International Journal of Internet, Broadcasting and Communication

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Security Exposure of RTP packet in VoIP

  • Received : 2019.06.09
  • Accepted : 2019.06.20
  • Published : 2019.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

VoIP technology is a technology for exchanging voice or video data through IP network. Various protocols are used for this technique, in particular, RTP(Real-time Transport Protocol) protocol is used to exchange voice data. In recent years, with the development of communication technology, there has been an increasing tendency of services such as "Kakao Voice Talk" to exchange voice and video data through IP network. Most of these services provide a service with security guarantee by a user authentication process and an encryption process. However, RTP protocol does not require encryption when transmitting data. Therefore, there is an exposition risk in the voice data using RTP protocol. We will present the risk of the situation where packets are sniffed in VoIP(Voice over IP) communication using RTP protocol. To this end, we configured a VoIP telephone network, applied our own sniffing tool, and analyzed the sniffed packets to show the risk that users' data could be exposed unprotected.

Keywords

References

  1. RTP: A Transport Protocol for Real-Time Applications, https://datatracker.ietf.org/doc/rfc3550/
  2. KakaoTalk, accessed on Aug 26, 2018, https://www.kakaocorp.com/service/KakaoTalk
  3. VoIP Voice over IP, Voice over Internet Protocol, Internet Telephony, http://www.ktword.co.kr/abbr_view.php?m_temp1=1120
  4. The Secure Real-time Transport Protocol (SRTP), https://datatracker.ietf.org/doc/rfc3711/
  5. Malcolm Davenport, "Channel Driver Modules", Asterisk Wiki, last modified by Rusty Newton on Jul 10, 2014, accessed on Aug 26, 2018, https://wiki.asterisk.org/wiki/display/AST/Channe l+Driver+Modules
  6. H. Schulzrinne, S. Casner, "RTP Profile for Audio and Video Conferences with Minimal Control.", RFC3551, The Internet Society, 2003.
  7. Malcolm Davenport, "RTP Packetization", Asterisk Wiki, last modified by Matt Jordan on Aug 08, 2012, accessed on Aug 26, 2018, https://wiki.asterisk.org/wiki/display/AST/RTP+Packetization
  8. Patrick Park, "Voice over IP Security", Cisco Press, 2009.
  9. Himanshu Dwivedi, "Hacking VoIP", No Starch Press, 2009.
  10. Laura Chappell, "Wireshark Network Analysis: The Official Wireshark Certified", Protocol Analysis Institute, 2010
  11. Theo Zourzouvillys, Eric Rescorla, "An Introduction to Standards-Based VoIP: SIP, RTP, and Friends", IEEE Internet Computing, Vol. 14, Issue 2, pp. 69-73, March-April 2010. DOI: https://doi.org/10.1109/MIC.2010.31