VoIP Security Threat Analysis

Similar documents
SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Voice over IP. What You Don t Know Can Hurt You. by Darren Bilby

Ingate SIParator /Firewall SIP Security for the Enterprise

Secure Telephony Enabled Middle-box (STEM)

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Department of Computer Science. Burapha University 6 SIP (I)

13. Internet Applications 최양희서울대학교컴퓨터공학부

Security for SIP-based VoIP Communications Solutions

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Overview of SIP. Information About SIP. SIP Capabilities. This chapter provides an overview of the Session Initiation Protocol (SIP).

Provide a generic transport capabilities for real-time multimedia applications Supports both conversational and streaming applications

On the Internet, nobody knows you re a dog.

TSIN02 - Internetworking

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Security and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California

Having fun with RTP Who is speaking???

White Paper. accelerateinnovation. Security Measures for Converged Networks June 2005 Author: Ramana Mylavarapu. security voice wireless

Ingate Firewall & SIParator Product Training. SIP Trunking Focused

Cisco ATA 191 Analog Telephone Adapter Overview

SIP Compliance APPENDIX

Outline. Goals of work Work since Atlanta Extensions Updates Made Open Issues Ad-hoc meeting & Next Teleconference Links

Compliance with RFC 3261

CIS 5373 Systems Security

Firewalls for Secure Unified Communications

Reflections on Security Options for the Real-time Transport Protocol Framework. Colin Perkins

VoIP Basics. 2005, NETSETRA Corporation Ltd. All rights reserved.

6 Voice-over-IP Security

Information About SIP Compliance with RFC 3261

Modern IP Communication bears risks

Basic Concepts in Intrusion Detection

MonAM ( ) at TUebingen Germany

A Framework for Optimizing IP over Ethernet Naming System

International Journal of Advanced Research in Computer Science and Software Engineering

The Session Initiation Protocol

ETSF10 Internet Protocols Transport Layer Protocols

CS519: Computer Networks. Lecture 9: May 03, 2004 Media over Internet

Kommunikationssysteme [KS]

Systems and Network Security (NETW-1002)

New Approaches to Mitigation of Malicious Traffic in VoIP Networks

Installation & Configuration Guide Version 4.0

Transporting Voice by Using IP

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Vulnerabilities in Dual-mode / Wi-Fi Phones

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Frequently Asked Questions

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

SIP Flex Test Suite. Highlights. IMS and VoIP Network Element and Service Testing

INTERFACE SPECIFICATION SIP Trunking. 8x8 SIP Trunking. Interface Specification. Version 2.0

Eavesdropping on conversations on a LAN is easier than ever thanks to insecure VoIP installations. you don t

A Survey of BGP Security Review

A survey of SIP Peering

SPA400 Internet Telephony Gateway with 4 FXO Ports

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

Endpoint Security - what-if analysis 1

ABC SBC: Secure Peering. FRAFOS GmbH

VoIP. ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts

From POTS to VoP2P: Step 1. P2P Voice Applications. Renato Lo Cigno

Closed book. Closed notes. No electronic device.

Request for Comments: Category: Standards Track Columbia U. G. Camarillo Ericsson A. Johnston WorldCom J. Peterson Neustar R.

Unsolicited Communication / SPIT / multimedia-spam

CSE 565 Computer Security Fall 2018

Media Communications Internet Telephony and Teleconference

P2PSIP, ICE, and RTCWeb

Security Challenge and Defense in VoIP Infrastructures. David Butcher, Member, IEEE, Xiangyang Li, Member, IEEE, and Jinhua Guo, Member, IEEE

Cisco SPA Line IP Phone Cisco Small Business

Define information security Define security as process, not point product.

20-CS Cyber Defense Overview Fall, Network Basics

VOIP. Technology, Security Threats & Countermeasures. Jaydip Sen. Innovation Lab Tata Consultancy Services, Kolkata

AP500 4-Port FXS VoIP Gateway

An Overview of the Cisco Unified IP Phone

Computer Security Exam 3 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

An Overview of the Cisco Unified IP Phone

Configuring Hosted NAT Traversal for Session Border Controller

Lecture 14: Multimedia Communications

An Overview of the Cisco Unified IP Phone

Voice over IP (VoIP)

AP-SAV100 Analog Voice Intercom

FreeSWITCH as a Kickass SBC. Moises Silva Manager, Software Engineering

Chapter 5. Security Components and Considerations.

