The ultimate security is your understanding of reality - H. Stanley Judd

Security aspects of VoIPTechnical analysis

Alec BrusilovskyApplication Engineering May 13, 2005

Chicago, Illinois

Attractiveness of VoIP

General IP security observations

Major differences between circuit voice security and VoIP security

SIP-specific security aspects

SIP (RFC3261) existing security mechanisms

VoIP (SIP) attack scenarios and possible pitfalls in addressing them

OutlineAB1

Slide 2

AB1 Spam, viruses and other types of abuse have annoyed Internet users and Internet service providers (ISPs) for several years. However,they have grown rapidly in scale in the past 18 months, and have now moved well beyond the status of 'annoyances'. The volume and frequency of attacks is now such that it has become impossible to use the Internet satisfactorily without protection against spam and viruses. Moreover, an increasing amount of spam carries viruses and other types of executable code, which can damage computers, generate high volumes of junk traffic or otherwise cause harm or nuisance to computer users.Alec Brusilovsky, 1/12/2005

Why Network Evolution To Packet Technology ?– Cost Savings … good, but isn’t there more?– New Services … very interesting!

Services:• Proven PSTN / IN Based Services

Done the Internet Way - Webify them!• New Converged Services

Combining Voice with web, email, chat, IM, ...

Attractiveness of VoIP Evolution to packet…

General IP security observationsMobility of terminals – services are obtainable from any point in the network

Difficulty in directing the route for control/media

Increase in network/security entropy (intelligence moves to the edges)

Absence of segregated signaling path – all signaling is inbound and accessible to terminals

Shared and open medium. Traffic is accessible and vulnerable to attacks from all parties along the traffic path

Circuit voice and VoIP security

• radically different security scenario

• attack scenarios hardly scale for circuit voice – proximity effect

• Authentication. Terminal or Subscriber?

SIP?

Sosyalist Iktidar Partisi (SIP) Party for Socialist Power (Turkey)

Satellite Interceptor Program (SIP) US DOD Satellite Killer Program ‘1962

Stop Internet Plagiarism (SIP),Growing movement

Search Results:

Session Initiation Protocol (SIP)

Structural Insulated Panel (SIP)

Protective Clothing Company

Society forInvertebratePathology

Soul InfluencedProduct – disco in Geneva

SociedadInteramericanade Psicologia

Systems Intelligence Products

Why SIP?

• SIP brings syntax and scripting technologies of Internet to Voice Services;

• SIP allows to RECREATE existing Voice Services AND COMBINE them with the new multimedia services.

Message flow: SIP to SIP Telephony

SIP Network SIP Networksip:PartyA@here.comsip:PartyA@here.comParty A

Proxy 1 Proxy 2

Party AParty A Party BParty BProxy 1Proxy 1 Proxy 2Proxy 21 INVITE

5 INVITE 7 INVITE

2 407 PrAR3 ACK 4 INVITE

6 (100)

11 180 Rng

14 200 OK 15 ACK

20 BYE 21 200 OK

RTP Media

8 (100)

10 180 Rng

13 200 OK

16 ACK

19 BYE

22 200 OK

9 180 Rng

12 200 OK

17 ACK

18 BYE

23 200 OK

sip:PartyB@there.comsip:PartyB@there.comParty B

SIP-specific security aspectsSecurity Threats:Hijacking of registrationSIP server spoofing attackSIP headers tempering by proxiesTearing-down spoofing attackDOS/DDOS attackCall hijacking attackClient spoofing attackEavesdropping attackSpam/SpitLogging of traffic

Security Requirements:•Message Confidentiality (to address reading of the message)

•Message Integrity (to address changes to the message)

•Authentication of all SIP nodes (to address spoofing, impersonation, false registration, call highjackingand tear-downs)

•Privacy

•Availability

SIP Network SIP Networksip:PartyA@here.comsip:PartyA@here.comParty A

Proxy 1 Proxy 2RTP Media

sip:PartyB@there.comsip:PartyB@there.comParty B

Server (Registrar)

ThreatThreat Threat

Threat

ThreatThreat

Threat

ThreatThreat

Threat

Threat

Threat

SIP-specific security aspectsSecurity Threats:Hijacking of registrationSIP server spoofing attackSIP headers tempering by

proxiesTearing-down spoofing attackDOS/DDOS attackCall hijacking attackClient spoofing attackEavesdropping attackSpam/SpitLogging of traffic

SIP Network SIP Networksip:PartyA@here.comsip:PartyA@here.comParty A

Proxy 1 Proxy 2RTP Media

sip:PartyB@there.comsip:PartyB@there.comParty B

Server (Registrar)

ThreatThreat Threat

Threat

ThreatThreat

Threat

ThreatThreat

Threat

Threat

Threat

SIP-specific security aspects

SIP Network SIP Networksip:PartyA@here.comsip:PartyA@here.comParty A

Proxy 1 Proxy 2RTP Media

sip:PartyB@there.comsip:PartyB@there.comParty B

Server (Registrar)

