Multimedia Communication in the Internet. SIP Security Threats. Sven Ehlert Next Generation Network Infrastructure Fraunhofer FOKUS 1

Transcription

1 Multimedia Communication in the Internet SIP Security Threats Sven Ehlert Next Generation Network Infrastructure Fraunhofer FOKUS 1

2 Outline SIP Security Mechanisms Denial of Service VoIP SPAM 2

3 SIP Call Flows Recap REGISTER INVITE OK OK ACK 3

4 Security Services Availability subject to Denial of Service Attacks: burdening servers with enormous load, uploading hostile applications, physical violence difficult to beat: self vs. non-self problem Authorization prevents unauthorized persons from inspection of both signaling and media can be solved using encryption problems: encryption computationally expensive; key exchange protocols needed; no PKI available Authentication, Accounting 4

5 SIP Security Tools Need to protect registrations User A should not be allowed to register as user B Need to protect service usage User A should not be allowed to use the PSTN gateway Need to ensure the identity of the server Avoid contacting insecure servers Need to secure content Do not allow servers to manipulate content not meant for them 5

6 SIP Digest Authentication Required for user identification and admission control for services. Based on HTTP Digest (RFC2617) Request Challenge (nonce,realm) ACK Hash: Algorithm generating small output One way generation Collision resistant Computationally simple Request w/credentials 6

7 Digest Ingredients Server sends nce: Server known generated string, Time encoded Realm, Algorithm, Quality of Protection Client operation: request-uri username realm pwd H-A1 nonce H-A2 Server computes own MD5 Checks for match MD5 7

8 Message Security Users can encrypt the content of their messages to prevent SIP proxies from reading or changing the content Can only encrypt parts that are not used by proxies VIA, RecordRoute,... Encryption might prevent some functions Firewall / NAT traversal Hop-by-Hop Signaling Security requires belief in transitive trust immense computational stress on servers if public-key used can deal with firewalls/nats may cover entire signaling mechanisms: ipsec, TLS Combination of both may be used Keying: no established solution 8

9 More on TLS Security Disclaimers: Trust established hop-by-hop it implies transitive trust along arbitrarily long proxy chains. Remember a chains is as strong as the weakest element in it. You have to trust next-hop not to pass your requests to questionable servers. Privacy is not end-to-end: proxy servers along the signaling path do see SIP in plain-text. 9

10 Media Security Encryption of media content May take place either at IP or RTP layer IPSec / SRTP Performance overhead considerable established solutions for keying: MIKEY-PSK MIKEY-RSA MIKEY-DH MIKEY-DHHMAC MIKEY-RSA-R SDES SDES-EM EKT SDP-DH ZRTP DTLS Sig. Conf. * Forking * * * Media before Answer Sharedkey conf. PKI? * * Rekey * Bid-down protection * 10

11 Social Issues! SIP INVITE w/jpeg INVITE SIP/2.0 Via: SIP/2.0/UDP here.com:5060 From: BigGuy To: LittleGuy Call-ID: 200 OK w/jpeg SIP/ OK Via: SIP/2.0/UDP here.com:5060 From: BigGuy To: LittleGuy Call-ID: 11

12 Denial of Service Prevent service availability Software vulnerabilities Sasser, Ping of Death Resource depletion Smurf, SYN Flood Distributed Denial of Service Attacks Tools Trinoo, Stacheldraht, TFN2K, Phatbot Annoyance AND financial consequences E.g. Yahoo attack in hours offline, estimated $ loss 12

13 Motivation SIP Attack Motivation Gaining access to the service (PSTN) Eavesdropping Denial of Service Enhanced Security Services to counter Security policies Traffic encryption Active attack detection 13

14 Attack Points SIP Proxy 14

15 Attack Points SIP Proxy SIP Helper Services AAA, STUN, RTPproxy, DNS/ENUM, PSTN 15

16 Attack Points SIP Proxy SIP Helper Services AAA, STUN, RTPproxy, DNS/ENUM, PSTN Network Protocols TCP, UDP, RTP, TLS 16

17 SIP Proxy Exploitation Memory: SIP is memory hungry Save messages while processing them Save messages during transactions up to a few minutes CPU: Message parsing Application execution Bandwidth t SIP-special 17

18 Memory Depletion Attacks Brute force: Start thousands of calls with different FROM, TO and Call-IDs Lesser impact, as they don't create state Fast CPU, good implementation and a lot of memory can handle these Monitoring and filtering to block Identify misbehaving users Setup blacklists / whitelists Broken Sessions: Start sessions and do not complete Create state at the server 18

