12/1/2008

Dual Tone Multi Frequency and Key Press Markup Language

VoIP Security (COMS W4995) Prof. Henning Schulzrinne Aniruddha Niranjan Computer Science Department

Overview
DTMF Introduction Architecture Encoding Transmission Decoding Security KPML Introduction Operation Key Concepts DRegex Security

DTMF

Method to instruct the telephone switching system of number to be dialed To issue commands to switching system or related telephony systems Numbers and commands issued from a keypad Used mostly in interactive response systems
3

Architecture

Three modules

Generation at keypad Transmission using RTP Decoding

Generation

Transmission

Decoding
4

Keypad Frequencies
Set of high frequencies

Set of low frequencies

Button click generates a combination 8 => S(852, 1336)

Transmission using RTP

Payload format designated as telephoneevent Media type is audio/telephone-event Carried as part of audio stream Considered a very highly compressed audio codec

Transmission using RTP

Timestamp and marker bit of RTP header used Payload format

Number between 0 and 255 identifies specific telephony event

End of event

Reserved, set to 0

Power level of the tone

Duration of event or segment

Decoding

Firstly checks are performed based on

Frequency groups Inter-digit interval Signal strength

Goertzel algorithm for decoding

Uses Discrete Fourier Transforms

8

Security

Telephone event payload highly compressed Very high sensitivity to even small changes in bit values Secure Real Time Protocol must be implemented

KPML

Capturing DTMF tones that are supplemental or mid-call key presses SIP event notification package SUBSCRIBE and NOTIFY methods used Goal is to optimize memory usage and processing time

10

SIP Based Operation

Caller Application Server Callee
(1) INVITE

(2) 200 OK

(3) ACK

(4) SUBSCRIBE (5) 200 OK (6) NOTIFY (7) 200 OK (8) (9) NOTIFY (Digits) (10) 200 OK

11

Key Concepts
Subscription Duration Timers

Inter-Digit

Extra

Non-persistent

Persistent
Critical

Single NOTIFY

Continuous NOTIFY

12

Key Concepts

Pattern matches Digit suppression User input buffer behavior

13

DRegex

Digit Regular expression mapping of POSIX extended regular expressions POSIX not used directly

Mapping used

14

DRegex

A few example expressions

15

DRegex Formal Syntax

DRegex DRegexPosition DRegexSymbol DRegexSet DRegexSetList DRegexCharacter RepeatCount RepeatRange Count = 1*( DRegexPosition [ RepeatCount ] ) = DRegexSymbol / DRegexSet = [ "L" ] DRegexCharacter = "[" 1*DRegexSetList "]" = DRegexCharacter [ "-" DRegexCharacter ] = DIGIT / "A" / "B" / "C" / "D" / R / "*" / "#" / "a" / "b" / "c" / "d" / r = "." / "{" RepeatRange "}" = Count / ( Count "," Count ) / ( Count "," ) / ( "," Count ) = 1*DIGIT

Augmented Backus-Naur Form

16

KPML Security

Sensitive information may be typed in through keypad Unauthenticated subscriptions can create problems too Use of mechanisms such as TLS, sips, S/MIME recommended

17

Conclusion

DTMF maps keypad characters to a combination of predefined frequencies Transported as an RTP payload and decoded using Goertzel algorithm KPML enables transport of mid-call key press information A SIP-centric model that makes use of DRegex
18

References

http://nemesis.lonestar.org/reference/telec om/signaling/dtmf.html http://www.corp.att.com/history/milestone _1963.html http://ltl13.exp.sis.pitt.edu/WebSite/Gloss ary/Letters/D.htm RFC 4733; H. Schulzrinne, M.Taylor RFC 4730; E. Burger, M. Dolly
19