SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

Similar documents
The DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls

Voice over IP. What You Don t Know Can Hurt You. by Darren Bilby

Frequently Asked Questions (FAQ)

Application Firewalls

Secure Telephony Enabled Middle-box (STEM)

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

MPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames

Security Philosophy. Humans have difficulty understanding risk

SIP Session Initiation Protocol Part 2. ITS VoIP; 2009 P. Campbell, H.Kruse

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Exercises with solutions, Set 3

Ingate SIParator /Firewall SIP Security for the Enterprise

A SIMPLE INTRODUCTION TO TOR

PBX Fraud Information

On the Internet, nobody knows you re a dog.

Security and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California

AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security

Contents. Introduction Upgrade your firmware to v Always use strong passwords Secure Web Admin user password...

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

changing the way you share your world Call Management Services User Guide

We will divide the many telecom fraud schemes into three broad categories, based on who the fraudsters are targeting. These categories are:

CS 161 Computer Security

Application Notes for Configuring SIP Trunking between the Skype SIP Service and an Avaya IP Office Telephony Solution Issue 1.0

Telephone Answering: The system answers the telephone for you when you are either on the phone or away from your desk.

Unified Communications Manager Express Toll Fraud Prevention

VoIP Security Threat Analysis

VoIP/SIP: Economy and Mobility

Outline Key Management CS 239 Computer Security February 9, 2004

0x1A Great Papers in Computer Security

Define information security Define security as process, not point product.

CS 161 Computer Security

CPSC 467b: Cryptography and Computer Security

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Modern IP Communication bears risks

Internet Networking recitation #

Crypto meets Web Security: Certificates and SSL/TLS

Outline More Security Protocols CS 239 Computer Security February 6, 2006

This is a sample chapter of WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web by Alan B. Johnston and Daniel C. Burnett.

Researching New SIP Carriers

CS Computer Networks 1: Authentication

Sample excerpt. Virtual Private Networks. Contents

Outline More Security Protocols CS 239 Computer Security February 4, 2004

Tungsten Security Whitepaper

5 common concerns about moving to SIP...

GPRS security. Helsinki University of Technology S Security of Communication Protocols

Chapter 6: Security of higher layers. (network security)

Securing Internet Communication: TLS

Bell SmartTouch services

P2PSIP, ICE, and RTCWeb

CSE 565 Computer Security Fall 2018

Firewalls, Tunnels, and Network Intrusion Detection

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

NCH Swift Sound Office Intercom: Audio Communication Software

Internet Protocol and Transmission Control Protocol

Public-Key Infrastructure NETS E2008

Avaya Solution & Interoperability Test Lab. Abstract

Network Defenses 21 JANUARY KAMI VANIEA 1

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

WELCOME GUIDE All you need to know!

Network Defenses 21 JANUARY KAMI VANIEA 1

The Internet of Things. Steven M. Bellovin November 24,

SIP Trunking & Security. Dan York, CISSP VOIPSA Best Practices Chair

IP Possibilities Conference & Expo. Minneapolis, MN April 11, 2007

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

1 Identification protocols

LISTENING BY SPEAKING

If you need help with Skype Connect, you can find more answers in our Skype Connect FAQs section: support.skype.com/category/skype_connect

Network Security and Cryptography. 2 September Marking Scheme

Best Practices for VoIP Security

CS Paul Krzyzanowski

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Internet Platform Management. We have covered a wide array of Intel Active Management Technology. Chapter12

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

1 SIP Carriers. 1.1 LightBound Warnings Vendor Contact Vendor Web Site:

Once all of the features of Intel Active Management Technology (Intel

OneXS will provide users with a reference server (IP, FQDN, or other means to connect to the service). This must be obtained before setup can begin.

Configuring OpenVPN on pfsense

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

Outline. More Security Protocols CS 239 Security for System Software April 22, Needham-Schroeder Key Exchange

DMP 128 Plus C V DMP 128 Plus C V AT. Avaya Aura Configuration Guide REVISION: 1.1 DATE: SEPTEMBER 1 ST 2017

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

SIP Compliance APPENDIX

Business Phone System Buyer s Guide

CE Advanced Network Security

Cisco Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2)

Bitcoin, Security for Cloud & Big Data

Best Practice - Protect Against TCP SYN Flooding Attacks with TCP Accept Policies


TELEPHONE USER GUIDE

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Introduction to Modern Cryptography. Benny Chor

Ingate Firewall & SIParator Product Training. SIP Trunking Focused

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Operating Systems Design Exam 3 Review: Spring 2011

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Computer Communication Networks Network Security

Transcription:

