Kommunikationsdienste im Internet Möglichkeiten und Risiken

Transcription

1 Die Zukunft der Kommunikationsdienste im Internet Möglichkeiten und Risiken Erwin P. Rathgeb Technik der Rechnernetze, Universität Duisburg-Essen Jochen Kögel, Marc Barisch IKR, Universität Stuttgart Steffen Fries Steffen Fries Siemens AG, Corporate Technology

2 Overview New service opportunities lead to new security threats Telephony as an example A more general view What makes services vulnerable? What has to be done? Generic solutions instead of protocol extensions Example identity management Do we get a second chance? The Future Internet Zukunft der Netze 2009, 2, Rg

3 Unfortunately there are many services/applications How to secure all of them? Zukunft der Netze 2009, 3, Rg

4 Service example: Telephony Past Zukunft der Netze 2009, 4, Rg

5 Service example: Telephony Past, present Zukunft der Netze 2009, 5, Rg

6 Service example: Telephony Past, present and future Global calls, no addition fees (Internet flat rate) VoIP using SIP Bulk calls for free SPIT With SIP Infrastructure (e.g. Asterisk, IMS) Without SIP Infrastr. (P2P) Global access to home account SIP Registrar - Helps to locate the called SIP client in theunauthorized Internet access - Provides access for toll calls Toll Fraud - Provides account for billing Caller has to know/find current location and ID of called SIP client Zukunft der Netze 2009, 6, Rg

7 SIP security threats Registration hijacking and toll fraud Outgoing toll call private_server.de Internet provider_server.de Register as server.de Register as server.de Register as server.de Zukunft der Netze 2009, 7, Rg

8 Experimental system to study SIP threats SIP Honeypot system Attacks? HoneyWall Extended Asterisk VIP VoIP server Analysis Management Zukunft der Netze 2009, 8, Rg

9 SIP Honeypot System Evaluation study Short field test Duration about 2 months VoIP Honeypot Accepting and logging incoming calls from the internet Handling and logging Register attempts Honeypot was found and attacked No further publishing activity required Publication of one specific SIP URI on web site SIP URI was found and attacked Zukunft der Netze 2009, 9, Rg

10 SIP Honeypot System Results 3,5 3 2, ,5 1 0, Number of registration hijacking attempts per day Zukunft der Netze 2009, 10, Rg

11 SIP Honeypot System Results Scan for active extensions Duration 2 to maximum 30 seconds Different scan patterns Scan all extensions from 101 to 900 Scan specific intervals Scan for common account names (info, service,, first names) Result: list of active extensions Password scan Only performed in some cases Between 5 and 90 attempts per active extension Different scan patterns Numbers (e.g. extension number) Dictionary attacks Zukunft der Netze 2009, 11, Rg

12 SIP Honeypot System Specific attack tools already available Fabricate and manipulate SIP packets Port Scan svmap Scan for SIP servers Fingerprinting g svwar Scan for active extensions svcrack Password scan Zukunft der Netze 2009, 12, Rg

13 State of the internet security reloaded Malware, SPAM and Phishing Suspicious activities Identified attacks Feb 12-Feb 15-Feb 18-Feb 21-Feb 24-Feb 5-Mar 9-Mar 14-Mar 17-Mar 25-Mar 28-Mar 31-Mar 4-Apr 7-Apr 10-Apr Alarms Warnings num b er of m ails Each computer attached to the internet SPAM and Phishing are omnipresent Is discovered immediately Difficult to protect mail addresses Is permanently under attack Most attacks are fully automated SPAM doesn t stop once it began Used mainly for fraud and phishing Zukunft der Netze 2009, 13, Rg

14 Existing and new threats Very similar patterns Basically the same situation as for malware and SPAM Malicious activity already present Low cost, bulk delivery, ubiquitous connectivity, full automation Attractive basis for fraud and phishing Low risk for the attacker All information relevant for backtracking ki can be forged Compromised hosts can be used Open source tool boxes readily available on the internet Escalation of the problems can be expected Increasing penetration of SIP telephony attracts attackers P2P mode SIP (e.g. ENUM) make SPIT easier Home servers with SIP Registrar functionality let vulnerabilities for toll fraud explode Zukunft der Netze 2009, 14, Rg

