臺灣博碩士論文加值系統

網路電話(VoIP)因為通話成本便宜，吸引許多企業將此技術導入企業內部使用，以節省通信的成本。但使用網路電話時，經常會發生使用者的帳號密碼資料被竊取，或是駭客假冒使用者撥打電話等狀況，衍生出來的電話費，都必須由使用者支付，因此網路電話系統的漏洞，也成為企業資訊安全的一大挑戰。
本研究首先針對企業導入網路電話時，經常忽略的基本安全設定提出一套安全的設定方法，以避免駭客入侵。接著針對資料竊取以及盜打的情況，提出兩種規則，其中一種為偵測可疑的註冊訊息，以提早發現是否有駭客想要盜取帳號密碼資料；另一種為偵測使用者號碼的異常撥號的狀況，以判斷帳號密碼資料是否可能已經被竊取，駭客正在用以撥打高額費用的電話。本研究提出的規則，可以偵測到有問題的訊息，即時通知管理者進行處理。從實驗結果可以得知，當收集到的問題訊息越多，偵測的準確度就會越高。

Due to the low cost of VoIP, it attracts many companies to introduce the technology into the enterprise for internal use to reduce the cost of communication. However, it is quite often that the user confidential information is stolen. In this case, the hacker may impersonate the user to make high cost calls. The extra telephone charges must be paid by the user. This vulnerability of VoIP has also become a major threat of enterprise information security.
This study first proposes the basic security setting, which is often overlooked, for enterprises to implement the VoIP system in order to avoid hacker attacks. For the situation that the user confidential information is being stolen and the hacker try to impersonate the user to make calls, this study proposes two monitoring rules. One is the detection of suspicious registration message such that we can detect in the early stage whether the hacker want to steal confidential information. Another rule is to detect user abnormal conditions to judge whether the account has been stolen and is used to call the high cost phone.
The proposed rules can detect a problem and send message to notify administrator to process in advance. According to the experimental results, the more messages being collected, the detection rate will get higher.

誌謝 i
摘要 ii
ABSTRACT iii
目錄 iv
圖目錄 vii
表目錄 ix
第一章 介紹 1
1.1 研究背景 1
1.2 研究動機 1
1.3 研究目標 2
1.4 論文架構 2
第二章 背景介紹 3
2.1 VoIP 介紹 3
2.1.1 VoIP 協定 5
2.2 SIP (Session Initiation Protocol) 5
2.2.1 SIP 設計 5
2.2.2 SIP 訊息 ( Messages ) 6
2.2.3 SIP 重要元件 9
2.2.4 認證之註冊流程 12
2.2.5 通話的建立 14
2.3 封包的內容檢視軟體Wirshark 15
2.3.1 註冊流程及封包內容解析 16
2.3.2 通話的建立 17
2.4 VoIP閘道器 (Gateway) 18
2.4.1 IP Phone 19
2.4.2 FXS (Foreign Exchange Station) 19
2.4.3 FXO (Foreign Exchange Office) 20
2.5 PBX (Private Branch Exchange) 21
2.5.1 傳統PBX介紹 21
2.5.2 IP-PBX 21
2.6 VoIP的安全 22
2.6.1 相關研究 22
2.6.2 電話盜打 23
2.6.3 Toll Fraud (話費詐騙) 23
2.6.4 Caller Identification Impersonation (假冒使用者識別碼) 24
第三章 VoIP盜打預防和偵測 25
3.1 基本防禦機制 25
3.2 盜打者行為分析 26
3.3 使用工具 27
3.3.1 WinDump 27
3.3.2 PHP與流量分析 27
3.4 系統架構 28
3.5 偵測方式 29
3.5.1 有問題的註冊 29
3.5.2 有問題的撥號 30
第四章 實驗結果與分析 33
4.1 實驗環境 33
4.2 WinDump 35
4.3 偵測註冊攻擊 35
4.4 偵測有問題的撥號 37
4.5 結果討論與分析 38
第五章 結論和未來展望 40
參考文獻 41

[1]陳文生，「網路電話 (IP電信) 系統規劃與建置」，松崗文魁，Mar. 2005。
[2]賈文康，「SIP 會談啟始協議操典 (第2版) 」，松崗文魁，Apr. 2008。
[3]Peterson, R. Sparks, M. Handlay and E. Schooler,“SIP: Session Initiation Protocol,”IETF RFC 3261, Jun. 2006.
[4]H. Schulzrinne, S. Casner, R. Frederick and V. Jacobson,“RTP: A Transport Protocol for Real-time Applications,”IETF RFC3550, Jul. 2003.
[5]Agrawal, A., Kumar, K.R.P. and Athithan, G,“SIP/RTP session analysis and tracking for VoIP loggings,”Conference on Networks, 2008. ICON 2008. 16th IEEE International, pp.1-5, Dec. 2008.
[6][eval]Peter Thermos,“Evaluating the Security of Enterprise VoIP Networks,” IT Professional, vol. 11, pp. 30-36, May/Jun. 2009.
[7]S. McGann and D. Sicker,“An analysis of security threats and tools in SIP-based VoIP systems,”presented at the 2nd Annu. Workshop VoIP Secur., 2005.
[8]Butcher, D., Xiangyang Li and Jinhua Guo,“Security Challenge and Defense in VoIP Infrastructures,”IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, pp. 1152-1162, Nov. 2007.
[9]T. Dierks and E. Rescorla,“The Transport Layer Security (TLS) Protocol,” IETF RFC 5246, Aug. 2008.
[10]M. Baugher, D. McGrew, M. Naslund, E. Carrara and K. Nor-rman,“The Secure Real-time Transport Protocol (SRTP) ,”IETF RFC 3711, Mar. 2004.
[11]VPN Consortium,“VPN Technologies: Definitions and Requirements,” http://www.vpnc.org/vpn-technologies.html , retrieved on Apr. 2012.
[12] H. Son and Y. Lee,“An Anomaly Traffic Detection Method for VoIP Applications using Flow Data,”PAM2009 Student Workshop, 2009.
[13] C. Lee, H. Kim, K. Ko, J. Kim, and H. Jeong,“A VoIP Traffic Monitoring System based on NetFlow v9,”International Journal of Advanced Technology, vol. 4, Mar. 2009.
[14]Windump , http://www.winpcap.org/windump/, retrieved on Apr. 2012.
[15]PHP: Hypertext Preprocessor , http://www.php.net/ , retrieved on Apr. 2012.
[16]MySQL , http://www.mysql.com/ , retrieved on Apr. 2012.
[17]SIPp, http://sipp.sourceforge.net/index.html, retrieved on Apr. 2012.