CE 817 - Advanced Network Security VoIP Security

Similar documents
SIP and VoIP 1 / 44. SIP and VoIP

How To Use A Phone Over Ip (Phyto) For A Phone Call

Internet Security. Prof. Anja Feldmann, Ph.D.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

VOICE OVER IP SECURITY

An outline of the security threats that face SIP based VoIP and other real-time applications

Prevention of Spam over IP Telephony (SPIT)

VoIP Security regarding the Open Source Software Asterisk

SIP Trunking Configuration with

VoIP telephony over internet

Best Practices for Securing IP Telephony

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Ingate Firewall/SIParator SIP Security for the Enterprise

Voice Printing And Reachability Code (VPARC) Mechanism for prevention of Spam over IP Telephony (SPIT)

White paper. SIP An introduction

Threat Mitigation for VoIP

How to make free phone calls and influence people by the grugq

Introduction to VoIP Technology

Security & Reliability in VoIP Solution

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

1.1.3 Versions Verified SIP Carrier status as of 18 Sep 2014 : validated on CIC 4.0 SU6.

Secure SIP? Do It Yourself! OpenFortress* digital signatures

Securing SIP Trunks APPLICATION NOTE.

VOIP Security Essentials. Jeff Waldron

Security and Risk Analysis of VoIP Networks

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009

TECHNICAL CHALLENGES OF VoIP BYPASS

Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2

SS7 & LTE Stack Attack

Voice over IP Security

Ram Dantu. VOIP: Are We Secured?

SIP Essentials Training

VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011

SIP : Session Initiation Protocol

SIP Security Controllers. Product Overview

SIP, Session Initiation Protocol used in VoIP

Kommunikationsdienste im Internet Möglichkeiten und Risiken

How To Guide. SIP Trunking Configuration Using the SIP Trunk Page

VOIP THE ULTIMATE GUIDE VERSION /23/2014 onevoiceinc.com

A Reality Check on Security in VoIP

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack

Basic Vulnerability Issues for SIP Security

SIP A Technology Deep Dive

1 SIP Carriers Warnings Vendor Contact Vendor Web Site : Versions Verified SIP Carrier status as of 9/11/2011

Voice Over IP and Firewalls

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, Eschborn, Germany

Application Firewalls

NCAS National Caller ID Authentication System

Global Network. Whitepaper. September Page 1 of 9

Security Features and Considerations

White Paper. avaya.com 1. Table of Contents. Starting Points

Avaya IP Office 8.1 Configuration Guide

SIP Trunk Configuration V/IPedge Feature Description 5/22/13

Overview ENUM ENUM. VoIP Introduction (2/2) VoIP Introduction (1/2)

Transparent weaknesses in VoIP

Note: As of Feb 25, 2010 Priority Telecom has not completed FXS verification of fax capabilities. This will be updated as soon as verified.

nexvortex Setup Guide

Formación en Tecnologías Avanzadas

VOICE OVER IP (VOIP) TO ENTERPRISE USERS GIOTIS KONSTANTINOS

Application Notes for Configuring Intelepeer SIP Trunking with Avaya IP Office Issue 1.0

SIP Trunking with Microsoft Office Communication Server 2007 R2

SIP Trunk Configuration Guide. using

CHAPTER 1 INTRODUCTION

Feature and Technical

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Voice Over IP. Priscilla Oppenheimer

Direct IP Calls. Quick IP Call Mode

Recommended IP Telephony Architecture

VoIP Security Threats and Vulnerabilities

A Phased Framework for Countering VoIP SPAM

Application Note. Onsight TeamLink And Firewall Detect v6.3

SIP Trunking Application Notes V1.3

VoIP Security. Customer Best Practices Guide. August IntelePeer

Configuration of Applied VoIP Sip Trunks with the Toshiba CIX40, 100, 200 and 670

(Refer Slide Time: 6:17)

Need for Signaling and Call Control

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

Broadvox SIP Trunking. Frequently Asked Questions (FAQs)

How to Configure the Avaya IP Office 6.1 for use with Integra Telecom SIP Solutions

Configuration Notes 283

Table of Contents. Confidential and Proprietary

Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud Supervisor: Prof.Dr. Shawkat K.Guirguis

Best Practices for Controlling Skype within the Enterprise. Whitepaper

AT&T IP Flex Reach/ IP Toll Free Configuration Guide IC 3.0 with Interaction SIP Proxy

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

COSC 472 Network Security

Transcription:

CE 817 - Advanced Network Security VoIP Security Lecture 25 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained from other sources. Reference is noted on the bottom of each slide, when the content is fully obtained from another source. Otherwise a full list of references is provided on the last slide.

