6 Voice-over-IP Security
|
|
- Meredith Henry
- 6 years ago
- Views:
Transcription
1 Information Security 2 (InfSi2) 6 Voice-over-IP Security Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) ITA, , 6-VoIP_Security.pptx 1
2 VoIP Communications Channels Proxy Proxy Authentication Hop 2 Hop 1 atlanta.com Call setup via SIP biloxi.com Hop 3 Security? directly via RTP sip:alice@atlanta.com sip:bob@biloxi.com Audio/video connection Confidentiality / Data Integrity ITA, , 6-VoIP_Security.pptx 2
3 Session Initiation Protocol (RFC 3261) atlanta.com biloxi.com User Agent Proxy Proxy UA INVITE F1 INVITE F2 100 Trying F3 INVITE F4 100 Trying F5 180 Ringing F6 180 Ringing F7 180 Ringing F8 200 OK F9 200 OK F OK F11 ACK F12 Media Session BYE F OK F14 ITA, , 6-VoIP_Security.pptx 3
4 Voice-over-IP Demo Session Without security measures anyone with network access can eavesdrop on a VoIP session! ITA, , 6-VoIP_Security.pptx 4
5 Information Security 2 (InfSi2) 6.1 Eavesdropping on Multimedia Sessions ITA, , 6-VoIP_Security.pptx 5
6 Network-Sniffing with Wireshark Download: (Windows or Linux) ITA, , 6-VoIP_Security.pptx 6
7 Selecting a VoIP Call ITA, , 6-VoIP_Security.pptx 7
8 Playing the RTP Media Stream ITA, , 6-VoIP_Security.pptx 8
9 Tapping VoIP Sessions with Cain Download: (Windows) ITA, , 6-VoIP_Security.pptx 9
10 Information Security 2 (InfSi2) 6.2 Securing the Media Streams ITA, , 6-VoIP_Security.pptx 10
11 Virtual LAN for Hardware IP Phones A1 A2 A3 A4 A5 VLAN A VLAN Switch VLAN Switch?? VLAN B B1 B2 B3 B4 B5 ITA, , 6-VoIP_Security.pptx 11
12 encrypted authenticated Secure RTP Packet Format (RFC 3711) V P X CC M PT sequence number timestamp synchronization source (SSRC) identifier contributing source (CSRC) identifiers... RTP header extension (optional) RTP payload RTP padding SRTP master key identifier (MKI, optional) authentication tag (recommended) bits RTP pad count ITA, , 6-VoIP_Security.pptx 12
13 encrypted authenticated Secure RTCP Packet Format (RFC 3711) V P X RC M PT=RR length SSRC of packet sender sender info... report block 1... report block 2... E... SRTCP index SRTCP master key identifier (MKI, optional) authentication tag bits ITA, , 6-VoIP_Security.pptx 13
14 Default Encryption and Authentication Algorithms Encryption uses AES in Counter Mode (AES-CTR) with 128 bit key 128 bits IV IV = f(salt_key, SSRC, packet index) 112 bits 128 bits encr_key keystream generator AES-CTR RTP/RTCP payload + XOR encrypted payload Authentication uses HMAC-SHA-1 with truncated 80 bit MAC RTP/RTCP payload HMAC 160 bits auth_key SHA-1 auth tag 80/32 bits ITA, , 6-VoIP_Security.pptx 14
15 Session Key Derivation Key Derivation uses AES in Counter Mode (AES-CTR) master_key 128 bits 192 bits 256 bits 128 bits IV SRTP session keys key derivation AES-CTR SRTCP session keys IV = f(master_salt, label, packet index) 112 bits div key derivation rate label 0x00 0x01 0x02 0x03 0x04 0x05 encr_key auth_key salt_key encr_key auth_key salt_key 128 bits 160 bits 112 bits 128 bits 160 bits 112 bits ITA, , 6-VoIP_Security.pptx 15
16 Media Stream Encryption with Secure RTP SRTP for Kphone Silvan Geser & Christian Höhn HSR Project 2005 Problem: How to distribute the SRTP Master Key? ITA, , 6-VoIP_Security.pptx 16
