UM Labs

Explore Unicus

Unicus™ was developed by UM Labs R&D to provide security for Real-Time Communications (RTC) services and applications using industry standard protocols including the Session Initiation Protocol (SIP). SIP is widespread, virtually all modern Unified Communication platforms and all RTC platforms including business phone systems. SIP is used widely on telecom backbone networks and is at the heart of VoLTE and 5G networks. SIP is replacing legacy technologies such as ISDN as a service delivery for fixed line connections and in the future will extend to consumer service delivery.

SIP is here is to stay, but securing SIP applications and services is a challenge.  The complexity of the protocol means that standard security technologies cannot provide effective protection. Running SIP and the related protocols needed for RTC through a firewall can hinder service provision. Some vendors have attempted to solve this problem by adding a SIP Application Level Gateway (ALG) to their products. ALGs create more problems than they solve, which has prompted NICC, a UK communications standards organisation, to publish guidelines calling for SIP ALGs to be disabled by default.

The lack of effective security for SIP leaves critical communications systems open to attack. A successful attack can result in:

  • Loss of sensitive information, damaging a company’s reputation and resulting is fines for compliance violation
  • Fraudulent calls, single attacks costing over $400K are common
  • Denial of Service attack, resulting in complete shutdown of the system.

The UM Labs R&D Solution

UM Labs R&D designed the Unicus platform to provide the security needed to enable organisations to benefit from IP based RTC while ensuring protection against the growing range of threats.  The Unicus design team has many years of cyber security experience. This team was responsible for gaining the first ever Common Criteria EAL4 certifications for firewall products and for email security products. Common Criteria is an international security certification backed by the NSA and NIST in the USA, by the UK’s CESG and by governments in over 25 other counties. EAL4 is a certification level suitable for military use.

The Unicus design team drew on this experience to apply proven IP security principles to the problem of protecting SIP based systems. The resulting design applies 3 layers of protection.

Adaptive to Change

  • Network level, protecting against low-level threats
  • Application level, protecting against threats inherent  in SIP and related protocols
  • Content level, providing encryption services and protecting against impersonation attacks

Unicus combines these 3 layers in a single framework protected by the UOS hardened operating system which ensures the highest level of security. The framework enables communication and feedback between the layers. So, for example a threat detected at the application level, such as a fraudulent call attempt can be blocked at the network level. Following the principle that the earlier a threat is blocked, the better, the blocking action can be pushed to the network infrastructure.

Unicus and UOS are delivered as a single package ready for installation in any public or private cloud, on any popular virtualisation host in an organisation’s data centre.