ThreatThreat Threat

Threat

ThreatThreat

Threat

ThreatThreat

Threat

Threat

Threat

Security Requirements:•Message Confidentiality (to address reading of the message)

•Message Integrity (to address changes to the message)

•Authentication of all SIP nodes (to address spoofing, impersonation, false registration, call highjackingand tear-downs)

•Privacy

•Availability

Security Threats:Hijacking of registrationSIP server spoofing attackSIP headers tempering by

proxiesTearing-down spoofing attackDOS/DDOS attackCall hijacking attackClient spoofing attackEavesdropping attackSpam/SpitLogging of traffic

SIP (RFC3261) existing security mechanisms

End-to-end mechanisms– Digest Authentication– S/MIME

Hop-to-hop mechanisms– TLS– IPSec

SIP utilizes securityMechanisms available in the IP stack

End-to-end mechanisms

Digest Authentication – principals sharing a secret can mutually authenticate each other with a challenge/response authentication. Nonces are included to prevent replay attacks

– The primary advantage of Digest authentication is that passwords are never transmitted across the internet in unencrypted form.

– A second advantage is that the integrity of the message is certified

S/MIME – MIME is used for SIP message bodies. S/MIME might be utilized to exchange authenticated and encrypted messages between SIP UA’s, providing end-to-end confidentiality, integrity and authentication

– S/MIME was originally developed by RSA Data Security, Inc. It is based on the PKCS #7 data format for the messages, and the X.509v3 format forcertificates. PKCS #7, in turn, is based on the ASN.1 DER format for data.

Hop-to-hop mechanisms

TLS – supports authentication and encryption of SIP messages over connection-oriented protocols (TCP)

IPSec – IPSEC provides network layer security. IPSEC offers authentication, integrity and confidentiality of IP packets. Key exchange may be done with IKE.

Possible pitfalls in addressing the identified attack scenariosAuthentication

– What to authenticate? User agent (HW, or SW)? Network interface?Process? Person?

– The need for the Global Certificate InfrastructureDOS and DDOS – public availability of the infrastructure, nowhere

to hide from DOS attacks. SIP security mechanisms do not help. Watching and throttling of the traffic on the network proxies and UA’s might be promissing.

SPAM/SPIT – VoIP spam is different. SPAM can come form authenticated source. Quick disabling of the spamming proxy might or might not work.

Privacy –SIP headers contain sender’s identity information (i.e., for billing purposes). This information might be collected by any proxy en-route of the message.

Other deficiencies:– Firewall traversal for signaling and media– Lawful intercept (CALEA in the USA)– Emergency services (9-1-1)

So, can we make VoIP secure?

We haven't had an undetected break-in in over six months! -Anonymous

Implement sensible and enforceable IT Security Policy – VoIP security foundation

Prioritize VoIP security threats – some of them might be less applicable

When looking for a security solution ask these three questions:

– Is it achievable technically?– Does it support the mission? (Is it

profitable? - for those of us in the industry)

– Is it being regulated?

ReferencesRosenberg, Schulzrinne et al., “SIP: session initiation protocol”, RFC 3261, 2002RFCs complementing the SIP protocol: RFC 3262, RFC 3263, RFC 3264, RFC 3265, RFC

2976, RFC 3262, RFC 3311, RFC 3428, RFC 3515, RFC 3265M. Handley, V. Jacobson, “SDP: Session Description Protocol”, RFC 2327S. Dusse, P. Hoffman et al., “S/MIME Version 2 Message Specification “, RFC 2311T. Dierks, C. Allen, “The TLS Protocol Version 1.0”, RFC 2246S. Kent, R. Atkinson, “Security Architecture for the Internet Protocol”, RFC 2401D. Harkins, D. Carrel, “The Internet Key Exchange (IKE)”, RFC 2409P. Srisuresh, J. Kuthan, J. Rosenberg, A. Molitor, A. Rayhan, “Middlebox communication

architecture and framework”, RFC 3303J. Rosenberg, J. Weinberger, C. Huitema, R. Mahy, “STUN - Simple Traversal of User

Datagram Protocol (UDP) Through Network Address Translators (NATs)”, RFC 3489J. Peterson, “A Privacy Mechanism for the Session Initiation Protocol (SIP)”, RFC

3323D. R. Kuhn, T. J. Walsh, S. Fries, “Security considerations for voice over IP systems”, NIST

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IP Telephones, http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml

D. Richard Kuhn, Thomas J. Walsh, Steffen Fries, Security Considerations for Voice Over IP Systems, Recommendations of the National Institute of Standards and Technology, Special Publication 800-58 http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf

Thank You!abrusilovsky@lucent.com630.979.5490