VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011

Transcription

1 VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 *Thanks to Prof. Angelos Keromytis for materials for these lecture slides. CSE545 - Advanced Network Security - Professor McDaniel 1

2 Example of toll fraud attack Break into company PBX use them to route calls of your customers this has actually happened Federal authorities yesterday arrested a Miami man who they said made more than $1 million in a hacking scheme involving the resale of Internet telephone service. In all, more than 15 Internet phone companies, including the one in Newark, were left having to pay as much as $300,000 each in connection fees for routing the phone traffic to other carriers without receiving any revenue for the calls, prosecutors said. 2

3 What is VoIP/IMS? Protocol(s) for voice communication over IP-based infrastructures use of the Internet itself is dependent on operator Voice over IP: catch-all term for numerous kinds of media Generally applied to voice and conference oriented products and services, e.g., Skype IP Multimedia Subsystem: industry standard for IP-based multimedia communications Video, Calendaring/scheduling File-sharing Collaborative editing,

4 VoIP in the marketplace Basis for many products/services commercial: Vonage, 3, T-Mobile/UMA, free/semi-free: Skype, GTalk, MSN, Yahoo! IM, AIM, Gizmo,... Both enterprise- and consumer-oriented management simplification cost reduction Various architectural models centralized vs. P2P open vs. closed 4

5 Useful Terms codec - coder/decoder Program (not format) used to process media-specific data SDP - session description protocol Standard for describing media session parameters 5

6 VoIP Protocols Signaling Responsible for call setup and management Architectural and operational components Principal/endpoint naming, IP mapping, proxying, billing, access control, device configuration/management, customer support, QoS Data transport Codecs, transport protocols (typically RTP), QoS, content security signaling Dominant mechanisms Session Initiation Protocol (SIP) Unlicensed Mobile Access (UMA) Others: Skype, Asterisk, GTalk/ AIM... Useful terms codec - coder/decoder program (not format) used to process media-specific data SDP - session description protocol is a standard for describing media session parameters 6

7 Session Initiation Protocol (SIP) IETF Standardized signaling for IMS (among others) Similar to HTTP Text-based Request/response structure Stateful - highly complex state machine TCP or UDP (port 5060) Devices End-points (soft phones or hardware devices) Proxy servers (local services acting on behalf of phone) Registrars (local point to register with network) Redirect servers (redirects calls) Location server (VoIP HLR) 7

8 SIP Flow 8

9 SIP/RTP Call progress 1. Locate endpoint* [SIP] 2. Establish call [SIP] 3. Data Transfer [RTP] 4. Hangup [SIP] *not shown 9

10 Call forwarding 10

11 SIP Call Flow 11

12 Real-time Transport Protocol (RTP) RTP is a pair of protocols designed to support applications with latency and jitter constraints Supports the tightly controlled delivery of stream data, E.g., require some hard or soft QoS (quality of service) Protocols using ephemeral ports ( ) RTCP (Real-Time Control Protocol) provides signaling between peers that measures and adjusts session to compensate for changing conditions RTP - the data channel that delivers the data SDP sometimes used to describe the session requirements, as negotiated through SIP Standards support a range of codecs, e.g., RFC , 12

13 In reality... Much hidden shared infrastructure DNS, web, NAT, TFTP, DHCP/PPPoE, Int/DiffServ, firewalls,... Emergent properties example: web-based UI poisoning through SIP-field manipulation Live aspect makes problems harder e.g., how can we filter voice spam based on content? 2 13

14 SIP Security Largely the ad hoc application of existing general-purpose security mechanisms Authentication uses HTTP-style digest authentication TLS - when TCP is used S/MIME - used to encode/secure payloads IPsec - can be used to secure any protocols run over IP Secure Real-time Transport Protocol (SRTP) - crypto extensions to protect real-time sessions, e.g., encrypt the voice channel Implication: security largely pushed on infrastructure 14

15 SIP authentication 2 15

16 Unlicensed Mobile Access (UMA) Route GSM calls over the Internet (or a public network) (usually) transparent handover between GSM and UMA Popular with cellphone providers T-Mobile USA, Orange France,... Benefits reduce need to install expensive cell towers / upgrade capacity reduce spectrum needs / utilization improve reception in difficult locations depending on billing, avoid roaming charges (think international!) Not to be confused with pico-/micro-/femto-cells 2 16

17 UMA deployment Source:

18 UMA details Encapsulation of GSM/3G inside IP complete frame, minus the on-the-air crypto can transfer voice, IM and (in the future) video Typically, devices are WiFi-supporting cellphones not strictly necessary, e.g., in USA GSM frames are not natively protected A5/2 is anyway weak (i.e., broken) 2 18

