Development of a VoIP security system based on H.323 protocol

number: 
1642
English
Degree: 
Author: 
Mohammed Munther Ismail Al-Ani
Supervisor: 
Dr. Fawzi M. M. Al-Naima
Dr. Siddeeq Y. Ameen
year: 
2007
Abstract:

In this thesis a secure IP-Telephony framework is proposed. This framework relies on H.323 and covers two of the most important weaknesses that were in the original H.323 and were not covered in an efficient and easily implementible way. These two weaknesses are secrecy of voice data traveling from one EndPoint to another, and authentication between GateKeepers when calls made are Inter-GateKeeper calls. In the suggested framework, Advanced Encryption Standard and HMAC-SHA1-96 were used to overcome the weak points of the original H.323.The suggested framework was implemented and tested and has proved strength over most popular IP-Telephony attacks and provided acceptable quality of service as compared to other solutions of the H.323 security loopholes. The implementation was tested for two different scenarios; calls placed on EndPoints laying in the same local area network, and calls made over the Internet with EndPoints laying in different zones.For the local area network calls, the delay was 61 milliseconds, and the jitter was 8 millisecond, with an average loss of 0.93%. For the Internet-seperated EndPoints, the delay was 265 milliseconds, and the jitter was 41 milliseconds, with an average loss of 1.22%. These values were calculated for 1000 calls.The implementation environment included Asterisk software as the GateKeeper software, and JCPPhone as the EndPoints software. The Asterisk version used was AsteriskNOW beta5-x86. It was installed on Linux servers.The proposed system has shown more resistance towards the most common three IP-Telephony attacks; toll fraud, eavesdropping, and denial of service. The features of the proposed system were compared with the original H.323 set, Session Initiation Protocol, and H.235 Annex D.