| Course Unit Code | 440-4221/01 |
|---|
| Number of ECTS Credits Allocated | 4 ECTS credits |
|---|
| Type of Course Unit * | Optional |
|---|
| Level of Course Unit * | Second Cycle |
|---|
| Year of Study * | First Year |
|---|
| Semester when the Course Unit is delivered | Winter Semester |
|---|
| Mode of Delivery | Face-to-face |
|---|
| Language of Instruction | Czech |
|---|
| Prerequisites and Co-Requisites | There are no prerequisites or co-requisites for this course unit |
|---|
| Name of Lecturer(s) | Personal ID | Name |
|---|
| VOZ29 | prof. Ing. Miroslav Vozňák, Ph.D. |
| REZ106 | Ing. Filip Řezáč, Ph.D. |
| Summary |
|---|
| This course is focused on multimedia communication in IP networks, it deals with principles and aspects of the content security, frauds, attacks, VoIP honeypots, penetration testing and countermeasures for mitigation of security risks. Among the topics, relatively new areas are included such as the multimedia real-time communications in web browsers using the WebRTC technology or the VoIP steganography. |
| Learning Outcomes of the Course Unit |
|---|
After successful course completion, students:
- will be able to understand principles of the audio and video content security in Internet and will be acquainted with fundamentals of the security design of communication;
- will understand methods of attacks and countermeasures for the mitigation of security risks of multimedia transmissions;
- will be able to implement server tools for multimedia communication with emphasis on the security;
- will be able to reveal security risks of the solution compontens for multimedia transmissions. |
| Course Contents |
|---|
Lectures
1. Safety multimedia communications over IP, content of the SRTP and ZRTP security protocols.
2. SIP protocol and its security - SIP TLS and DTLS.
3. The TLS / SRTP / DTLS safe trunking / peering in the PBX software Asterisk environment.
4. Communication in real-time using a web-browser, WebRTC and practical implementation of the Asterisk server using WebRTC2SIP and Doubango.
5. Security of the SIP Proxy Kamailio using TLS module.
6. Frauding in VoIP, misusing of the service and identity spoofing.
7. Eavesdropping and defense, attacks on the availability of SIP Proxy and degradation the quality of audio and video services.
8. Manipulation with the video and audio content, mixing.
9. SIP signaling manipulation (registration, redirection and terminating of the sessions).
10. Steganography in VoIP, injection of the information into SIP headers and media content.
12. Uncovering sources of attacks using honeypots and VoIP honeypot tools Dionaea and Artemisa.
13. Penetration and Performance testing of SIP elements for multimedia communications.
14. New trends and findings in the field of multimedia security, summary.
Exercises
1. Introduction to the secure SW and HW IP phones, differences between secure and unsecure communications.
2. Introduction to the Asterisk PBX, making certificates for server and clients.
3. Denial of Service attacks on the SIP servers – INVITEflood, Eavesdropping, Man-in-the-middle – Cain and Abel.
4. Disturbing the voice stream in VoIP communication – RTPinsertsound, RTPmixsound.
5. Modification and manipulation with registrations in VoIP communication – add_registration, erase_registration.
6. Introduction into IDS/IPS systems – Suricata.
7. Penetration and benchmark tests of the VoIP infrastructure – Nessus, SIPB.
8. Project presentation (15p), credits assignment.
Laboratories
1. Configuration of the Asterisk PBX from the security point of view, protocol 1 assignment.
2. Configuration of the Asterisk PBX with WebRTC, connection of the HTML5 clients, protocol 1 delivery (5p).
3. Configuration of the Kamailio from the security point of view, protocol 2 assignment.
4. Scanning and monitoring of the VoIP infrastructure – Nmap, SIPVicious,SiVus, protocol 2 delivery (5p), project assignment.
5. SIP and RTP traffic emulators, protocol 3 assignment.
6. Introduction into SIP VoIP honeypot – Dionaea, TCPdump, protocol 3 delivery (5p).
|
| Recommended or Required Reading |
|---|
| Required Reading: |
|---|
• VOZŇÁK, M.: Architectures, Protocols and Services for IP Telephony for joint teaching programme of BUT and VSB-TUO. VŠB-TU Ostrava, 2014, 358 p., 978-80-248-3640-9.
• COLLIER,M.,ENDLER,D. Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, New York: McGraww-Hill, 560p. 2013.
|
• VOZŇÁK, M.: Technologie a protokoly multimediálních komunikací pro integrovanou výuku VUT a VŠB-TUO. VŠB-TU Ostrava, 2014, 252 str., ISBN 978-80-248-3326-2.
• VOZŇÁK, M.: Architectures, Protocols and Services for IP Telephony for joint teaching programme of BUT and VSB-TUO. VŠB-TU Ostrava, 2014, 358 p., 978-80-248-3640-9.
• COLLIER,M.,ENDLER,D. Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, New York: McGraww-Hill, 560p. 2013.
• VOZŇÁK, M., ŘEZÁČ, F.: ASTERISK teorie a praxe. VŠB-TU Ostrava, 52. str, 2011.
• SISALEM,D.,FLOROIU,J. SIP Security. New Jersey: JWS, Inc. 350p. 2009.
• ŘEZÁČ, F., VOZŇÁK, M.: SIP Penetration Test System. In Networking Studies 2011 Selected Technical Reports, p.167-182, CESNET, May 2011, ISBN 978-80-904689-1-7.
|
| Recommended Reading: |
|---|
• SISALEM,D.,FLOROIU,J. SIP Security. New Jersey: JWS, Inc. 350p. 2009.
• ŘEZÁČ, F., VOZŇÁK, M.: SIP Penetration Test System. In Networking Studies 2011 Selected Technical Reports, p.167-182, CESNET, May 2011, ISBN 978-80-904689-1-7.
|
• VOZŇÁK, M., ŘEZÁČ, F.: ASTERISK teorie a praxe. VŠB-TU Ostrava, 52. str, 2011.
• SISALEM,D.,FLOROIU,J. SIP Security. New Jersey: JWS, Inc. 350p. 2009.
• ŘEZÁČ, F., VOZŇÁK, M.: SIP Penetration Test System. In Networking Studies 2011 Selected Technical Reports, p.167-182, CESNET, May 2011, ISBN 978-80-904689-1-7.
|
| Planned learning activities and teaching methods |
|---|
| Lectures, Tutorials, Experimental work in labs |
| Assesment methods and criteria |
|---|
| Task Title | Task Type | Maximum Number of Points
(Act. for Subtasks) | Minimum Number of Points for Task Passing |
|---|
| Credit and Examination | Credit and Examination | 100 (100) | 51 |
| Credit | Credit | 30 (30) | 15 |
| Laboratory Excercises | Laboratory work | 15 | 0 |
| Project | Project | 15 | 0 |
| Examination | Examination | 70 (70) | 21 |
| Written Exam | Written examination | 50 | 0 |
| Oral Exam | Oral examination | 20 | 0 |