues of security and quality are there that need to be tackled. Let's look at some of the key developments in everything over IP in more detail.
Wireless and VoIP convergence
To enhance user mobility, vendors have merged wireless networking with VoIP, to create WiFi VoIP phones. Analogous to the way you access e-mail, you can receive incoming calls anywhere in the world, as long as you're connected to the Internet. Take your phone, along with the number and enter a wireless hotspot to make a call. There are phones from Siemens, ZyXel, Vonage and Net2Phone that offer this facility.
This facility is further extended by Worldwide Interoperability for Microwave Access (WiMAX) technology (IEEE 802.16a). Created to operate in a high frequency band from 10 to 66 GHz, WiMAX extends the WiFi experience across the length and breadth of a city. It uses transmitters like cell phone towers to transmit signals, ensuring relentless connectivity to the mobile user. Since line-of-sight transmission is not involved, it becomes easier for multiple users to connect at the same time. It is particularly cost-effective for geographic locations where laying wired hardware is quite expensive. Plus, it provides superior bandwidth than WiFi, where users are in a continuous battle over connectivity. With a range radius running into several tens of miles, users don't have to worry about hopping from one hotspot to the other. Wireless VoIP is of particular importance to certain verticals such as health care and retail, where worker mobility is urgently needed. However, security issues that plague wireless systems need to be addressed to ensure wider acceptance.
Unlicensed Mobile Access or UMA allows cellular phone users to access GSM voice and data services over broadband Internet across various hot spots. Using this technology, subscribers can easily roam amongst cellular networks and unlicensed wireless networks using dual-mode mobile handsets.
You can connect to wireless access points using unlicensed access technologies, such as WLAN (WiFi) and Bluetooth. Nokia has recently developed a UMA solution that provides network operators with UMA Network Controller (UNC), linking their broadband and GSM networks. The UMA capable phone, Nokia 6136, enables VoIP communication through WiFi in hot spots, and in places without WiFi, the cellular network is used. This technology can be used by operators to provide an alternate to fixed telephony as it allows the subscriber's mobile handset to be their main phone at home, office and on the move.
The threats to Internet telephony are genetically closer to those for IP networks than PSTN networks. A VOIP call can be broken into two parts: signaling and media. If neither of these is encrypted, the call becomes vulnerable to signal-channel attacks that fake caller ID, distort call quality, end calls abruptly, and crash the end device. RTP is widely used for transmitting audio and video packets between communicating computers.
|Voice Extensible Markup Language (VXML),
facilitates interactive voice communication between a person and a
computer, using voice recognition technology. The user interacts with the
voice browser by listening to audio output that is either
pre-recorded or computer-synthesized and submits an audio input (his natural voice) through a telephone. VXML has tags that instruct the voice browser to provide speech synthesis, automatic speech recognition, dialog management and audio playback. Mostly, HTTP is used as the transport protocol for fetching VXML pages. Dynamic Web VXML pages are generated through application servers such as Tomcat, WebLogic and WebSphere.
However, since data packets are not transmitted in encrypted form, they can be eavesdropped on by black hats throughout the transmission path. Thus, RTP was improved upon to form SRTP (Secure RTP). It provides for encryption, authentication, and integrity of the audio and video packets transmitted between two devices. Then there is Skype that provides built-in encryption. We also have an Open Source product, Zfone, that uses a VoIP encryption protocol called ZRTP, to set up the cryptographic key agreement. This is done on a peer-to-peer basis, a new key being used for each telephone call. However, for this tool to function, both parties need to have it installed at their ends. Zfone uses encryption hash technology that provides a unique three-digit identifier when a caller initiates a VoIP call. When a conversation starts, callers share these identifiers with each other, to ensure that there is no 'man-in-the-middle' attack. The rest of the conversation is completely encrypted.
Juniper Networks has also introduced its 'Dynamic Threat Mitigation' software to secure network services such as VoIP. Using Juniper routers and IDS/IPS, the software prevents SIP attacks, worms and denial-of-service attacks, in real time.