15 What has been done SIP Security Landscape SIP inherent signaling security measures for Extensions/Updates (examples) client/server and server/server communication: Enhancements to Authenticated - HTTP Digest Authentication (mandatory) Identity Management (RFC4474) and Connected Identity in SIP - TLS to provide cryptographic protection of TCP data (RFC4916) for asserting identity of (mandatory for server, recommended for clients) communicating peers - IPSec to provide cryptographic protection (optional) Certificate Management Service for SIP (draft-ietf-sip-certs), for providing credential handling for clients Managing Client Initiated t SIP Proxy A SIP Proxy B Connections in SIP (draft-ietf-sipoutbound), and Connection Reuse in SIP (draft-ietf-sip-connect- reuse) for re-using TLS Client A Client B connections between peers End-to-End security for signaling data using S/MIME for authentication, integrity protection and confidentiality (opt.) Zukunft der Netze 2009, 15, Rg

16 What has to be done Security measures in SIP VoIP deployments Home Domain Provider Domain Authentication of users towards SIP servers Voice Currently mainly passwords, certificate based SIP, RTP authentication is less deployed Authentication of SIP server towards user LAN, ATM, etc. Certificate based as part of TLS supported DSL Confidentiality and integrity protection of signaling information Starting via TLS (or IPSec in 3GPP) Not necessarily on all parts of the communication path Additional infrastructure related measures SIP, RTP Multimedia-capable firewalls, IEEE802.1x, etc. SIP, RTP Intranet Preferably in enterprise environments Media encryption is becoming available SRTP and currently MIKEY or sdescription or ZRTP for key management Voice Server SIP Server SBC Firewall + SBC Enterprise Domain VPN connection Zukunft der Netze 2009, 16, Rg

17 Convergence of networks and services Convergence of vulnerabilities Yesterday Today Tomorrow Voice networks Risks: Toll fraud Misuse of Service (Dialer) Call back service misuse Multimedia networks VoIP VoD Risks: s Data networks Ti Triple Play Unified Eavesdropping Communication Spoofing Combined Risks: Masquerading SPIT, SPIM Traffic Analysis Identity Theft Denial of Service Denial of Service Applications Risks: Denial of Service Manipulation Virus, Worms, etc. SPAM Misuse of Application Data VoIP - Voice over IP / VoD - Video on Demand / Triple Play - TV, (IP-)Telephony and Internet Access via one media / SPIT - Spam over Internet Telephony / VOMIT - Voice over misconfigured Internet telephones Zukunft der Netze 2009, 17, Rg

18 Which services are at risk? Always the popular ones Open SIP VoIP Service concept IM XMPP Closed Social networks IM MSN, ICQ Skype ISDN Low Number of reachable users High Zukunft der Netze 2009, 18, Rg

19 We need a more comprehensive approach Generic solutions instead of protocol extensions SWIFT Project: A Cross-Layer Identity Management Concept Use identities across layers Same identity for network and application services Extend secure network authentication SWIFT Project (SIM card, Facts ) towards services FP7 project Allows Single Sign-On 9 partners Improved (NEC, usability Universität Stuttgart, ) 01/ /2010 Improved security Introduce virtual identity concept Identinet User ishas theseveral Future identities Internet User can integrate existing accounts User-controlled attribute release Improved privacy Incorporation into existing architectures (Shibboleth, Diameter, SAML, ) TV service ebank service service VID VPN service Network access service Application layer services Network layer services Zukunft der Netze 2009, 19, Rg

20 The Future Internet A second chance? Service components instead of protocols Flexible service orchestration Novel addressing concepts Location/identifier split Simplifies mobility and security Network virtualization More flexibility New options for security Security as basic design goal Comprehensive effort is needed Historic mistakes have to be avoided Zukunft der Netze 2009, 20, Rg