Secure Communications on VoIP Networks

Computer Network Routing Challenges Associated to Tackle Resolution Protocol

New misuse detection algorithm for SIP faked response attacks

Mohammad Hossein Manshaei 1393

Best Practices for VoIP Security

Avaya IP Office SIP Endpoint Configuration Guide

SIP TRUNKING CARRIER CERTIFICATION OXE-SIP configuration

CyberData SIP Page Server V3 Integration with 8x8 Serial Numbers 1461x

Internet Protocol and Transmission Control Protocol

Solving the Middlebox Problem

OpenScape Session Border Controller V9

Configuring attack detection and prevention 1

Unified Communications Threat Management (UCTM) Secure Communications and Collaborations

Session Initiation Protocol (SIP)

Real-time Communications Security and SDN

Journal of Information, Control and Management Systems, Vol. X, (200X), No.X SIP OVER NAT. Pavel Segeč

Bank Infrastructure - Video - 1

Internet Engineering Task Force (IETF) Request for Comments: E. Rescorla RTFM, Inc. May 2010

Configuring attack detection and prevention 1

Transcription:

2005/8/2 VoIP Security Threat Analysis Saverio Niccolini, Jürgen Quittek, Marcus Brunner, Martin Stiemerling (NEC, Network Laboratories, Heidelberg)

Introduction Security attacks taxonomy Denial of Service (DoS) attacks Abuse of service attacks Interception and modification attacks Threats confidentiality: it refers to the fact that the information is accessible only to those authorized to have access integrity: it refers to the validity of data availability: it refers to the expectation of availability and quality of resources

Denial of Service (DoS) attacks SIP-specific

Denial of Service (DoS) attacks SIP-specific SIP malformed methods / buffer overflow one single message can stop the server/client from working properly poor implementations (lot of them unfortunately ) SIP methods flooding will keep the SIP server busy / make it crashing not responding to registration updates» clients not able to place calls»preventing mobility SIP random messages can keep busy/crash SIP server depending on FSM implementation (already at low rates) because of high number of checks

Denial of Service (DoS) attacks Session Hijacking (using SIP methods) After INVITE message, a 301 Moved Permanently message would hijack the call towards whoever the attacker decides (himself of another client) SIP Proxy INVITE INVITE SIP Client-B 301 Moved Permanently SIP Client-A INVITE Attacker The attacker messages cancel a pending request with the same Call-ID, TO, From, and Cseq fields

Internet Telephony Security: DoS attacks Session Tear down (not limited to SIP clients, but also to SIP servers) SIP Proxy INVITE INVITE CANCEL / BYE SIP Client-B SIP Client-A Attacker The attacker messages cancel a pending request with the same Call-ID, TO, From, and Cseq fields

Denial of Service (DoS) attacks RTP/RTCP-specific DoS attacks

Denial of Service (DoS) attacks RTP/RTCP-specific DoS attacks RTCP BYE, not in sync with the Signaling protocol Result: The Signaling protocol is not aware that there is no exchange of voice samples any more Forging Reception Reports Reporting more Packet Loss Result: usage of a poor quality codec with an adaptive system Report more Jitter Result: usage of a poor quality codec with an adaptive system

Denial of Service (DoS) attacks General DoS attacks

Abuse of service attacks

Abuse of service attacks Identity Theft Registering address instead of other (if requires authentication might use another type of attack) SIP Registrar SIP Client-B INVITE SIP Client-B INVITE SIP Client-B I am user B and here is my IP Address SIP Client-A Attacker

SPAM over Internet Telephony (SPIT) Same thread as with email (hundreds of calls just with publicity messages, the phone is ringing all day, etc.) SIP allows field forging (like with email) Problem increase with respect to traditional telephony Cheaper call rates than traditional telephony Flexibility of receiving calls from anywhere from anybody in the world Consequences are worse than with email SIP voice call interrupts user immediately And SIP is not voice only, but applies to Instant Messaging, and Presence too Mailboxes become full over night less means to distinguish spam and ham NEC Network Laboratories: Patent on SPIT avoidance submitted on June 2005

Interception and modification attacks

Denial of Service (DoS) attacks RTP play-out Same SSRC, higher sequence number, higher timestamp Result: The fake content will be played before the real one This means that from now on we will be able to play what ever we wish to this side of the conversation since all the next transmissions of the other side will look old to the receiving party Call Eavesdropping Capturing RTP flows Since RTP identifies the codec being used (statically) or either using a dynamic identified codec it is easy to reconstruct the voice sampling (even in real time) Result: listen/record conversations Result: listen DTMF tones to steal passwords and PINs

