VoIP Security – Transport Protocols Layer – Part 2

3. RTCP insertion attacks

RTCP is the control protocol associated with RTP. RTCP is based on the periodic transmission of control packets to all participants in the session, using the same distribution mechanism and route as the RTP packets. RTCP uses different port numbers than the associated RTP stream. The most important function of RTCP is to analyze traffic conditions and provide feedback on the quality of the data distribution. This is an integral part of the RTP’s role as a transport protocol and is related to the flow and congestion control functions of other transport protocols.

Based on RTCP parameters such as packet-loss, delay and jitter can be determined. Additionally, RTCP provides a session leave mechanism by the use of a special BYE packet An attacker with the ability of inserting forged RTCP packets in a RTP conversation can forge this reports and force induce disruptive behaviours.

4. Possible solutions for RTP based attacks

As is the case with some of the SIP based attacks, most RTP based attacks (excepted for eavesdropping) rely on forging spoofed RTP/RTCP packets and inserting them in the RTP stream.

Without protection, specialists consider RTP as an insecure protocol. If an attacker has the ability to intercept RTP packets, forging his/her malicious packets and emitting them at the right moments is trivial. Even if the attacker does not have access to the RTP stream, creating rogue RTP packets that will appear as legitimate and thus launching attacks is not a difficult task, given the attacker has some information on the peers involved in the RTP stream. If no such information is available to the attacker, the use of UDP as the transport protocol for RTP makes brute force attacks on RTP unprotected packets’ parameters virtually untraceable and easily conductible. As was the case with SIP, the solution for protecting RTP streams against the attacks described earlier is introducing an encryption mechanism and digital signatures such as secured hashes. SRTP or Secure Real-time Protocol is the standard for secure Real-time Transport Protocol.

Secure Real-time Protocol (SRTP) The Secure Real-time Protocol is a profile of the Real-time Transport Protocol (RTP) offering not only confidentiality, message authentication, and replay protection for the RTP and RTCP traffic. SRTP was being standardized at the IETF in the AVT working group. It was released as RFC 3711 in March 2004.

Source: VoIP Security – A layered approach