IP BASED SECURITY ON VIDEO CONFERENCING

K.V. Rop1 and N.K. Bett2 Department of Telecommunication and Information Engineering Jomo Kenyatta University of Agriculture and Technology PO Box 62000-00200 Nairobi, Kenya. 2 Department of Technology, University of Eastern Africa, Baraton PO Box 2500 Eldoret, Kenya. 1 vikrop@gmail.com, 2nkbett2002@yahoo.com,
1

ABSTRACT
The communications industry, meeting the needs of an increasingly global commerce environment, has contributed to better productivity and bridged communities globally in almost every industrial segment. Video conference plays an important role in bridging the communication gap globally by using both audio and video telecommunications to bring people at different sites virtually together. Video conferencing has become increasingly popular as a way of communicating via video and audio with the end users in an open and interactive manner. Most of the video conference systems are internet protocol (IP) based, and the security and privacy concerns inherent in such communication have become a major challenge. By ensuring that security is set up properly, mainstream users of video conferencing will have the confidence to use video for a wide variety of applications. Additional connectivity challenges such as differing security policies and differing vendor standards have caused concern and delay for many videoconferencing deployments. In this paper, the security challenges faced in the implementation and the use of IP based video conferencing systems are evaluated. Keywords: Video Conference (VC), Security

1.0. INTRODUCTION Over the past few years, collaboration technologies, like audio, video, and web conferencing, have played an ever-increasing role in various business setups. With the ever increasing competition, businesses today are facing unique communication challenges that necessitate a dynamic and constantly changing workplace environment. To compete effectively, there is an increase need for traditional workers as well as for remote employees and work teams to stay connected and be able to communicate regardless of location, device, or network (ITU-T, 2003). This can only be achieved by utilizing various features that are associated with video conference systems. Video conference (VC) is a set of interactive telecommunication technologies which allow two or more locations to interact via two-way video and audio transmissions simultaneously. Over the past few years, VC in particular has undergone a dramatic transformation from a nice-to-have leading-edge technology into a crucial part of day to day operations by various business organizations. This can be greatly attributed to increase in IP network availability, capacity, affordability, and capabilities (Chown and Juby, 2004). Although virtually all companies agree that any business tool that saves time and money is worth considering, some companies are reluctant to adopt video conferencing technology for a variety of reasons. Even companies that already use VC often have difficulty proving that their use of

videoconferencing helps them achieve their corporate goals as it has a number of drawbacks. One major drawback of VC is the security (Honeyman et.al, 1998). Most private discussions cannot be shared via the public internet for fear of leaks and vulnerability. Encrypting the transmission can protect this information, but providing confidentiality to the users of the systems remains crucial. Whether the systems or communication sessions are hosted on secure or non-secure networks, the security threats and concerns are fundamentally the same. Security requirements for telecommunication networks and services should preferably be based upon internationally agreed security standards, as it increases interoperability as well as avoids duplication of efforts and reinventing the wheel. The provisioning and usage of security services and mechanisms can be quite expensive relatively to the value of the transactions being protected. There is a balance to consider between the cost of security measures and the potential financial effects of security breaches (Chown and Juby, 2004; Honeyman et.al, 1998). It is therefore important to have the ability to customize the security provided in relation to the services being protected. Due to the large number of possible combinations of security features, it is desirable to have security profiles that cover a broad range of telecommunication network services. This paper discusses some of the challenges that videoconferencing technology faces in regards to creating a secure IP videoconferencing. Each challenge is described in detail with various solutions presented.

2.0. BASIC SECURITY DIMENSIONS In order to use a videoconferencing system to host secure video sessions, the system must be placed into secure operating mode, and the appropriate classified network settings and directory information must be loaded. VC devices and infrastructure items must meet certain fundamental security requirements namely; principles of confidentiality, integrity, availability, authenticity, and accountability (ITU-T, 2003; Singh, 2006). Privacy and Data Confidentiality By limiting access of information to only those authorized to view them, a communication device must actively preserve the confidentiality of all the information that it stores, processes, transmits, receives, and presents. Items that must be protected include network configuration settings, administrative settings, security settings, user credentials, and of course all data, voice, and video traffic. Integrity To maintain its integrity, transmitted information should not be accidentally or deliberately altered in a way that impacts the value or meaning of the data. Data integrity refers to the quality of correctness, completeness, wholeness, soundness and compliance with the intention of the creators of the data (ITU-T, 2003). Most systems use digital certificates as a way of maintaining data integrity. Availability A number of intentional and unintentional threats like hacking, configuration changes, device malfunctions, etc may lead to uncompleted and/or incomplete information transfer from one point to another. Most VC systems have tried to maximize the availability of information by balancing cost, convenience, and risks. Accountability By tracking user activities, communication session information, and security violations, an element of accountability within the environment should be instilled (Mitchell and Alan, 2007). VC

systems managing personnel should ensure that the user is always guaranteed of secure and available video conferencing facilities by monitoring and protecting the network and associated features. Authentication is the provision of proof that the claimed identity of an entity is true where entities include not only human users but also devices, services and applications. Authentication also provides for assurance that an entity is not attempting a masquerade or an unauthorized replay of a previous communication (Chown and Juby, 2004). Access Control Under no circumstances should unauthorized persons access and use network resources. Only authorized personnel or devices are allowed access to network elements, stored information, information flows, services and applications. It is related but beyond the scope of Authentication.

3.0. OVERVIEW OF SECURITY ISSUES 3.1. Issues for consideration The security services and mechanisms that should be in place are related to protection against malicious attacks such as denial of service, eavesdropping, spoofing, tampering with messages (modification, delay, deletion, insertion, replay, re-routing, misrouting, or re-ordering of messages), repudiation or forgery (Chown and Juby, 2004; Singh, 2006). Protection includes prevention, detection and recovery from attacks, measures to prevent service outages due to natural events (weather, etc.) as well as management of security-related information. The spectrum of security issues to consider for Narrowband over Packet Based Networks (IP) that do not provide guaranteed QoS (H.323) includes (ITU-T, 2003; Weinstein, 2006; Frost and Sullivan): Physical device security This includes physical access to the videoconferencing room (the potential for theft or vandalism) Local analogue snooping Even in an IP-based system, local technical staff may easily snoop on a videoconference via analogue connections from the local studio, depending on the exact configuration of the studio system. This may not necessarily be in the same room as the ongoing conference. Analogue video recording of conferences It is extremely easy to video record an ongoing videoconference. This could be carried out, either unknowingly or knowingly to the participants, by a valid participant and may have security implications if the resulting tape fell in to the wrong hands. Security of devices over the network General best practice should be applied for H.323 system security, just as with regular Internet device security many H.323 systems are built on Windows or other operating systems. Session eavesdropping by intruders Where data is transmitted over insecure (non-encrypted) networks, attackers may be able to snoop the data in transit and view and/or record or redirect a copy of the video/audio data. Session hijacking by intruders - It is possible that an attacker could gain control of a session (via the MCU), or could silently join a conference gaining to access to private and confidential information. Network denial of service attacks If any of the H.323 components are subjected to a denial of service attack, the quality of the conference may drop for all participants, or in the worst case, the conference may fail.

Secure management of H.323 devices Many H.323 devices may only be managed or upgraded over non-encrypted Telnet, Hypertext Transfer Protocol (HTTP) or File Transfer Protocol (FTP) sessions. An attacker may thus be able to snoop passwords in transit and gain access to critical H.323 components.

3.2. Security Concepts Some of the security concepts associated with VC include; Security vulnerability is a flaw or weakness in a systems design, implementation or operation that could be exploited to violate the systems security and it is not a risk, a threat, or an attack (Singh, 2006). Vulnerabilities can be of four types. Threat Model vulnerabilities originate from the difficulty to foresee future. Design & Specification vulnerabilities come from errors or oversights in the design of the protocol that make it inherently vulnerable. Implementation vulnerabilities are vulnerabilities that are introduced by errors in a protocol implementation. Operation and Configuration vulnerabilities originate from improper usage of options in implementations or weak deployment policies (e.g. not enforcing use of encryption in a Wi-Fi network).

Security threat is a potential violation of security, which can be active (when the state of a system can be changed), or passive (unauthorized disclosure of information without changing the state of the system) (Chown and Juby, 2004). Security Policy is a formal statement of the rules which must be followed by people who are given access to an organization's information. The policy should specify the mechanisms through which these requirements can be met. Security Attack is an action that compromises the security of the information owned by an organization for example, an unauthorized access to the information. Security Mechanisms are designed to detect, prevent, or recover from the security attack Security Services are those services that enhance the security of the information transfers of an organization. The services make use of security mechanisms.