19 UMA Security Handset-to-provider IPsec Strong crypto and integrity protection Key management (IKE, IKEv2) is a different story altogether Authentication done via EAP-SIM (based on shared secret) The key management protocol (IKE/IKEv2) is complex Perhaps too big to be trusted More importantly, easy to misconfigure not as big a problem in a tightly managed environments (cellphones) but, UMA+smartphones spells trouble Provider must interface internal network with Internet higher risk of compromise by external attackers large numbers of potentially malicious insiders 19

20 Threat in VoIP systems Everyone thinks of the traditional C/I/A threats Loss of communication confidentiality and privacy (C) traffic analysis, content privacy Loss of communication integrity (I) impersonation (inbound, outgoing calls), modification of content, falsification of call records Loss of communication availability (A) accidental or intentional denial of service (DoS) 20

21 Unique VoIP characteristics Elaborate billing infrastructure in place Users are used to paying for telephony services Most charges are for relatively small amounts Large number of charges per billing cycle unlikely that small unauthorized charge will be noticed or challenged Phone infrastructure is trusted by average user perception carried over from PSTN not grounded on facts or experience 21

22 VoIP-Specific Threats and Risks Theft of service, e.g., toll fraud, billing fraud Social engineering, e.g., phishing/spear-phishing Direct charge-back, e.g., immediate monetization Risks Some in common with other types of systems (software vulnerabilities) Some are very specific to IMS (protocol vulnerabilities) Some are common, but are amplified by some IMS feature, e.g., large-scale phishing through impersonation or call hijacking Q: are these substantially different than in cell networks? 22

23 VoIP/IMS risk vectors Variety of risk vectors some in common with other types of systems software vulnerabilities some are very specific to IMS protocol vulnerabilities some are common, but are amplified by some IMS feature large-scale phishing through impersonation or call hijacking 2 23

24 VoIP Security Alliance SPIT/SPAM 6 Interruption of services 1 Social threats ID misrepresentation 5 Physical access VoIPSA Threat Taxonomy 2 Eavesdropping, interception, modification 4 Service abuse 3 Denial of Service 24

25 VoIP vis. risks Confidentiality in some protocols, attackers can easily eavesdrop variety of available attack tools, e.g., VoMIT particularly a problem with SIP/RTP S-RTP defined, but largely unused key management problem still unsolved (where s my PKI?) Integrity software vulnerabilities for example, as vulnerable to buffer overflows as any other piece of software silver lining: even simple devices are generally designed for updateability mixed blessing, update mechanism can be hijacked (usually based on TFTP!) 2 25

26 VoIP vis. risks Availability susceptibility of equipment to denial of service general network-borne DoS attacks, powerline,... how do you call someone to fix your problem?! 26

27 IMS-specific problems Architectural and protocol vulnerabilities SIP device interactions (see following slides) silent snooping via multipresence fraud bill bypassing hijacking of someone else s account/pbx protocol-specific denial of service attacks malformed messages call routing games separation between signaling/data transport can be leveraged induce someone s phone device to act as a DoS zombie 2 27

28 Trivial protocol-specific Single packet phone kill 28

29 Privacy attack Call someone, then report call in progress before ring turns phone into eavesdropping device! 2 29

30 Billing avoidance and XSS SQL injection that targets the PBX s billing records SQL-enabled XSS attack that targets administrator or user viewing call logs with browser! 30

31 Reminder: call forwarding 31

32 Protocol games: toll fraud SIP proxy/pstn bridge Domain D1 Attacker INVITE OK ACK (call setup) Media (RTP) (rewrite INVITE from Alice) INVITE PREMIUM INVITE Attacker (Attacker on hold) PREMIUM PSTN call 407 Authentication needed ACK (rewrite INVITE from Alice) INVITE PREMIUM (auth) Media (RTP) (reverse rewrite, relay authentication request) 407 Authentication needed ACK INVITE Attacker (auth) draft-state-sip-relay-attack 32

33 Hybrid threats Generic threats made easy/enabled by IMS architecture more realistic phishing/spear-phishing common attack: call by bank officer asking for personal information remember: CallerID easy (trivial) to spoof (somewhat) more complicated attack: compromise SIP signaling to catch the callback from customer to the bank! compromise of company SIP-PBX or end-device router- and routing-based attacks DNS poisoning SPIT - SPAM for voice Configuration problems many options, many devices: easy to misconfigure 2 33

34 Wrapup The ubiquity and quality of IP-based networks is going to lead to increasing growth of VoIP/IMS services However, like much of the systems themselves, security has been patched together from a loose collection of other general purpose mechanisms This is likely to lead to more opportunities for adversaries to exploit security failures and vulnerabilities Standards process like the IETF may help, but it is unclear if the market will embrace any new broad techniques Bottom line: this is not likely to get better soon. 34