17 Securing the Media Streams Secure RTP Needs a secret master key that must be distributed in a secure way. The key exchange can be effected via the Session Description Protocol (SDP) payload that is transmitted during the SIP connection setup. The SDP payload can be protected on a hop-to-hop basis via TLS (i.e. SIPS). This approach allows lawful inspection but on the down side requires full trust into the proxy-servers (SDP Security Descriptions, RFC 4568). As an alternative the Multimedia Internet KEYing Protocol (MIKEY, RFC 3830) can be used which guarantees a true peer-to-peer key exchange. MIKEY payloads are also transported via SDP. IPsec IPsec tunnels protecting media streams are set up via the Internet Key Exchange protocol (IKE). If there is already a site-to-site VPN or a remote access scheme in place then the VoIP calls can be transported via IPsec as well. Drawback: Large IPsec overhead of Bytes per RTP audio packet! ITA, , 6-VoIP_Security.pptx 17
18 SDP Security Descriptions (RFC 4568) v=0 o=jdoe IN IP s=sdp Seminar i=a Seminar on the session description protocol u= (Jane Doe) c=in IP /127 t= m=video RTP/SAVP 31 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0rmdmcmvcspeec3qgzinwpvlfjhqx1cfhawjsoj 2^20 1:32 m=audio RTP/SAVP 0 a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:nzb4d1binuavlew6uzf3wsj+psdfcgdujshpx1zj 2^20 1:32 m=application udp wb a=orient:portrait ITA, , 6-VoIP_Security.pptx 18
19 MIKEY Key Exchange Methods RSA Public Key Encryption Method KEMAC PKE HDR [ID i Cert i ] [ID r ] ID i TGK MAC Env_Key Sig i HDR [ID r ] V Env_Key Pub_Key r Diffie-Hellman Key Exchange Method HDR [ID i Cert i ] [ID r ] DH i Sig i DH i = g xi TGK = g (xi xr) HDR [ID r Cert r ] ID i DH i DH r Sig r DH r = g xr ITA, , 6-VoIP_Security.pptx 19
20 MIKEY payload embedded into SDP attachment v=0 o=alice IN IP4 w-land.example.com s=cool stuff t=0 0 c=in IP4 w-land.example.com a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyONQ6gAAA...v9zV m=audio RTP/SAVP 98 a=rtpmap:98 AMR/8000 m=video RTP/SAVP 31 a=rtpmap:31 H261/90000 ITA, , 6-VoIP_Security.pptx 20
21 Information Security 2 (InfSi2) 6.3 Securing the SIP Call Setup ITA, , 6-VoIP_Security.pptx 21
22 SPIT SPam over Internet Telephony Short advertising messages automatically spread in large numbers by SPIT-bots could become a big nuisance in the not too distant future. Can content-based filtering methods known to work against SPAM successfully be applied to SPIT or will it become mandatory for callers to authenticate themselves in a cryptographically strong way? As long as no ubiquitous VoIP authentication is in place on a global scale, the access to the ENUM Domain Name Service must be tightly controlled in order to prevent the systematic collection of SIP URIs. My phone number as an ENUM entry: e164.arpa => sip:andreas.steffen@hsr.ch ITA, , 6-VoIP_Security.pptx 22
23 Abuse of VoIP Signalling Redirection or disruption of VoIP calls If the SIP session management is not protected by special security measures an attacker can redirect VoIP calls to an arbitrary network destination (MITM attack) or can forcefully terminate them (DoS attack). Dozens of VoIP signalling abuse scenarios have already been documented in the literature. The call setup can be effectively secured by setting up a TLS session on a hop-to-hop basis (sips:bob@biloxi.com) Main problem: Lack of strong peer and gateway authentication Man-in-the-Middle, Denial-of-Service or SPIT attacks can only be thwarted by a strong authentication of all communication parties (both clients and gateways). The introduction of a Public Key Infrastructure (PKI) will become indispensable at least at the domain level. ITA, , 6-VoIP_Security.pptx 23
24 Authentication Data Integrity Confidentiality Securing the Session Management Authentication methods: PSK Pre-Shared Keys PKI Public Key Infrastructure HTTP 1.0 Basic Authentication PSK - - HTTP 1.1 Digest Authentication PSK - - Deprecated by SIPv2 Insecure transmission of password Challenge/response exchange based on MD5 hash of [strong] password Pretty Good Privacy (PGP) PKI Deprecated by SIPv2 Secure MIME (S/MIME) PKI For encryption the public key of the recipient user agent must be known SIPS URI (TLS) PKI SIP application and proxies must tightly integrate TLS IP Security (IPsec) PKI Integration with SIP application not required but proxies must be trusted ITA, , 6-VoIP_Security.pptx 24
