The emergence of Voice-over-IP (VoIP) and Unified Communications (UC) technology has caused a fundamental shift in the telecommunications industry. Due to numerous benefits of VoIP/UC systems ranging from low cost, manageability, pervasiveness of IP communication networks and easy integration with other IP-based software-enabled services, traditional Private Branch eXchange (PBX)/UC systems are increasingly replaced with their IP counterparts. The growing popularity of VoIP/UC networks is largely influenced by two benefits: cost savings achieved by migration from Public Switched Telephone Network (PSTN) to VoIP networks and the flexibility of adding new services and applications to the standard telephony platform. The underlying common IP-based communication platform enables richer application and services than were otherwise possible. The migration from PSTN to VoIP fundamentally has changed the communications landscape and the way various end-nodes of a network communicate with one another or with applications.
However, massive deployment of VoIP/UC faces challenges that need to be effectively addressed to gain widespread adoption. VoIP/UC solution providers need to provide high quality reliability and security standards that traditional PSTNs offer. Developing a robust architecture that adheres to these constraints is a challenging task.
A number of recent studies showed that nearly half of VoIP/UC service providers planning to deploy VoIP/UC networks affirm that current networks and applications are inherently insecure. The security issue is a major concern for VoIP/UC service providers because security vulnerabilities are not yet well understood, and preventive measures for security have not yet been fully adopted.
VoIP/UC security is vastly different from conventional data security due to the real-time nature of VoIP/UC communications. Real-time characteristics include: zero down time, near close to 100% Quality-of-Service (QoS), reliability, low latency overheads and security. VoIP/UC solutions need to comply with the complex VoIP/UC network standards involving a myriad of protocols, applications and devices while maintaining the dependency with existing PSTN systems. A VoIP UC network is a converged network of PSTN and IP-telephony, thus it is subject to security threats that potentially emanate from either one of the two networks. Due to the number of potential threat vectors arising from the convergence of PSTN and IP-telephony networks, the underlying security protection measures based on either one of the network architectures are not well suited to counterattack most of them. In addition, VoIP/UC networks require close-to-perfect reliability because of the real-time requirement for voice communication. For data-only communication, a typical response to a security attack involves a human intervention, which incurs significant time delays to reduce the scope of the threat and provides appropriate mitigation solutions. Unlike data-only communication, human interventions are inadequate for VoIP/UC communications, which require a real-time response to security threats.
VoIP/UC communication is highly sensitive to QoS parameters. A VoIP/UC security solution causing a noticeable loss in voice quality is unacceptable. Any interruption in the flow of packets, reassembly or jitter impacts the quality of voice conversation. For data communication, the lost data is retransmitted causing additional delay. While this may be acceptable for simple data communication, retransmission in the VoIP/UC realm implies that the caller has to repeat the lost voice message or reinvoke the UC service, which makes any solution that introduces time delay by retransmission an unacceptable solution.
Latency is another factor to consider when deploying VoIP/UC solutions. Modern data security solutions employ encryption and/or deep-packet inspection methods to improve security. Both of these methods introduce additional time delays and jitters to VoIP/UC packet streams, thus impacting the overall QoS of voice steams.
VoIP/UC networks interacting with and depending on existing PSTN networks pose a new set of challenges such as attack entry vectors and application threats. With a myriad of deployment solutions and architectures spanning the VoIP and traditional PSTN networks, the complexity of threat detection and mitigation grows exponentially.
The emergence of Voice-over-IP (VoIP), Unified Communications (UC) and Communications Enabled Business Process (CEBP) solutions has changed the way that enterprises communicate with each other. The convergence of voice and data into a single IP network creates a cost-effective transport mechanism that enables a new set of services. Voice, which was previously confined to a separate legacy network (e.g., PSTN), became ubiquitous and plays an integral role in communication among and bridging disparate entities. These entities include multiple users and user groups both inside and outside the enterprise, as well as advanced applications that enable communication with other entities anywhere, anytime with any device. The converged VoIP, UC and CEBP solutions need to comply with a myriad of protocols, applications and devices including the ones on legacy voice networks. These compliance requirements expose the convergent solutions to threat vectors that emanate from multiple entry points and pose formidable challenges with security and reliability.