19 Broken Session UA Proxy INVITE INVITE forwarding unreachable ~ 3 kbyte min 3 min waiting for response 19

20 Broken Session UA Proxy Proxy 404 t Found 404 t Found forwarding Spoofed Address ~ 3 kbyte ~ 30 sec waiting for ACK 20

21 Broken Session UA Proxy 300 Multiple Choices Malicious Proxy ~ 3 n kbyte > 3 min waiting for each reply 21

22 Stateless Authentication Stateless message handling Run security checks in stateless mode before moving to stateful Authentication SPAM After validation continue in stateful mode Authentication Authenticate all requests to prevent fraud Use stateless authentication, e.g. predictive nonces State Message Type Time Period Secret... Scramble To UA 22

23 CPU Exhaustion Attacks Message parsing and security enforcement Too many messages requiring parsing and authentication Exhaustion is a sign of bad implementation or underdimensioned hardware Application execution Too complex scripts or heavy database interaction Restrict application intelligence offered to user Server blocking Messages with non-resolvable DNS names Build TCP/TLS connections to non-existing receivers 23

24 CPU Exhaustion: Counter Measures Server design Dimension hardware appropriately to offered services Parallel process, each dealing with one request n-blocking design: n-blocking communication with DNS and database Implementation complexity and memory usage increase considerably DNS handling only use the IP address DNS caching Receive field in VIA headers INVITE Via: SIP/2.0/UDP caller.net:5060; \ received: ;rport:1234 Contact: user@sip.caller.net Content-Type: application/sdp c=in IP4 sip.caller.net m=audio 8000 RTP/AVP 4 24

25 Attack Fans 25

26 Attack Fans Loops Annoying and probably a configuration mistake 26

27 Attack Fans Loops Annoying and probably a configuration mistake Forked Loops Requires a larger level of coordination Can not be dealt with statelessly Loop detection increases complexity of proxies Max-Forward set by user Enforce local policies of a small Max-Forward 27

28 Distributed DoS Reply Forwarding Insert Spoofed Address INVITE Via: SIP/2.0/UDP target.sip.net; Via: SIP/2.0/UDP other.addr.net; Via: SIP/2.0/UDP yet.another.net; 28

29 Distributed DoS Reply Forwarding Insert Spoofed Address INVITE Via: SIP/2.0/UDP target.sip.net; Via: SIP/2.0/UDP other.addr.net; Via: SIP/2.0/UDP yet.another.net; Innocent Hosts 29

30 Distributed DoS Reply Forwarding Insert Spoofed Address INVITE Via: SIP/2.0/UDP target.sip.net; Via: SIP/2.0/UDP other.addr.net; Via: SIP/2.0/UDP yet.another.net; Innocent Hosts Message forwarding with reply 30

31 Distributed DoS Reply Forwarding Insert Spoofed Address INVITE Via: SIP/2.0/UDP target.sip.net; Via: SIP/2.0/UDP other.addr.net; Via: SIP/2.0/UDP yet.another.net; Innocent Hosts Response redirection Target Host 31

32 STUN Attacks Attacks on a STUN server Denial of Service Compromising STUN server to attack STUN clients Protocol design to prevent attack possibilities nearly fully stateless operation Authentication vulnerable to general DoS attacks common countermeasures dedicated STUN server monitoring and filtering 32

33 DoS Conclusion SIP offers attacks a wide variety of attack possibilities A lot of the attack possibilities depend on configuration of the SIP server, its implementation and usage scenario Effects of many attacks can be reduced by Efficient implementation and appropriate hardware Stateless processing and authentication Clever DNS handling Filtering and monitoring blacklists 33

34 VoIP SPAM Threats Spam = unsolicited information sent to you without your permission Similar to spam, but only partly Voice has a concept of time in contrast to text Users have to deal a defined amount of time with SPAM Voice Scanning proves to be harder than text scanning higher bandwidth penalty Deployment is simple as with spam simple distribution tools automatic call generation lower caller costs in contrast to PSTN 34

35 SIP SPAM Technical details Spammers forge SIP messages and identities SIP allows for From: field forging t only Voice, also Instant Messaging and Presence 35

36 Countermeasure I Solution taken from SPAM prevention White lists / Black Lists Configure by user / provider? Legal implications? messages content filtering Efficient server based filtering solutions (> 95 % reliability) 36

37 Countermeasure II New approaches Challenge / Response Resource Puzzle Charging Reputation SPIT will come! Think of dealing with it now. 37

38 References Franks, J. et. al.: HTTP Authentication: Basic and Digest Access Authentication", IETF RFC 2617,