25 Dream or Nightmare? Strong PKI-based Security Proxy Proxy Hop 2 atlanta.com biloxi.com Hop 3 Hop 1 sip:alice@atlanta.com directly via RTP Audio/video connection Smartcards sip:bob@biloxi.com ITA, , 6-VoIP_Security.pptx 25
26 Pragmatical Approach: DomainKeys via DNS DNS Server DNS Server Lookup for Encryption Lookup for Authentication biloxi.com bob._domainkey.biloxi.com k=rsa; p=xuydl 4+wQK atlanta.com alice._domainkey.atlanta.com k=rsa; p=c4obu ExUn/7 SIP INVITE Message with MIKEY Record HSR Diploma Thesis 2005 by Silvan Geser and Christian Höhn ITA, , 6-VoIP_Security.pptx 26
27 DomainKeys Generation openssl genrsa out myprivatekey.pem 1024 openssl rsa in myprivatekey pubout out mypublickey cat mypublickey -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1l4Y1oPxnYgrjKThuZVd1uJh2 xmip+wzpd0czdgpkw5w8ex0zghnws1gfmiqspcuzgr5sxebjgkbd+lyeebhhps0t j37f3zar9ly3ltucitw7cfzhxajc31vcsaewrxei+rjjnpjuwjeahycwoyqxs+dr fkt6gjjcz4ujzc3o9widaqab -----END PUBLIC KEY----- k=rsa; p=migfma0 widaqab Public Key Cache folder stores DomainKeys in the OpenSSL format shown above: alice._domainkey.atlanta.com bob._domainkey.biloxi.com andreas.steffen._domainkey.hsr.ch ITA, , 6-VoIP_Security.pptx 27
28 Summary SRTP - Confidentiality of VoIP Calls The Secure RTP protocol (SRTP) offers efficient encryption and authentication of multi-media packets. The main problem is the secure distribution of the SRTP session keys. MIKEY Secure Peer-to-Peer Key Exchange The MIKEY protocol allows the secure key exchange between two or more peers. Two public key methods are defined: RSA public key encryption (PKE) or Diffie-Hellman (DH). Both methods require the trusted distribution of the peers public keys. The main problem is the lack of a global Public Key Infrastructure (PKI). DomainKeys Global Public Key Distribution The DNS-based DomainKeys scheme postulated by Yahoo et al. for trusted can be used for the public key operations required by the MIKEY exchange. DNS requests are not very secure but currently DNSSEC is being deployed on a global scale. DomainKeys fetching was realized by HSR students for the Kphone and minisip clients as well as for the Soxy SIP security proxy server. ITA, , 6-VoIP_Security.pptx 28
29 What about Skype? The original Skype used proprietary, undisclosed protocols. The client was a tamper-proof black box (Anti-debugger traps, partial code encryption, junk code). The original Skype used strong 256 bit AES call encryption and a 1024 bit RSA authentication key for each user. Microsoft acquired Skype in October 2011 and started to integrate it into its key software and services. Skype does not publish Transparency Reports detailing which user data Microsoft collects and makes available to third parties! Microsoft replaced peer-to-peer supernodes by centralized Linux servers. ITA, , 6-VoIP_Security.pptx 29
VoIP Security Threat Analysis
2005/8/2 VoIP Security Threat Analysis Saverio Niccolini, Jürgen Quittek, Marcus Brunner, Martin Stiemerling (NEC, Network Laboratories, Heidelberg) Introduction Security attacks taxonomy Denial of Service
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationNetwork Working Group Request for Comments: 3830 Category: Standards Track M. Naslund K. Norrman Ericsson Research August 2004
Network Working Group Request for Comments: 3830 Category: Standards Track J. Arkko E. Carrara F. Lindholm M. Naslund K. Norrman Ericsson Research August 2004 MIKEY: Multimedia Internet KEYing Status of
