Design and implementation of a Hybrid Client-Server and Peer-to-Peer VoIP System

Tsai, Jen-yu

23 July 2007

There are two main architectures in VOIP system at present. First is peer-to-peer, it has highly scalable, fault-tolerant and also can lighten the number and reliance of server. But there is no standard protocol between peers with different architecture, cause the clients unable to communication with each other. This problem can be solved by communicating from one P2P network to another. Second is Client-Server, it has mass of research data, lots of actual products, and standard protocol. This architecture is the most perfect one with simple structure, easy to maintain, lower response time than peer-to-peer structure, and has a variety of additional services, for instance Voice Mail, conference call, etc. All the client need is to obey sip standard protocol and it can register to any sip proxy to make a phone call. The disadvantage is no server no use. These two architectures have both good side and bad side, none of them is absolutely perfect. Our thesis is proposed a all new idea about ¡§Hybrid¡¨, this idea combine P2P and Client-Server architecture together to design a flexible soft phone that can be used is normal condition to register to a proxy, or setup a P2P network instantly in our own local area network. Finally our DCHS Mechanism is workable even when the sip proxy is maintaining or failure the client can use this mechanism to call any other user outside the P2P network by sharing other peers¡¦ call history.

voip system

hybrid

peer-to-peer

Konstruktion och penetrationstestning av VoIP-system

Hortling, Johan, Bergh, Erik, Karlsson, Daniel

January 2012

VoIP-system inom företag blir mer vanligt. Säkerheten bör då beaktas för att undvika hot som riskerar konfidentialitet, integritet och tillgänglighet. Denna rapport visar resultat från två olika VoIP-systems säkerhet med hjälp av praktiska penetrationstestscenarion i labbmiljö. En redogörelse över verktyg som är använda för säkerhetstesterna mot VoIP och tillvägagångssätt redovisas i rapporten med förklarande text och tabeller. / VoIP systems in enterprises are becoming more common. Security should then be followed to avoid threats against confidentiality, integrity and availability. This report shows the results from two different VoIP systems security using practical penetration test scenarios in a laboratory environment. A statement of tools that are used for safety tests on VoIP and methods for this, is presented in the report with explanatory text and tables.

penetrationstestning

VoIP-system

Computer Sciences

Datavetenskap (datalogi)

Metody zajištění bezpečnosti VoIP provozu Open source PBX / Security provisions of VoIP traffic in Open source PBX

Chalás, Jaroslav

January 2010

Main goal of creating the Open Source project and GPL licence are free sources and applications available for a wide public. Competent communities are responsible for support and upgrade of Open source based applications and softwares, which are created on a voluntary bases. Due to this fact an implementation depends on plenty others publicly available libraries and applications, which sometimes complicate the installation process itself. Successfully created VoIP connection is two-phase based process. Signalization is necessary in the first place, which might be supported with H.323 or SIP. After call parameter negotiation – voice codec, cipher code, ports etc, the second phase takes over to transfer voice. Theoretical part of this thesis describes SIP, H.323, MGCP, RTP and IAX protocols, as well as secure ways of signalization and voice stream part of the call. These might be SIPS, SRTP, ZRTP and IPsec. In thesis Open Source Asterisk PBX is well described, when mentioning its options, features and community support. I put near options available for particular releases and introduce attacks and abuses which are possible to perform on the VoIP system in general, together with available, no cost and working tools to perform the attacks with. Practical part focuses on possibilities to generate experimental attacks on individual systen parts with exact definition of what the consequences are. Based on the overall analyse of achieved results I conclude three solutions as autoinstallation linux packages. These „deb“ packages consist of specific Asterisk release required to meet the security needs, ready-to-test configuration and guide to follow with correct options to set. Final security possibilities requires hardening on application layer, where Iptables takes its part. „Linux firewall“ as some express Iptables are configured to reflect VoIP system parameters and protect from DoS attacks.