4.0. CREATING A SECURE VIDEO CONFERENCING ENVIRONMENT With the increase in the convergence on the use of internet and its associated IP, there is an increase in the need for awareness on the security issues for IP-based voice, video and data exchanges (Frost and Sullivan). This is because the simplest way of making a conference is via an open network which is associated with various risks. To address the above mention security issues, the following measures are taken among others; 4.1. Endpoint Protection Unwanted SPAM and/or junk e-mail are part of security threats that are associated with internet use. Attacks can be launched against web sites to deny their availability to legitimate users. The end points

need protection from not only attacks, but also from eavesdropping and snooping. To easily connect a VC system into a network, one can use open network which will allow smooth voice and data flow from one point to another. However, this will invite all types of attacks associated with internet use (Frost and Sullivan). 4.2. Firewall It is desirable that the packet based networks/H.323 terminal is protected from unwanted external internet access by use of an appropriate firewall. Firewalls are designed to keep certain types of traffic out of a network and are usually deployed in strategic points in the network infrastructure, primarily between the public Internet and the corporate network, between branch offices and the corporate network or even between segments of the corporate network (Mitchell and Alan, 2007). Firewalls can be implemented in either hardware or software, or a combination of both, and are frequently used to prevent unauthorized video conferencing users from accessing private networks, such as intranets, connected to the video conferencing. All data entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria (Ira, 2006). VC systems were designed to work in a number of ports thus, opening a large range of ports on the corporate firewall is a risk which, quite rightly, many network security administrators find unacceptable. 4.3. Network Access Traversal (NAT) The shortage of public IP addresses means corporate networks are typically structured as private networks, assigning addresses to internal network devices from standard pre-defined address ranges. These private addresses are not reachable from the public Internet making conferencing quite hectic. Network access transversal (NAT) is a popular method for allowing a one-to-many relationship of IP addresses in a corporate network. It maps the private, non-routable IP address of an internal network device to a public, routable IP address and keeps track of requests from machines inside a network to websites outside the network (Weinstein, 2006). To the outside world, all requests appear to come from one IP address, the public address. As information comes back, NAT handles the translation from the one public facing address back into the internal addressing scheme (Mitchell and Alan, 2007). By performing the translation at the border to the public network, one address can be used for a multitude of machines. Because all communication occurs through the NAT device, the network endpoints are obscured thus, provides a level of security to the network as it is difficult for prying eyes to know how many hosts exist on a network, much less the types of devices located there. Another security consideration is that since the connection to the endpoint must be initiated from inside the network and cannot come from the outside, it is impossible to connect into the network uninvited (Ira, 2006). This security provided by NAT causes a headache for videoconferencing over IP. A combination of firewall and NAT provide a relatively strong barrier of protection against external intruders as shown in Figure 1. From a conference perspective, firewalls and NAT keep unauthorized user and systems from connecting to enterprise conference systems. Unfortunately, they can also hamper authorized, required connections between internal and external systems.

Figure 1: Layers of Security

4.4. Dedicated Virtual Private Networks (VPNs) Use of virtual private networks (VPNs) is another way of tackling the conferencing security issue. Creating a VPN by definition provides you with your own private network, so as long as you stay within this network, you do not need any firewalls. However, this is not always possible and you may have a necessity to conference with others outside your own VPN. This can cause a problem as using NAT is typically incompatible with routers setup for a VPN (Frost and Sullivan). When configuring the VPN, be wary of using a long key and hence applying too much encryption as this can cause an unacceptable delay in the transmission between sites and impact the overall efficiency of the video conference. Similarly, enabling H.235 compliant AES Encryption that is supported by most endpoints can have an impact on the overall efficiency of the conference, especially if low bandwidths are used. 4.5. Gatekeeper (GK) This is the most important component of an H.323-enabled network. It acts as the central point for all calls within its zone and provides call control services to registered endpoints. In many ways, an H.323 gatekeeper acts as a virtual switch, as it performs admission control, address resolution, and may allow calls to be placed directly between endpoints or it may route the call signaling through itself to perform functions such as follow-me/find-me, forward on busy, etc (ITU-T, 2003; Chown and Juby, 2004). Gatekeeper (GK) can be configured by the network administrator to give priorities to conferencing sessions and blocking other use that may create a security threat. They provide the intelligence for delivering new IP services and applications. They allow network administrators to configure, monitor and manage the activities of registered endpoints, set policies and control network resources such as bandwidth usage within their H.323 zone. Registered endpoints can be H.323 Terminals, Gateways or Multipoint Control Units (MCUs).