More informationSession Initiation Protocol (SIP) Overview
Session Initiation Protocol (SIP) Overview T-110.7100 Applications and Services in Internet 5.10.2010 Jouni Mäenpää NomadicLab, Ericsson Research Contents SIP introduction, history and functionality Key
More informationVoice over IP. What You Don t Know Can Hurt You. by Darren Bilby
Voice over IP What You Don t Know Can Hurt You by Darren Bilby What is VoIP? Voice over Internet Protocol A method for taking analog audio signals, like the kind you hear when you talk on the phone, and
More informationMultimedia Communication
Multimedia Communication Session Description Protocol SDP Session Announcement Protocol SAP Realtime Streaming Protocol RTSP Session Initiation Protocol - SIP Dr. Andreas Kassler Slide 1 SDP Slide 2 SDP
More informationOutline. Multimedia is different Real Time Protocol (RTP) Session Description Protocol (SDP) Session Initiation Protocol (SIP)
Outline Multimedia is different Real Time Protocol (RTP) Session Description Protocol (SDP) Session Initiation Protocol (SIP) Elastic vs. Inelastic Workloads Some applications adapt to network performance
More informationEavesdropping on conversations on a LAN is easier than ever thanks to insecure VoIP installations. you don t
Cover STory mipan, Fo F tolia Fo Securing VoIP networks SAFE CALL Eavesdropping on conversations on a LAN is easier than ever thanks to insecure VoIP installations. you don t need to bug restaurant booths
More information[MS-SSRTP]: Scale Secure Real-time Transport Protocol (SSRTP) Extensions
[MS-SSRTP]: Scale Secure Real-time Transport Protocol (SSRTP) Extensions Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationSecure RTP Library API Documentation. David A. McGrew Cisco Systems, Inc.
Secure RTP Library API Documentation David A. McGrew Cisco Systems, Inc. Contents 1 Overview 1 2 Secure RTP Functions 3 srtp protect().................................... 3 srtp unprotect()..................................
More informationSIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)
security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, 29.03.2006, Atlanta, GA (USA) 2006 SWITCH Content and Firewall and NAT Privacy / Encryption SpIT / Authentication Identity General
More informationScalable and Interoperable DDS Security
Scalable and Interoperable DDS Security Angelo CORSARO, Ph.D. Chief Technology Officer OMG DDS Sig Co-Chair PrismTech angelo.corsaro@prismtech.com DDS Security Approaches Trusted Environment Most DDS-based
More informationProvide a generic transport capabilities for real-time multimedia applications Supports both conversational and streaming applications
Contents: Real-time Transport Protocol (RTP) Purpose Protocol Stack RTP Header Real-time Transport Control Protocol (RTCP) Voice over IP (VoIP) Motivation H.323 SIP VoIP Performance Tests Build-out Delay
More informationCryptography and Network Security Chapter 16. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,
More informationMEDIA PROTECTION MECHANISMS
06_032147349_ch06.qxd 7/10/07 10:25 AM Page 217 CHAPTER 6 MEDIA PROTECTION MECHANISMS Any multimedia application such as video, voice, or gaming uses a distinct set of protocols to set up sessions between
More information13. Internet Applications 최양희서울대학교컴퓨터공학부
13. Internet Applications 최양희서울대학교컴퓨터공학부 Internet Applications Telnet File Transfer (FTP) E-mail (SMTP) Web (HTTP) Internet Telephony (SIP/SDP) Presence Multimedia (Audio/Video Broadcasting, AoD/VoD) Network
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationOverview of SIP. Information About SIP. SIP Capabilities. This chapter provides an overview of the Session Initiation Protocol (SIP).
This chapter provides an overview of the Session Initiation Protocol (SIP). Information About SIP, page 1 How SIP Works, page 4 How SIP Works with a Proxy Server, page 5 How SIP Works with a Redirect Server,
More informationSession Initiation Protocol (SIP) Overview
Session Initiation Protocol (SIP) Overview T-110.7100 Applications and Services in Internet 6.10.2009 Jouni Mäenpää NomadicLab, Ericsson Contents SIP introduction, history and functionality Key concepts
More informationAARNet Copyright SDP Deep Dive. Network Operations. Bill Efthimiou APAN33 SIP workshop February 2012
SDP Deep Dive Network Operations Bill Efthimiou APAN33 SIP workshop February 2012 Agenda 1. Overview 2. Protocol Structure 3. Media Negotiation 2 Overview RFC 4566. When initiating multimedia sessions,
More informationReal Time Protocols. Overview. Introduction. Tarik Cicic University of Oslo December IETF-suite of real-time protocols data transport:
Real Time Protocols Tarik Cicic University of Oslo December 2001 Overview IETF-suite of real-time protocols data transport: Real-time Transport Protocol (RTP) connection establishment and control: Real
More informationKommunikationssysteme [KS]
Kommunikationssysteme [KS] Dr.-Ing. Falko Dressler Computer Networks and Communication Systems Department of Computer Sciences University of Erlangen-Nürnberg http://www7.informatik.uni-erlangen.de/~dressler/
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationSecure Telephony Enabled Middle-box (STEM)
Report on Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen 04/14/2003 Dr. Mark Stamp - SJSU - CS 265 - Spring 2003 Table of Content 1. Introduction 1 2. IP Telephony Overview.. 1 2.1 Major Components
More informationSecurity and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California
Security and Lawful Intercept In VoIP Networks Manohar Mahavadi Centillium Communications Inc. Fremont, California Agenda VoIP: Packet switched network VoIP devices VoIP protocols Security and issues in
More informationHaving fun with RTP Who is speaking???
27C3 Day 4, 17:15 Having fun with RTP Who is speaking??? kapejod@googlemail.com Having fun with RTP Who is speaking??? Overview Short introduction to RTP RTP packet structure SIP and RTP with NAT Shortcomings
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationLecture 9: Network Level Security IPSec
Lecture 9: Network Level Security IPSec CS 336/536: Computer Network Security Fall 2015 Nitesh Saxena Adopted from previous lecture by Keith Ross, and Tony Barnard HW3 being graded Course Admin HW4 will
More informationTLS for SIP and RTP. OpenWest Conference May 9, Corey zmonkey.org. v Corey Edwards, CC-BY-SA
TLS for SIP and RTP OpenWest Conference May 9, 2014 Corey Edwards tensai@ @heytensai v2.0 Why TLS? Why TLS? Why TLS? Why TLS? Authenticity (man-in-the-middle) WebRTC requirement Authentication... sort
More informationDepartment of Computer Science. Burapha University 6 SIP (I)
Burapha University ก Department of Computer Science 6 SIP (I) Functionalities of SIP Network elements that might be used in the SIP network Structure of Request and Response SIP messages Other important
More informationReflections on Security Options for the Real-time Transport Protocol Framework. Colin Perkins
Reflections on Security Options for the Real-time Transport Protocol Framework Colin Perkins Real-time Transport Protocol Framework RTP: A Transport Protocol for Real-Time Applications RFCs 3550 and 3551
More informationNCP Secure Enterprise macos Client Release Notes
Service Release: 3.10 r40218 Date: July 2018 Prerequisites Apple OS X operating systems: The following Apple macos operating systems are supported with this release: macos High Sierra 10.13 macos Sierra
More informationIP Security. Cunsheng Ding HKUST, Kong Kong, China
IP Security Cunsheng Ding HKUST, Kong Kong, China Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database Building
More informationRequest for Comments: Category: Standards Track Columbia U. G. Camarillo Ericsson A. Johnston WorldCom J. Peterson Neustar R.