Network Security - ISA 656 Voice Over IP (VoIP) Security Simple SIP ing Alice s Bob Session Initiation Protocol Control channel for Voice over IP (Other control channel protocols exist, notably H.323 and Skype s, but we ll focus on SIP) Angelos Stavrou October 11, 2008 2 / 41 Simple SIP ing Alice s Bob A control channel known in the telephone world as a signaling channel does call setup It locates the other end point, determines if it s available, asks the endpoint to alert the called party, passes back status to the caller, etc. Even in a pure IP world, we need a signaling channel; when connecting to the PSTN (Public Switched Telephone Network), it s essential Simple SIP ing Alice s Bob Telephone signaling was once done in-band that is, the pulses or tones were sent over the same circuit as would later be used to carry the voice traffic for that call Blue boxes telephone fraud devices worked by simulating some of the control tones used to set up free calls The solution was to move signaling to a separate, out-of-band data network, known today as CCIS (Common Channel Interoffice Signaling) Out-of-band signaling is more efficient; it allows easy creation of fancier services 3 / 41 4 / 41

Simple SIP ing Alice s Bob Why can t we just call a domain name or IP address? Many endpoints don t have stable, easily-memorized domain names IP addresses change frequently, especially for dial-up and hotspot users There are other complexities Simple SIP ing Alice s Bob PSTN interconnection: very many endpoints have just a few IP addresses Besides, someone has to pay for the PSTN interconnection Firewalls Network address translators (NATs) Mapping between phone number and IP address Business arrangements between telephone companies Unreachable hosts Fancy phone features 5 / 41 6 / 41 Simple SIP ing Simple SIP ing Alice s Bob SIP endpoints speak IP Ideally, the actual conversation would be end-to-end, from one SIP phone to the other Each node can use a SIP proxy for call setup Simple SIP ing Alice s Bob VoIP Provider 1 VoIP Provider 2 VoIP Provider 3 R2 R1 Alice Bob 7 / 41 8 / 41

Alice s Bob Simple SIP ing Alice s Bob Alice uses VoIP Provider 1 (VP1) as her proxy; Bob uses VoIP Provider 2 (VP2) as his To call Bob, Alice sends a SIP URI to VP1 via TCP VP1 determines that the URI points to VP2, so the calls setup request is relayed there via TCP VP2 tells Bob about the call via TCP; if he wants to, he can accept it Simple SIP ing Alice s Bob If Alice or Bob are behind firewalls or NATs, they may not be able to set up end-to-end data connections In that case, the data traffic for one or both parties will also flow through the proxy Notification is sent back to Alice via VP1 Alice establishes a direct UDP data connection to Bob for the voice traffic 9 / 41 10 / 41 Simple SIP ing Alice s Bob How is a SIP URI converted to a SIP proxy address? What about ordinary telephone numbers? tel: URIs are used for ordinary phone numbers All are converted by means of DNS magic: NAPTR records (For this class, the details aren t important the essential point is that by means of repeated, complex DNS lookups, any SIP URI is converted to an IP address) Simple SIP ing Alice s Bob Sometimes, VP1 will talk to VP3 which will route the call to VP2 VP1 and VP2 don t know (or trust) each other; they only know VP3 (and VP4 and VP5 and... ) How can they establish a trust relationship? What if money is involved? Can VP2 believe that VP1 will pay? 11 / 41 12 / 41

at Risk at Risk Billing What are we trying to protect? Against whom? at Risk Billing Voice content itself er and called party for each connection Billing information 13 / 41 14 / 41 at Risk Billing Confidentiality is the main concern Is VoIP easier to wiretap than traditional phone service? Only the endpoints should see that information; can be encrypted through proxies Relatively hard to spoof a voice in real-time, so authenticity is not a major concern at Risk Billing Of great interest to many parties (look at the HP case that s the data HP was after) Useful even after the call (you can t intercept a call after it s over; you can look at who talked) Must be kept confidential but proxies need to see it, to route the call Must be authentic, or the call could be misrouted maliciously 15 / 41 16 / 41

Billing at Risk Billing Derived in part from caller/called party information May have other information from call routing process As before, must be confidential but there s no need for other parties to see any of it Integrity failures can lead to billing errors, in either direction (Often a major privacy concern after the fact again, consider the HP case.) at Risk Billing How can someone eavesdrop on a SIP call? Many ways, including things like listening at a WiFi hotspot We ll discuss other ways later in the semester For now, let s just assume it s possible 17 / 41 18 / 41 at Risk Billing Simplest approach: listen on some link Which link is best for targeting a given person? Easiest: their access link What if they re mobile? Hard they could be coming from anywhere Do you have the physical ability to listen on the VoIP provider s links? What if the VoIP provider is in a distant, unfriendly country? at Risk Billing An attacker can try to register with VP2 as Bob If the attacker succeeds, all calls destined for Bob with be routed to the attacker 19 / 41 20 / 41