4.6. Multipoint Control Unit (MCU) MCU supports conferences between three or more endpoints. The MCU's basic function is to maintain all the audio, video, data and control streams between all the participants in the conference. The main components of an MCU are the multipoint controller (MC) and the optional multipoint processor (MP). The MC manages the call signaling controls conference resources such as multicasting but does not deal directly with any of the media streams. This is left to MP which mixes, switches, and processes audio, video, and/or data bits (ITU-T, 2003). It also provides the conversion between different codecs and bit rates. Both MC and MP capabilities can exist in a dedicated component or be part of other H.323 components (Singh, 2006). The main reason for this is the maturity of the protocol and its implementations, and that H.323 has proved to be an extremely scalable solution that meets the needs of both service providers and enterprises, with H.323 products ranging from stacks and chips to wireless phones and video conferencing hardware. 5.0. SECURITY RECOMMENDATIONS High profile user base and confidential meeting content are the most affected with insecurities associated with video conferencing. Maintaining security requires protecting your network from both external and internal intruders (JNT Association, 2007; Polycom inc., 2010). These intruders pose a challenge in conducting a safe and a clean conferencing. Table 1 shows the threats posed onto to the system and some of the common counter measures to be taken. Among the internal intruders include the physical theft of the VC system. To prevent the unit from being subjected to theft, physical security measures (e.g. CCTV, lockable doors) should be provided. VC systems installed in various rooms are subjected to abuse by anyone having access to the room. This can be carried out by adjusting the security setting on the codec which can allow anyone to access the system and even make unplanned call. Also, anyone within the network or who has a network IP address can easily login in remotely and use video conferencing services without being noticed. Controlled access will rely on lock and key methods, and supervised attendance. VC systems should have local passwords set to protect systems settings. Password can be set by either using keyboards, remote controls, using telnet access, or using web access. During the video meetings, the room location and access, sound isolation, and the physical connection should be taken into consideration so as to prevent potential eavesdropping and spying by an intruder. Also, the network administrator should always watch out for any tampering of network cables linking the conference system to the rest of the network.

Table 1: Threats Associated with Video Conferencing Threat Theft of Systems Unauthorized use of system Unauthorized monitoring of a session Likelihood Low Low Impact High Low Counter Measures Physical Securiry e.e alarms & CCTVs Security control on dedicated device or password on PC system Use of encryption methods Use of switched Ethernet

Low

Variable depending on nature of conference Variable depending on nature of conference High

Unauthorized joining of a session

Low

Control at the Gatekeeper or MCU

Network adapter/cable problems causing poor performance Gatekeeper Failure

High

Check network speeds Test the cable physically

Low

High

Offer redundant gatekeeper devices to avoid single point of failure problem Disconnect him/her from the network since the person will be recognizable visually, and the threat is low

User at client terminal is an imposter

Low

Variable

External intruders mostly occur via the network. This is the main challenge that is poised onto the network and the network administrator must have some network protection measures in place. The main method of preventing external attack on the network is by having a tight firewall system. The firewall should be configured together with the NAT so as to block external users from peeping onto the internal LAN and making changes that may affect its efficiency (Ira, 2006). The use of MCU adds a major advantage as one can monitor who is accessing the VC and can give rights or block other users from accessing a meeting. MCU allows for booking of meeting and creation of meeting passwords thus, blocking anyone trying to access the meeting without authorization.

6.0. CONCLUSION Many end users and administrators are simply unaware of the risks and regulations associated with hosting unsecure videoconferencing sessions. For this reason, proper procedures are not followed and security is compromised. While many sites may see their videoconferencing facilities function perfectly well without giving much, if any, consideration to security, security is invariably only as good as the weakest link. Thus it is important that any site involved in a videoconferencing session applies best security practice. Preparing and implementing a secure environment, brings peace of mind to all parts of the organization. This enables the end users the freedom to use videoconferencing as a critical business communication tool, allowing them to connect where and when they need to at a moments notice. In addition, network administrators can feel confident that their data is safe and secure from intruders. This paper has presented a discussion of the security issues involved with the use of video conferencing facilities.

REFERENCES [1]. April Slayden Mitchell and Alan H. Karp (2007). Improving Usability by Adding Security to Video Conferencing Systems. Usable Security (USEC07) IFCA. [2]. Frost and Sullivan. Delivering on the Promise of Easy to Use, Secure, and Inexpensive Video Conferencing in and IP Environment. Palo Alto, CA 94303-3331, USA. [3]. Gurmeet Singh (2006). Secure Video Conferencing for Web Based Security Surveillance System A Masters Degree Thesis. Indiana Institute of Technology, Kanpur. [4]. Ira M. Weinstein (2006). IP Videoconferencing Security for the Department of Defense. Wainhouse Research, October [5]. Ira M. Weinstein (2006). Employing IT-Level Security for IP Videoconferencing. Wainhouse Research. [6]. ITU-T (2003). Security in Telecommunications and Information Technology. International Telecommunication Union. [7]. JNT Association (2007). Introduction to Video Conferencing. http://www.ja.net/vtas The JNT Association. [8]. Peter Honeyman et.al (1998). Secure Videoconferencing. USENIX Security Sysposium, San Antonio, texas. [9]. Polycom inc. (2010). The Top Five Benefits of Video Conferencing. Polycom, inc., Polycom Worldwide Headquarters. [10]. Tim Chown and Ben Juby (2004). Security Guide for H.323 Videoconferencing. The JNT Association, No. GD/VTA/009.