Network Working Group J. Rosenberg Request for Comments: 3261 dynamicsoft Obsoletes: 2543 H. Schulzrinne Category: Standards Track Columbia U. G. Camarillo Ericsson A. Johnston WorldCom J. Peterson Neustar
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationOverview of the Session Initiation Protocol
CHAPTER 1 This chapter provides an overview of SIP. It includes the following sections: Introduction to SIP, page 1-1 Components of SIP, page 1-2 How SIP Works, page 1-3 SIP Versus H.323, page 1-8 Introduction
More informationThe Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,
1 The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets
More informationPopular protocols for serving media
Popular protocols for serving media Network transmission control RTP Realtime Transmission Protocol RTCP Realtime Transmission Control Protocol Session control Real-Time Streaming Protocol (RTSP) Session
More informationChapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University
Chapter 6 IP Security Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University +91 9426669020 bhargavigoswami@gmail.com Topic List 1. IP Security Overview 2. IP Security Architecture 3.
More informationChapter 6/8. IP Security
Chapter 6/8 IP Security Prof. Bhargavi H Goswami Department of MCA, Sunshine Group of Institutes, Rajkot, Gujarat, India. Mob: +918140099018. Email: bhargavigoswami@gmail.com Topic List 1. IP Security
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationSpeech Quality Evaluation in IPsec Environment
Speech Quality Evaluation in IPsec Environment MIROSLAV VOZNAK FILIP REZAC MICHAL HALAS 2 CESNET, z.s.p.o. Zikova 4, 60 00 Prague CZECH REPUBLIC miroslav.voznak@vsb.cz, filip.rezac@vsb.cz 2 Slovak Technical
More informationThe IPsec protocols. Overview
The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More informationIP Security IK2218/EP2120
IP Security IK2218/EP2120 Markus Hidell, mahidell@kth.se KTH School of ICT Based partly on material by Vitaly Shmatikov, Univ. of Texas Acknowledgements The presentation builds upon material from - Previous
More informationChapter 5: Network Layer Security
Managing and Securing Computer Networks Guy Leduc Mainly based on Network Security - PRIVATE Communication in a PUBLIC World C. Kaufman, R. Pearlman, M. Speciner Pearson Education, 2002. (chapters 17 and
More informationEncrypted Phone Configuration File Setup
This chapter provides information about encrypted phone configuration files setup. After you configure security-related settings, the phone configuration file contains sensitive information, such as digest
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationInternet Streaming Media. Reji Mathew NICTA & CSE UNSW COMP9519 Multimedia Systems S2 2007
Internet Streaming Media Reji Mathew NICTA & CSE UNSW COMP9519 Multimedia Systems S2 2007 Multimedia Streaming UDP preferred for streaming System Overview Protocol stack Protocols RTP + RTCP SDP RTSP SIP
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationIP Security. Have a range of application specific security mechanisms
IP Security IP Security Have a range of application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS However there are security concerns that cut across protocol layers Would like security
More informationVirtual Private Network
VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationNCP Secure Entry macos Client Release Notes
Service Release: 3.20 r43098 Date: March 2019 Prerequisites Apple macos operating systems: The following Apple macos operating systems are supported with this release: macos Mojave 10.14 macos High Sierra
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationCIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec
CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationInternet Engineering Task Force (IETF) Category: Standards Track March 2011 ISSN:
Internet Engineering Task Force (IETF) D. McGrew Request for Comments: 6188 Cisco Systems, Inc. Category: Standards Track March 2011 ISSN: 2070-1721 Abstract The Use of AES-192 and AES-256 in Secure RTP
More informationInternet Streaming Media. Reji Mathew NICTA & CSE UNSW COMP9519 Multimedia Systems S2 2006
Internet Streaming Media Reji Mathew NICTA & CSE UNSW COMP9519 Multimedia Systems S2 2006 Multimedia Streaming UDP preferred for streaming System Overview Protocol stack Protocols RTP + RTCP SDP RTSP SIP
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationCSC 6575: Internet Security Fall 2017
CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationIngate Firewall & SIParator Product Training. SIP Trunking Focused
