The present invention relates generally to security, and more particularly to a security architecture for Voice over Internet Protocol (IP) services.
Many businesses and individuals have a broadband connection to the Internet. This broadband connection enables users to stay connected to the Internet as long as the user wants at no added cost. Voice over Internet Protocol (VoIP) is a technology that enables a user to make telephone calls using the same broadband connection as the user uses to connect to the Internet instead of with an analog telephone line. VoIP therefore enables phone calls to be conducted over the same broadband Internet connection, resulting in any number of telephone calls over any distance at no added cost.
A VoIP provider typically designs a system having network equipment providing the VoIP services and equipment such as VoIP telephones that are accessible by customers. Further, the network equipment may set up and monitor the VoIP telephone calls between two pieces of customer premises equipment.
Although conducting telephone calls over the Internet in such an arrangement provides many benefits, the system described above also introduces security concerns. For example, because the customer premises equipment can access and communicate directly with the VoIP service provider equipment, the customer premises equipment, or rogue internet systems not associated with the customer, can potentially access the information stored in the VoIP service provider equipment. Further, the customer premises equipment, or rogue internet systems not associated with the customer, can potentially be used to write over the data stored in the service provider equipment. Moreover, a denial of service attack may be directed toward the service provider equipment. Thus, an attacker may use a VoIP telephone or other piece of equipment to flood one or more pieces of service provider equipment with data/information, potentially affecting the operation of the flooded pieces of equipment.
Further, VoIP customers expect that all data within the VoIP infrastructure remain private and are not subject to eavesdropping and recording. Unfortunately, if service provider equipment establishes a call between two VoIP telephones, another customer could intercept the communications between the two VoIP telephones by accessing the service provider equipment.
Thus, security risks still remain with the typical VoIP architecture, as the customer can use equipment to directly access and communicate with the service provider's equipment.