Background: the PSTN 2

Plain Old Telephone Service(POTS) This is what you probably have Analog transmission A pair of copper wires from you to the CO All signalling is inband Instructions from you to the switch are DTMF tones From the switch to you is tones (e.g., caller ID) Basically no security Wiretapping means a pair of alligator clips and a speaker Hijacking is just as easy 3

What is SIP? Session Initiation Protocol Control channel for Voice over IP (Other control channel protcols exist, notably H.323 and Skype s, but we ll focus on SIP) 4

What s a Control Channel? A control channel known in the telephone world as a signaling channel does call setup It locates the other end point, determines if it s available, asks the endpoint to alert the called party, passes back status to the caller, etc. Even in a pure IP world, we need a signaling channel; when connecting to the PSTN (Public Switched Telephone Network), it s essential 5

History of Signaling Channels Telephone signaling was once done in-band that is, the pulses or tones were sent over the same circuit as would later be used to carry the voice traffic for that call Blue boxes telephone fraud devices worked by simulating some of the control tones used to set up free calls The solution was to move signaling to a separate, out-of-band data network, known today as CCIS (Common Channel Interoffice Signaling) Out-of-band signaling is more efficient; it allows easy creation of fancier services 6

Signaling and VoIP Why can t we just call a domain name or IP address? Example: Many endpoints don t have stable, easily-memorized domain names IP addresses change frequently, especially for dial-up and hotspot users 7

Complexity PSTN interconnection: very many endpoints have just a few IP addresses Besides, someone has to pay for the PSTN interconnection Firewalls Network address translators (NATs) Mapping between phone number and IP address Business arrangements between telephone companies Unreachable hosts Fancy phone features 8

Basic SIP Architecture SIP endpoints speak IP Ideally, the actual conversation would be end-to-end, from one SIP phone to the other Each node can use a SIP proxy for call setup 9

Simple SIP Calling 10

Alice Calls Bob Alice uses VoIP Provider 1 (VP1) as her proxy; Bob uses VoIP Provider 2 (VP2) as his To call Bob, Alice sends a SIP URI to VP1 via TCP VP1 determines that the URI points to VP2, so the calls setup request is relayed there via TCP VP2 tells Bob about the call via TCP; if he wants to, he can accept it Notification is sent back to Alice via VP1 Alice establishes a direct UDP data connection to Bob for the voice traffic 11

SIP URIs How is a SIP URI converted to a SIP proxy address? What about ordinary telephone numbers? tel: URIs are used for ordinary phone numbers Example SIP URI : SIP: someone@example.com Example tel: URI : TEL: + 0 216-616 - 4601 All SIP URIs are converted by means of DNS magic: NAPTR records (For this class, the details aren t important the essential point is that by means of repeated, complex DNS lookups, any SIP URI is converted to an IP address) 12

Attacking SIP

The Usual Questions What are we trying to protect? Against whom? 14

Information at Risk Voice content itself Caller and called party for each connection Billing information 15

Voice Content Confidentiality is the main concern Is VoIP easier to wiretap than traditional phone service? Only the endpoints should see that information; can be encrypted through proxies Relatively hard to spoof a voice in real-time, so authenticity is not a major concern 16

Caller/Called Party Information Of great interest to many parties (look at the HP case that s the data HP was after) Useful even after the call (you can t intercept a call after it s over; you can look at who talked) Must be kept confidential but proxies need to see it, to route the call Must be authentic, or the call could be misrouted maliciously 17

Billing Information Derived in part from caller/called party information May have other information from call routing process As before, must be confidential Integrity failures can lead to billing errors, in either direction (Often a major privacy concern after the fact again, consider the HP case.) 18

Eavesdropping on a Call Simplest approach: listen on some link Which link is best for targeting a given person? Easiest: their access link What if they re mobile? Hard they could be coming from anywhere Do you have the physical ability to listen on the VoIP provider s links? What if the VoIP provider is in a distant, unfriendly country? 19

Registration Hijacking An attacker can try to register with VP2 as Bob If the attacker succeeds, all calls destined for Bob with be routed to the attacker 20

Abusing the DNS Call routing is partially controlled by the DNS Is it possible to corrupt the DNS answers? By creating fake DNS entries, it s possible to reroute the call to go via an intercept station 21

Caller/Called Party Information Again, link eavesdropping and DNS attacks are straightforward The task is easier here; proxies (usually) don t move around VoIP providers are high-value targets, since they process many calls 22