Ingate Firewall & SIParator Product Training SIP Trunking Focused Common SIP Applications SIP Trunking Remote Desktop Ingate Product Training Common SIP Applications SIP Trunking A SIP Trunk is a concurrent
More informationCompliance with RFC 3261
APPENDIX A Compliance with RFC 3261 This appendix describes how the Cisco Unified IP Phone 7960G and 7940G complies with the IETF definition of SIP as described in RFC 3261. It contains compliance information
More informationEDA095 Audio and Video Streaming
EDA095 Audio and Video Streaming Pierre Nugues Lund University http://cs.lth.se/pierre_nugues/ May 15, 2013 Pierre Nugues EDA095 Audio and Video Streaming May 15, 2013 1 / 33 What is Streaming Streaming
More informationRequest for Comments: Category: Standards Track F. Audet P. Lin Nortel November 2006
Network Working Group Request for Comments: 4738 Updates: 3830 Category: Standards Track D. Ignjatic Polycom L. Dondeti QUALCOMM F. Audet P. Lin Nortel November 2006 Status of This Memo MIKEY-RSA-R: An
More informationIPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43
0/43 IPsec and SSL/TLS Applied Cryptography 0 Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, 2016 Cryptography in the TCP/IP stack application layer transport layer network layer data-link
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationTSIN02 - Internetworking
Lecture 8: SIP and H323 Litterature: 2004 Image Coding Group, Linköpings Universitet Lecture 8: SIP and H323 Goals: After this lecture you should Understand the basics of SIP and it's architecture Understand
More informationChapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads
Cryptography p y Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationCONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements
CONTENTS Preface Acknowledgements xiii xvii Chapter 1 TCP/IP Overview 1 1.1 Some History 2 1.2 TCP/IP Protocol Architecture 4 1.2.1 Data-link Layer 4 1.2.2 Network Layer 5 1.2.2.1 Internet Protocol 5 IPv4
More informationFreeSWITCH IP PBX with Secure Twilio Elastic SIP Trunking
FreeSWITCH IP PBX with Secure Twilio Elastic SIP Trunking (Updated: 3/14/2017) Implementing security mechanisms in the Twilio Elastic SIP trunk provides secure and reliable data transfer between your SIP
More informationCisco ATA 191 Analog Telephone Adapter Overview
Cisco ATA 191 Analog Telephone Adapter Overview Your Analog Telephone Adapter, page 1 Your Analog Telephone Adapter The ATA 191 analog telephone adapter is a telephony-device-to-ethernet adapter that allows
More informationLab 9: VPNs IPSec Remote Access VPN
Lab 9: VPNs IPSec Remote Access VPN Rich Macfarlane 2015 Aim: Details The aim of this lab is to introduce Virtual Private Network (VPN) concepts, using an IPSec remote access VPN between a remote users
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec
More informationINFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP
INFS 766 Internet Security Protocols Lectures 7 and 8 IPSEC Prof. Ravi Sandhu IPSEC ROADMAP Security Association IP AH (Authentication Header) Protocol IP ESP (Encapsulating Security Protocol) Authentication
More informationTelecommunication Services Engineering Lab. Roch H. Glitho
1 2 Outline 1. Introduction 2. Core SIP 3. Selected Extensions 3 Introduction: Signaling vs Media Signaling: Session establishment Session tear down Changes to the session Supplementary services Media:
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More information[MS-EUMSDP]: Exchange Unified Messaging Session Description Protocol Extension
[MS-EUMSDP]: Exchange Unified Messaging Session Description Protocol Extension Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open
More informationJunos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will
More informationEncryption setup for gateways and trunks
Encryption setup for gateways and trunks This chapter provides information about encryption setup for gateways and trunks. Cisco IOS MGCP gateway encryption, page 1 H.323 gateway and H.323/H.225/H.245
More informationVPN Auto Provisioning
VPN Auto Provisioning You can configure various types of IPsec VPN policies, such as site-to-site policies, including GroupVPN, and route-based policies. For specific details on the setting for these kinds
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with
More informationTSIN02 - Internetworking
Lecture 7: Real-time Streaming Literature: Fouruzan ch. 28 RFC3550 (Real-time Protocol) RFC2327 (Session Description Protocol) RFC2326 (Real-time Streaming Protocol) 2004 Image Coding Group, Linköpings
More informationRTP/RTCP protocols. Introduction: What are RTP and RTCP?