Though encryption for IP telephony is important, it's not the ultimate cure. The biggest threat is eavesdropping at end points. No amount of IP telephony encryption can prevent a Trojan or worm on your computer-or a hacker who has managed to access your system-from eavesdropping on your phone calls. So, end-user computers need to be as secure as the transmission channels.
|IVE Video Plus Voice Service|
|Sony Electronics and GlowPoint have launched
a new version of Sony's Instant Video Everywhere (IVE) service, to provide
free video and voice service for consumers throughout the globe. IVE
combines VoIP services with live video to enable users to send and receive
video and voice calls worldwide with other IVE users, and also to cell
phones, telephones, and other traditional video or audio conferencing
You can communicate outside your home or office from any broadband enabled location or 'hotspot.' The customers have the flexibility of communicating beyond users of the same proprietary service. The IVE service is a tremendous boon for people living in different parts of the globe as they can see and talk to each other simultaneously, using real-time, high quality video. Similarly, the branch offices of an enterprise can hold video conferences from different locations.
It has started making dents into the conventional CCTV security installations for reasons of both performance and cost benefits. You can use your existing structured cabling infrastructure for carrying video signals from an IP camera. You also save costs on infrastructure maintenance, monitoring and management of equipment, and specialized training of personnel. With IP networks, you have access to a wide range of automated software settings and alert systems that make security management more efficient. You can view video signals over a Web browser, which implies you enjoy the flexibility of viewing them over a device, time and place of your choice. A major benefit is remote control over all your cameras from one console. You can even record all videos on your hard disk, which means accessing them becomes a lot faster. IP Surveillance also offers easy scalability, as additional cameras can be added one at a time, whereas analog systems generally require increments of 8, 16 or 24 cameras.
Voice over VPN
While deploying VoIP on LANs, it is recommended to create a separate VLAN (Virtual LAN), to keep voice and data networks separate. Thus, any attack on one would not have debilitating effects on the other. Securely sending VoIP data across a VPN tunnel also helps to get around problems related to firewalls that try to block VoIP data. For this, a VoIP gateway-router first converts the analog signals to digital form and then encapsulates the digitized voice within IP packets. Encryption of these packets can be done using IPSec, after which these encrypted voice packets are routed through a VPN tunnel. At the receiver's end, another VoIP router decodes the digital voice and converts it into an analog signal for the phone, which in turn converts it to voice.
An IP based PBX system (IP PBX) allows an organization to converge both voice and data networks, over a LAN or a WAN. It uses standard packet-switch protocols to carry voice across a data network. A good thing about an IP PBX is that it can scale as per the organization's need, without needing any expensive support from traditional PBX providers. As it is based on open standards, users are not captive to a proprietary architecture. They can choose components from best vendors for future enhancements. Most vendors provide support for legacy devices as part of IP PBX solutions. This creates a seamless interface between the external PSTN network and the internal data network of an organization. IP PBXs come in two flavors: client-server and converged. The former supports client devices and switching using only IP telephony. The connectivity to traditional PBX servers or PSTN is established using an external TDM-to-IP gateway. While the latter supports both VoIP and TDM within the same server. It connects to PSTN and IP data networks as well as IP phones, SIP phones and soft phones.
|Security and VoIP|
To understand how VoIP calls are hacked, let's take an example of a VoIP network based on SIP and one that uses RTP for voice communication between two places. Take two VoIP phones (from the same vendor) and an IP PBX. Connect all of them to a hub. As RTP is not encrypted, a black hat can initiate a 'Man in the Middle' attack to capture a stream. Hook a machine on the same network, and run a hacking tool such as Ethereal. You can start capturing data by going to the tool's Capture menu and selecting the appropriate network adapter. Let Ethereal capture the data till the call ends. After that, stop the capture process and go to Statistics menu, and select the RTP submenu. Here, click on 'Show All Streams,' which opens a new window. You will see two different RTP streams. Select both the streams one by one and click on 'Analyze.' In the next window, click on 'Save Payload,' which would open another window. Give a name to the file, select the '.au' and 'forward' radio buttons, and save this file. Play this file on any media player and listen to the conversation between the two VoIP phones.
The use of IP in telecom services is increasing by the day. So, even if you have not started using IP based services yet, get your infrastructure in place fast.
|Plustek's IP Camera|
The IPcam P1000A enables managers to watch their premises from anywhere, anytime. You can watch live and recorded video feed on notebooks, PDAs and cellphones enabled with Internet connectivity. Besides this, users can also broadcast live activity videos, product shoot etc, to viewers in real time over a LAN or the Internet. The camera can be programmed to start recording only when it detects any motion or to record for a certain length before and after the motion. It can also be programmed to start and stop recording at a particular time and day of the week.