Hacking the Proxies Is it possible to hack the VoIP proxy servers? Sure why not? Conventional phone switches can be (and some are) hacked, but there s a big difference: the attacker can speak a much more complex protocol to a SIP switch than to a PSTN switch, which means they re more vulnerable It s hard to do too much damage with just a few touch-tones! Aside: fancier services are easier to hack, on both kinds of telephone systems 23

Defenses

Protecting SIP As usual, we ll use crypto to guard against eavesdropping The details, though, are tricky 25

Alice to VP1 Alice has a trust relationship with her proxy Authentication is relatively easy Usually, TLS is used to protect the TCP session to the proxy Alice must verify VP1 s certificate Alice can use passwords or client-side certificates to authenticate herself 26

Proxy to Proxy Traffic VP1 may not have a trust relationship with VP2 How can VP1 get VP2 s certificate? More precisely, how can VP1 validate it, if they don t share a trust anchor? This applies regardless of what security protocol is used (though TLS is the norm) 27

End-to-End Signaling Traffic Some signaling traffic must be secure end-to-end Example: Bob needs to know, authoritatively, that it s Alice who has called him However, the intermediate nodes need to see this Solution: digitally sign the data (using S/MIME), but don t encrypt it 28

Key Management for the Voice Call How do Alice and Bob get a shared key for voice traffic encryption? Alice uses S/MIME to send Bob an encrypted traffic key But how does Alice get Bob s certificate? There is no general PKI for SIP users True end-to-end confidentiality can only happen by prearrangement (This statement is more generally true... ) 29

The State of Practice Most vendors don t implement the fancy crypto VoIP is thus not as secure as it could be (but Skype does do a lot of crypto) NIST recommends great care in using VoIP see http://csrc.nist.gov/ publications/nistpubs/800-58/sp800-58-final.pdf 30

Caller ID

CallerID Suppose the SIP call is being relayed to the PSTN Where does the CallerID information come from? Can it be spoofed? 32

Phone Network Design The phone network was based on trust only real telephone companies had phone switches No authentication was done on information from other switches, including CallerID Today, anyone can run a phone switch... 33

CallerID and VoIP Run Asterisk, an open source PBX program, on some machine Get a leased line to a VoIP-to-PSTN gateway company Configure Asterisk to send whatever information you want... This abuse is happening now 34

SPIT (Spam Over IP Telephony)

Background SPAM considered one of biggest problems in Internet SPIT is expected to become a major issue in the next few years with increasing deployment of VoIP solutions Potential for productivity disturbance is much greater than SPAM [Santos] 36

Background Definition: The transmission of unsolicited calls over Internet telephony (VoIP) SPITTERS will forge their identities SPITTING agent capable of placing hundreds of simultaneous automated calls [Santos] 37

SPAM vs. SPIT SPAM User can sort through or filter messages based on content and header Email is delivered asynchronously, whenever a user decides to download/access email SPAMMER does not know for sure when or whether his message will reach the victim SPIT VoIP is a real time protocol that does not allow grant the receiver access to the contents of the call prior to its acceptance Victim is interrupted instantly with the phone ringing A successful call guarantees that the user exists, is currently online, and will most likely receive the message soon. [Santos] 38

SPIT Prevention Framework Goals: Minimize false positives & negatives Minimize callee interaction in identifying SPIT Minimize inconvenience to caller General enough to work in different environments (work, home, etc) and cultures [Santos] 39

SPIT Prevention Framework 5 Stage Approach: Stage 1: no interaction w/ users Blacklist, Whitelist, Graylisting, Circles of Trust, Pattern / Anomaly Detection Stage 2: caller interaction Computational Puzzles, Sender Checks, Audio CAPTCHAS [Santos] 40

SPIT Prevention Framework 5 Stage Approach (continued): Stage 3: feedback before call Manual authorization to receive call and/or authenticate user Stage 4: during the call Content analysis (not currently viable) Stage 5: feedback after call Ex: Require a refundable payment for each call from an unknown party. The payment is only refunded if the caller was not a SPITTER. [Santos] 41

The END

What did we cover/learn in this semester?

Lectures Threats and Attacks Firewalls IDS DoS Worms Botnets Honeypots Spyware Phishing 44

Lectures (con t) Traffic Analysis Anonymity Routing Security Network Forensics Wireless Security VoIP Security 45

Acknowledgments/References COMS W4180 Network Security Class Columbia University, Steven Bellovin, 2006. [Santos] SPAM OVER IP TELEPHONY (SPIT). Identification and prevention Techniques ECE 4112 Internetwork Security, Felipe Santos, Manoj Deshpande, Georgia Institute of Technology. 46

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information