Need to be in the middle? It is not very difficult to get in the middle, and WLAN technology simplifies you the job DNS (modify entries to point all traffic to a hacker's machine) DHCP (make all traffic go to hackers machine as default gateway, or change DNS entry to point at hacker's machine so all names resolve to hacker's IP address) ARP (reply with hacker's MAC address, gratuitous ARPs or regular ARP replies) Flood tables in switches to destroy existing MAC addr/port associations so all traffic is broadcast out every port, and then use ARP attacks Routing protocols (change routing such that traffic physically passes through a router/machine controlled by hacker) Spanning tree attacks to change layer 2 forwarding topology Physical insertion (e.g. PC with dual NIC cards, be it Ethernetbased or WLAN-based)

Existing security features within SIP Protocol Encryption it can prevent a malicious user to read the SIP signaling (or part of it) SIP signaling information can be used to launch an attack the encryption itself can not do anything against dictionary attacks guessing the fields Encryption is useful for attacks like Session tear-down (SIP-specific DoS attack) Session hijacking (SIP-specific DoS attack) Identity theft (Abuse of service attack) Replay attack (Abuse of service attack) Signaling spying (Interception and modification attack) Available solutions hop-by-hop encryption IPSec (protocol suite) SIPS (SIP using Transport Layer Security, TLS, RFC 2246 currently being update at v1.1) end-to-end encryption S/MIME (Secure/Multipurpose Internet Mail Extensions), RFC 2633 Cons consumes time, introduces another delay can introduce additional problems in NAT/FW traversal if no special means are adopted

Existing security features within SIP Protocol Authentication (mostly used only with REGISTER and INVITE, if you are lucky) SIP signaling should be authenticated to deny access to not-authorized users Can help to prevent the following set of attacks: Session tear-down (SIP-specific DoS attack) Session hijacking (SIP-specific DoS attack) SIP/SDP malformed methods (SIP-specific DoS attack) SIP messages causing buffer overflow (SIP-specific DoS attack) SIP methods flooding (SIP-specific DoS attack) Identity theft (Abuse of service attack) Replay attack (Abuse of service attack) Proxy impersonation (Abuse of service attack) Bypassing refused consent (Abuse of service attack) Improper access to services (Abuse of service attack) Available solutions Client to Server Digest authentication, RFC 2617 S/MIME Server to Server IPSec SIPS (works only in the trapezoid scheme) Cons require trust relationship like a shared secret there is no dynamic key exchange protocol established solution

Existing security features within SIP Protocol Identity framework in SIP draft-ietf-sip-identity-05 each domain authenticate its own users HTTP digest authentication each client maintains a persistent TLS connection to the server (the client verifies the server identity using TLS) and make a digest exchange over TLS the domain itself can assert the identity of the sender with a signature when relying the message from that user to another domain

Existing security features within RTP/RTCP Protocol Encryption and authentication Secure Real Time Protocol (SRTP), RFC 3711 (not widely adopted yet) Provides a framework for encryption and message authentication of RTP and RTCP streams Default cryptographic transforms and possible additions Has no pre-defined key management scheme It is compatible with MIKEY (Multimedia Internet KEYing), RFC 3830, does not need modifications when used with MIKEY Can help to prevent the following set of attacks: RTP/RTCP session tear down (RTP/RTCP-specific DoS attack) RTP SSRC collision (RTP/RTCP-specific DoS attack) RTCP forged reception report (RTP/RTCP-specific DoS attack) Call content eavesdropping (Interception and modification attacks) RTP play-out (Interception and modification attacks) IPSec Cons consumes time, introduces another delay can introduce additional problems with Lawful Interception (LI) if no special means are adopted

Additional security features Pattern detection/prevention systems the signatures or rules can be deterministic models statistical models a combination of both Anomaly detection/prevention systems auto-learning intelligence Better parsing of SIP signaling of RTP/RTCP messages

Considerations on VoIP management VoIP management is still in its infancy Henning Schulzrinne, Columbia University, USA: traditional management tools are of only limited help in this environment which direction to take? What about of VoIP Security management? maybe it is not yet born needs different solutions from the VoIP management? if yes, which? which direction to take?

NEC Network Laboratories directions On-going works VoIP Security applied to Session Border Controllers (SBCs) Intrusion Detection/Prevention System SPAM prevention Lawful Interception Future directions (starting in 2 nd Half of 05) VoIP Security IPS (not limited to SBCs) VoIP management client/server configuration is complex are MIBs enough?» what is possible here? can P2P help? maybe more on the client side than on the server side VoIP Security Management (servers need to be configured and queried from a security point of view)

Thank you! Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback