formal design & verification of security protocol for voip ubaid ur rehman...
TRANSCRIPT
Formal Design & Verification Formal Design & Verification of Security Protocol for VoIPof Security Protocol for VoIP
Ubaid Ur RehmanNUST201260838MSEECS63012F
Supervisor: Dr. Abdul
Ghafoor
Committee Members: Dr. Awais
Shibli Dr. Nauman Ahmed
Qureshi Mr. Muhammad Qaisar Choudhary
OutlineOutlineo Introduction
o VoIPo H.323o SIPo Comparison of H.323 and SIP
o Literature Reviewo Summary
o Attackso Methods
o Problem Statemento Research Methodologyo Road Mapo Reference
Voice over Internet Protocol
o Also called VoIP, IP Telephony, Internet Telephony, and Broadband Phone.
o Enables one to make and receive phone calls through the Internet instead of using the traditional analog PSTN lines.
Source: Stephan Rupp,2005
VoIP Protocol Suites
o H.323 (ITU-T)
Gate Keeper
Gateway
Gate Keeper
Gateway
1. Request Permission to place call
2. Try to resolve the address of the called party
3. Collect replies to previous query
4. Grant permission to
place call
5. Attempt to establish the call
6. Request permission to accept call
7. Grant permission
8. Indicate connection establishment
VoIP Protocol Suiteso Session Initiation Protocol (SIP)
SIP Client SIP Client
Sip: [email protected]
nust.eduDNS server
SIP proxy
nbs.com
Location service
proxy
Sip: [email protected]
1
2
3
4
5
6
7
8
9
1011
12
13
Sip: [email protected]
Comparison of H.323 and Comparison of H.323 and SIPSIP
Area H.323 SIP
Complexity Complex protocol Comparatively simpler
Encoding Binary ASN.1 PSN encoding Text-based UTF-8 encoding
Extensibility Limited Easy, not limited
Compatibility Requires full backward
compatibility
Does not require full backward
compatibility
Scalability Less scalable (stateful, TCP) More scalable (stateless, UDP)
Transport TCP only TCP, UDP or other
Conferencing MCU required Using IP multicast
Services Provider ricer functionality Simple set of functionality
Loop detection Stateful (difficult) Stateless (Comparatively easy)
Addressing E.164 scheme, H323 ID alias SIP URLs
Mobility More limited (does not support
forking proxy)
More flexible and rapid (support
forking proxy )
Motivation
Voice Over IP (VoIP) technology has the potential to
change the way of communicate now a days. It offers a
cheap alternative to the traditional telephone systems,
relies on SIP use by most VoIP services and now being
implemented on mobile handsets and Smartphone's and
an increasing number of cordless phones.
Literature Survey 1o Problem: Man-in-the-Middle
Attacko Target: Secure Signaling and
Media Datao IPSec:
o Provide point-to-point authentication
o Prolong time require to encrypt header and data.
o SRTP:o Provide authentication & privacyo Does not have key exchange
scheme
o MIKEYo Good use of bandwidtho Low computational effort
Alexandre M. Deusajute, and Paul S. L. M. Barreto. “ The SIP Security Enhanced by Using Pairing-assisted Massey-Omura Signcryption”, International Association for Cryptologic Research, 2008.
o Proposed Massey-Omura Signcryption based on Pairing Based Cryptography (PBC)
Literature Survey 1Modified Massey-Omura Protocol
Alexandre M. Deusajute, and Paul S. L. M. Barreto. “ The SIP Security Enhanced by Using Pairing-assisted Massey-Omura Signcryption”, International Association for Cryptologic Research, 2008.
Literature Survey 2o Problem: Spam over Internet Telephony (SPIT)
Kumiko Ono, and Henning Schulzrinne “How I Met You Before? Using Cross-Media relations to reduce SPIT”, ACM New York, USA, 2009.
Literature Survey 2
Kumiko Ono, and Henning Schulzrinne “How I Met You Before? Using Cross-Media relations to reduce SPIT”, ACM New York, USA, 2009.
Literature Survey 3
o IPSeco Require pre-established Trust.
o TLSo Provide one-way or mutual
authentication.o Message intercept inside the recipient
network.o TLS does not provide end to end security.o Lack of PKI does not provide better
environment.
o Problem: Security Weakness of Session Initiation Protocol (SIP)
o SIP uses HTTP-digest authentication which provide one-way authentication and replay protection only.
o SIP has no authorization model.o RFC 3261 provide SIP security mechanism:o S/MIME
o Provide end-to-end security
o Huge overhead over SIP messages.
o TLS and S/MIMEo TLS provide integrity
and authentication.o S/MIME provide
confidentiality.
Ihsan Ilahi, Adeel, and Shahzad Rizwan. “A survey of security weakness of Session Initiation Protocol (SIP)”, International Journal of Multidisciplinary Science and Engineering , April 2012, volume 3, No. 4.
Literature Survey 3o Classification of Attack:
o Flood Attacko Lack of authentication scheme
o Required cryptographic token
o Lack of integrity o Required appropriate use of S/MIME and TLSo hop-by-hop problem still remains
o Parser Attacko Use of Intrusion detection system with sophisticated
algorithm
o IPSec, TLS, and S/MIME provide outsider attack protection only
o Insider create malformed packet and sign it
Ihsan Ilahi, Adeel, and Shahzad Rizwan. “A survey of security weakness of Session Initiation Protocol (SIP)”, International Journal of Multidisciplinary Science and Engineering , April 2012, volume 3, No. 4.
Literature Survey 4o Problem: Performance
Evaluation of SIP over TLS, SIP over UDP & TCP with authentication.
o SIPp load generator was used.o Support TCP and UDP on
multiple socketo Advance feature as TLS,
UDP transmission and SIP header field injection
o Generate 250 simultaneous call only and required 1000
o Act either UAS or UAC
Merima Kulin, Tarik Kazaz, and Sasa Mrdovic.“SIP server security with TLS: Relative Performance Evaluation”, BIHTEL: IX International Symposium on Telecommunications, Oct 22-27, 2012.
o Zabbix NMS manage entity, retrieve processor load and RAM consumed info.
Merima Kulin, Tarik Kazaz, and Sasa Mrdovic.“SIP server security with TLS: Relative Performance Evaluation”, BIHTEL: IX International Symposium on Telecommunications, Oct 22-27, 2012.
Literature Survey 5o Problem: Denial of Service & SQL Injection
Attack
o Denial of Service Attack
o Solution: o Firewall Checking Nonceo Iancu Algorithm
o Critical Analysis:o Nonce expiry of authorized usero Fixed number of packet per IP
Harish C. Sharma, Sanjay Sharma, Sandeep Chopra, and Pradeep Semwal, “The protection mechanism against DOS and SQL Injection attack in SIP based infrastructure”, International Journal of Advanced Research in Computer Science and Software Engineering , January 2013, volume 3, Issue 1.
Literature Survey 5o SQL Injection Attack
o Solution:o Digital Signatureo Developer minimize the privileges of client that
never modify SQL statement.
o Critical Analysiso Digital Signature require global Public Key
Infrastructure (PKI)o Digital Signature is ineffective against “insiders”o Isolate web application from SQL
Harish C. Sharma, Sanjay Sharma, Sandeep Chopra, and Pradeep Semwal, “The protection mechanism against DOS and SQL Injection attack in SIP based infrastructure”, International Journal of Advanced Research in Computer Science and Software Engineering , January 2013, volume 3, Issue 1.
