ARTICLE: VoIP and Cloud: Security Issues

by Mirko Raimondi

Introduction
In today's economy, companies are looking for at cost saving measures and Clouding provides much greater exibility than older computing models. There are a lot of benets using Clouding architectures: the main benet is about the cost-eective, since you pay as you go. Another benet is the portability: an user can work from workspace, home, or at customer locations; this increases in mobility means that the employees could access to the informations from anywhere.

Even if it is not widely adopted yet, VoIP cloud services open new opportunities to telecom business. When a small company wants to begin a business in VoIP telecommunications, if it choose to the traditional model, it will have to buy server equipment and to build all network infrastructure. Instead of buying and maintaining a traditional VoIP infrastructure, one could decide the alternative of Clouding where equipments are subscribed and not bought; in this case there are no expenses to pay in advance. Thus, today's VoIP business can be started and run without making large initial investments. Furthermore, there's another reason to choose Cloud services instead of traditional models: more frequent server software updates, getting the benet to free-up employees which can have been occupied performing updates, installing patches and providing application support. Finally, Clouding is a great contribution to the energy saving, since with more servers shared by carriers less electricity is spent and existing equipment gets to be used more eciently.

There are important security threats that need to be evaluated when considering moving VoIP applications with sensitive data to public and shared Cloud environments. Hence, Cloud providers must develop sucient controls to provide the same level of security than the organizations would have if the Cloud were not used. The main reason which VoIP cloud services are not widespread is that client carriers are unsure whether hosting service providers can provide a reliable service with the necessary data security level. But unfortunately, few people have really understood that data security is also not guaranteed when sevices operate on the equipment owned by carriers.

Cloud Features
Clouding has the characteristics reported in the following.

•  Resource Pooling: resources of the provider are pooled and shared between many users;

---

•  Rapid Elasticity: in few of minutes resources could be provisioned to scale out and released to scale in;

---

•  Network Access: resources are accessible through standard network protocols over the Internet;

---

•  On-demand self-service: resources can be provisioned via automated systems;

---

•  Measured Service: providers measure CPU charges, network bandwidth, memory and other resources.

---

Every type of Cloud service has the capabilities before reported but the various service models dier in both form and function. There are three fundamental Cloud types which describe and dene the service contents. They're reported in the detailed list reported below.

•  Infrastructure as a Service (IaaS): you are buying an infrastructure and users can access to the network, devices, Storage Area Network (SAN)and other resources through the provider; it also use every kind of software including Operating System (OS) and applications. Users are not in charge of the cloud infrastructure, they only have authority on OS, SAN,distributed software and network components which are going to be used.This model is similar to a utility company model, where you pay for whatyou use. The user has access in a form that is close to an on-demand service to an arbitrary number of network-connected servers. An arbitrary number of servers are multiplexed onto a xed number of physical devicesmachines (Host), generally using Virtual Machines (VMs) running on Hypervisors. Hypervisor, also said Virtual Machine Monitor (VMM), is a piece of computer software, rmware or hardware which creates and runs VMs. A computer whereon an Hypervisor is running one or more VMs is dened as a Host Machines and each VM is called Guest Machine;

---

•  Platform as a Service (PaaS): provider provides a platform for your use.Users can develop and run software over cloud computing infrastructurevia programming languages, libraries, services and all the tools supported by the provider. Services provided include all phases of the System Development Life Cycle and can use Application Program Interfaces, website portals, or gateway software. Users are not in charge of the network, servers, OS and SAN belonging to the Cloud infrastructure, they can just change few conguration settings;

---

•  Software as a Service (SaaS): platform and software utilities are supported and provided by the provider. Users can access to applications via different devices as thin clients and network browsers.

---

The full article would be published soon in Hakin9 Magazine. Follow our website to not miss it!

About The Author
Mirko Raimondi obtained his Master's degree in Computer Science from the University of Milan - Computer Science Department. He worked as a Software Engineer at ITALTEL - an Italian leader company in telecommunica-
tions industry - where he was being the project leader of Netmatch-S Lite Edition, a VoIP Session Border Controller based on virtual platform and running on commercial hardware. In test plant of ITALTEL he realized testing scenarios by mean of Cisco L2/L3 devices and he has a CCNA-security in course. Currently he works in automotive industry, where he has realized an audio/video/meta-data multiplexer in order to hide GPS data in mov les. He's interested in VoIP telecommunications, network security, steganography methods and computer forensics. You can contact him either through LinkedIn or via e-mail: [email protected]