RTP/RTCP protocols Introduction: What are RTP and RTCP? The spread of computers, added to the availability of cheap audio/video computer hardware, and the availability of higher connection speeds have
More informationMohammad Hossein Manshaei 1393
Mohammad Hossein Manshaei manshaei@gmail.com 1393 Voice and Video over IP Slides derived from those available on the Web site of the book Computer Networking, by Kurose and Ross, PEARSON 2 Multimedia networking:
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationConfiguring Encryption for Gateways and Trunks
CHAPTER 24 This chapter contains information on the following topics: Overview for Cisco IOS MGCP Gateway Encryption, page 24-1 Overview for H.323 Gateway and H.323/H.225/H.245 Trunk Encryption, page 24-2
More informationTable of Contents 1 IKE 1-1
Table of Contents 1 IKE 1-1 IKE Overview 1-1 Security Mechanism of IKE 1-1 Operation of IKE 1-1 Functions of IKE in IPsec 1-2 Relationship Between IKE and IPsec 1-3 Protocols 1-3 Configuring IKE 1-3 Configuration
More informationIPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security
IPsec (AH, ESP), IKE Guevara Noubir noubir@ccs.neu.edu Securing Networks Control/Management (configuration) Applications Layer telnet/ftp: ssh, http: https, mail: PGP (SSL/TLS) Transport Layer (TCP) (IPSec,
More informationData Sheet. NCP Secure Entry Mac Client. Next Generation Network Access Technology
Universal VPN Client Suite for macos/os X Compatible with VPN Gateways (IPsec Standard) macos 10.13, 10.12, OS X 10.11, OS X 10.10 Import of third party configuration files Integrated, dynamic Personal
More informationIPSec Site-to-Site VPN (SVTI)
13 CHAPTER Resource Summary for IPSec VPN IKE Crypto Key Ring Resource IKE Keyring Collection Resource IKE Policy Resource IKE Policy Collection Resource IPSec Policy Resource IPSec Policy Collection Resource
More informationRTP. Prof. C. Noronha RTP. Real-Time Transport Protocol RFC 1889
RTP Real-Time Transport Protocol RFC 1889 1 What is RTP? Primary objective: stream continuous media over a best-effort packet-switched network in an interoperable way. Protocol requirements: Payload Type
More informationA Solution Framework for Private Media in Privacy Enhanced RTP Conferencing (draft-jones-perc-private-media-framework-00)
A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing (draft-jones-perc-private-media-framework-00) IETF 93 / July 2015 Paul E. Jones Nermeen Ismail David Benham Cisco Agenda Security
More informationVulnerabilities in Dual-mode / Wi-Fi Phones
Vulnerabilities in Dual-mode / Wi-Fi Phones 8/2/07 Sachin Joglekar Vulnerability Research Lead 1 Outline (Total 60-70 min) Introduction (7 min) Protocol Stack (7 min) Current State of Security Features
More information