Summary of AttacksAttack Reason Countermeasure
Eavesdropping• Call Pattern Tracking•Fax Reconstruction• Conversation Reconstruction• Replay Attack
•Lack of authentication and confidentiality•Lack of cryptographic assurance
•Asymmetric Cryptography• Transport Layer Security (TLS)• Secure Real Time Protocol (SRTP)• Multimedia Internet Keying (MIKEY)• Datagram Transport Layer Security (DTLS-SRTP)
Intentional Interruption• Denial of Services•Distributed Denial of Services• Physical Intrusion•SQL Injection
•Lack of access control in architecture •Soft phone vulnerability•Trojan •Social engineering intrusion,•illegal invite messages
•Proxy model Strategy• Intrusion detection system•Digital Signature•Firewall Policy•Iance Algorithm•User level PKI
Social Threat• Misrepresentation• Theft of Services• Unwanted Contract• Spam over Internet Telephony (SPIT)•Spoofing
•Lack of mutual authentication •Identity and Secret based authentication•Policy decision point
Interception & Modification•Man-in-the-Middle attack (MITM)•Call Rerouting•Conversation Alteration•Conversation Hijacking
•Lack of mutual authentication •Intrusion detection system Policy of Firewall•Network Address Translation•PKI authentication and key exchange•Pair Based Cryptography (PBC)
Unintentional Interruption•Loss of Power•Resource Exhaustion•Performance Latency
•Unusual VoIP traffic •Session Boarder Controller•Service detection system•Real-time alert system
Summary of Methods o Registration Hijackingo Impersonating Serviceso Tempering with message bodyo Tear down sessiono Denial of Services
Authentication Methods:PSK: Pre-shared keyPKI: Public Key InfrastructureID: Identity based Cryptography
Authentication Data Integrity Data Confidentiality
HTTP Basic Authentication
PSK - -
HTTP Digest Authentication
PSK - -
Secure MIME (S/MIME) PKI √ √
DTLS PKI √ √
Proxy Based Authentication
PKI √ √
ID based Authentication ID √ √
Certificate less authentication
√ √
Problem Statement
A comprehensive research in the field of VoIP security, designing a security protocol, which will provide mutual authentication with real time communication based on Identity-Based Authentication and also support adaptable security features for VoIP.
Proposed MethodologyProposed Methodology
Conversation ReconstructionReplay Attack
Spam over Internet Telephony (SPIT)
Man-in-the-middle attack (MIME)
RFC-6539RFC-6539Identity Based AuthenticationIdentity Based Authentication
Private Key Generator
Alice encrypts with [email protected]
1
Requests private key,
authenticates
2 Receives Private Key
Bob decrypts with Private Key
4
Proposed ArchitectureProposed ArchitectureMutual
Authentication
Confidentiality
Identity Based
Alice encrypts with [email protected]
1Bob decrypts with
Private Key
2
Adaptive Feature for VoIPAdaptive Feature for VoIP
Authentication
Confidentiality
Normal Comm.User
Identity Based AuthenticationIdentity Based Authentication
Features
Referenceso Alexandre M. Deusajute, and Paul S. L. M. Barreto. “ The SIP
Security Enhanced by Using Pairing-assisted Massey-Omura Signcryption”, International Association for Cryptologic Research, 2008.
o Kumiko Ono, and Henning Schulzrinne “How I Met You Before? Using Cross-Media relations to reduce SPIT”, ACM New York, USA, 2009.
o Ihsan Ilahi, Adeel, and Shahzad Rizwan. “A survey of security weakness of Session Initiation Protocol (SIP)”, International Journal of Multidisciplinary Science and Engineering , April 2012, volume 3, No. 4.
o Merima Kulin, Tarik Kazaz, and Sasa Mrdovic.“SIP server security with TLS: Relative Performance Evaluation”, BIHTEL: IX International Symposium on Telecommunications, Oct 22-27, 2012.
Referenceso Harish C. Sharma, Sanjay Sharma, Sandeep Chopra, and
Pradeep Semwal, “The protection mechanism against DOS and SQL Injection attack in SIP based infrastructure”, International Journal of Advanced Research in Computer Science and Software Engineering , January 2013, volume 3, Issue 1.
o A.A. Hasib, A. Azfar, and Md. S. Morshed, “Towards Public Key Infrastructure less authentication in Session Initiation Protocol”, International Journal of Computer Science Issues, vol. 7, Issue 1, No.2, January 2010.
o Aws Naser Jaber, and Chen-Wei Tan, “Session Initiation Protocol Security: A Breif Review”, American Journal of Computer Science, 2012.
o Request for Comments 6539, Available at: <http://tools.ietf.org/html/rfc6539> Accessed on Oct 29, 2013
Referenceso Paired Based Cryptography Standard, Available at:
<middleware.internet2.edu/pki05/proceedings/spies-pairing_standards> Accessed on Nov 01, 2013
o Stephan Rupp, “SIP-based VoIP service-Architecture & Comparison”, Infotech Seminar Advance Communication Services (ACS), 2005