at Risk Billing Another false registration attack: tear down calls This is a violation of availability at Risk Billing routing is partially controlled by the DNS Is it possible to corrupt the DNS answers? Under certain circumstances, it s not that hard to do (more details later in the semester) By creating fake DNS entries, it s possible to reroute the call to go via an intercept station 21 / 41 22 / 41 at Risk Billing Again, link eavesdropping and DNS attacks are straightforward The task is easier here; proxies (usually) don t move around VoIP providers are high-value targets, since they process many calls at Risk Billing Is it possible to hack the VoIP proxy servers? Sure why not? Conventional phone switches can be (and some are) hacked, but there s a big difference: the attacker can speak a much more complex protocol to a SIP switch than to a PSTN switch, which means they re more vulnerable It s hard to do too much damage with just a few touch-tones! Aside: fancier services are easier to hack, on both kinds of telephone systems 23 / 41 24 / 41

at Risk Billing It s hard to hide IP addresses The legitimate recipient sees the sender s source IP address; this leaks location data Routing the voice traffic via a proxy can thus be a privacy feature at Risk Billing Similar in nature to old-style ones SIP billing systems are more likely to be Internet-connected Must use strong defenses and firewalls to protect them 25 / 41 26 / 41 for the Voice As usual, we ll use crypto to guard against eavesdropping The details, though, are tricky for the Voice Alice has a trust relationship with her proxy Authentication is relatively easy Usually, TLS is used to protect the TCP session to the proxy Alice must verify VP1 s certificate Alice can use passwords or client-side certificates to authenticate herself 27 / 41 28 / 41

for the Voice IPsec is normally difficult to use to protect specific services However, if there is an organizational SIP gateway, it might be possible to protect all traffic from the organization to the gateway for the Voice VP1 may not have a trust relationship with VP2 How can VP1 get VP2 s certificate? More precisely, how can VP1 validate it, if they don t share a trust anchor? This applies regardless of what security protocol is used (though TLS is the norm) 29 / 41 30 / 41 for the Voice for the Voice Some signaling traffic must be secure end-to-end Example: Bob needs to know, authoritatively, that it s Alice who has called him However, the intermediate nodes need to see this : digitally sign the data (using S/MIME), but don t encrypt it for the Voice How do Alice and Bob get a shared key for voice traffic encryption? Alice uses S/MIME to send Bob an encrypted traffic key But how does Alice get Bob s certificate? There is no general PKI for SIP users True end-to-end confidentiality can only happen by pre-arrangement (This statement is more generally true... ) 31 / 41 32 / 41

erid erid and VoIP As always, complexity causes problems The specific issue here is complex trust patterns Let s look at some extra features and see how they cause trouble erid erid and VoIP Alice tries to call Carol; she reaches Bob, Carol s secretary Bob decides the call is worthy of Carol s attention, and wishes to transfer the call to Carol Bob s phone sends Alice s phone a message saying Carol, you re authorized Carol s phone has to verify that Bob authorized it 33 / 41 34 / 41 erid erid and VoIP Bob prepares an authenticated identity body (AIB) with his name and the time He sends that to Alice along with Carol s SIP URI Alice presents the AIB to Carol What s wrong? erid erid and VoIP Nothing linked the AIB to this referral Alice can give the AIB to someone else At least there s a timestamp to protect against replays 35 / 41 36 / 41

erid The AIB sent by Bob needs to include Alice s identity Suppose the SIP call is being relayed to the PSTN erid erid and VoIP Carol s phone needs to check the certificate used in Alice s call setup message, to verify that it s really from Alice In particular, Alice s identity in the AIB must match the identity in the certificate erid erid and VoIP Where does the erid information come from? Can it be spoofed? 37 / 41 38 / 41 erid and VoIP erid erid and VoIP The phone network was based on trust only real telephone companies had phone switches No authentication was done on information from other switches, including erid Today, anyone can run a phone switch... erid erid and VoIP Run Asterisk, an open source PBX program, on some machine Get a leased line to a VoIP-to-PSTN gateway company Configure Asterisk to send whatever information you want... This abuse is happening now; see http://www.boston.com/news/globe/ magazine/articles/2006/09/24/ phony identification/ 39 / 41 40 / 41

erid erid and VoIP Most vendors don t implement the fancy crypto VoIP is thus not as secure as it could be (but Skype does do a lot of crypto) Beyond that, SIP phones tend to boot themselves over the network is that connection secure? NIST recommends great care in using VoIP see http://csrc.nist.gov/publications/ nistpubs/800-58/sp800-58-final.pdf 41 / 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback