An Introduction to. Voice over IP Security

Similar documents
SIP Security. ENUM-Tag am 28. September in Frankfurt. Prof. Dr. Andreas Steffen. Agenda.

Formación en Tecnologías Avanzadas

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, Eschborn, Germany

SIP Basics. CSG VoIP Workshop. Dennis Baron January 5, Dennis Baron, January 5, 2005 Page 1. np119

SIP Essentials Training

Three-Way Calling using the Conferencing-URI

TECHNICAL SUPPORT NOTE. 3-Way Call Conferencing with Broadsoft - TA900 Series

Session Initiation Protocol (SIP)

Media Gateway Controller RTP

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009

SIP: Protocol Overview

NTP VoIP Platform: A SIP VoIP Platform and Its Services

Part II. Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., National Taiwan University

How To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib

Configuring SIP Support for SRTP

Session Initiation Protocol (SIP) 陳 懷 恩 博 士 助 理 教 授 兼 計 算 機 中 心 資 訊 網 路 組 組 長 國 立 宜 蘭 大 學 資 工 系 TEL: # 340

SIP Security. Andreas Steffen, Daniel Kaufmann, Andreas Stricker

3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW

How to make free phone calls and influence people by the grugq

Session Initiation Protocol

Voice over IP (SIP) Milan Milinković

VoIP. What s Voice over IP?

internet technologies and standards

Voice over IP & Other Multimedia Protocols. SIP: Session Initiation Protocol. IETF service vision. Advanced Networking

SIP: Session Initiation Protocol. Copyright by Elliot Eichen. All rights reserved.

VoIP with SIP. Session Initiation Protocol RFC-3261/RFC

SIP ALG - Session Initiated Protocol Applications- Level Gateway

Session Initiation Protocol (SIP) The Emerging System in IP Telephony

Multimedia & Protocols in the Internet - Introduction to SIP

Man-in-the-Middle Attack on T-Mobile Wi-Fi Calling

VoIP Fraud Analysis. Simwood esms Limited Tel:

IP Office 4.2 SIP Trunking Configuration Guide AT&T Flexible Reach and AT&T Flexible Reach with Business in a Box (SM)

SIP : Session Initiation Protocol

NAT TCP SIP ALG Support

Multimedia Communication in the Internet. SIP: Advanced Topics. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS

Avaya IP Office 4.0 Customer Configuration Guide SIP Trunking Configuration For Use with Cbeyond s BeyondVoice with SIPconnect Service

SIP and ENUM. Overview DENIC. Introduction to SIP. Addresses and Address Resolution in SIP ENUM & SIP

Application Notes for Configuring SIP Trunking between McLeodUSA SIP Trunking Solution and an Avaya IP Office Telephony Solution 1.

Analysis of a VoIP Attack

SIP Trunking & Peering Operation Guide

TLS and SRTP for Skype Connect. Technical Datasheet

For internal circulation of BSNL only

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ (Used to encrypt) A secret key: ABC98765 (Used to decrypt)

Voice over IP Fundamentals

Request for Comments: August 2006

ARCHITECTURES TO SUPPORT PSTN SIP VOIP INTERCONNECTION

VoIP LAB. 陳 懷 恩 博 士 助 理 教 授 兼 所 長 國 立 宜 蘭 大 學 資 訊 工 程 研 究 所 TEL: # 255

Denial of Services on SIP VoIP infrastructures

SIP for Voice, Video and Instant Messaging

Technical Bulletin 25751

Application Note. Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0

Session Initiation Protocol (SIP)

Internet Services & Protocols Multimedia Applications, Voice over IP

Session Initiation Protocol (SIP) Vulnerabilities. Mark D. Collier Chief Technology Officer SecureLogix Corporation

Internet Services & Protocols Multimedia Applications, Voice over IP

Transparent weaknesses in VoIP

The SIP School- 'Mitel Style'

An outline of the security threats that face SIP based VoIP and other real-time applications

Session Initiation Protocol and Services

Internet Voice, Video and Telepresence Harvard University, CSCI E-139. Lecture #5

SIP Session Initiation Protocol

How To Send A Connection From A Proxy To A User Agent Server On A Web Browser On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Webmail Web Browser (For Ipad) On An Ipad Or

Enabling Security Features in Firmware DGW v2.0 June 22, 2011

Asterisk with Twilio Elastic SIP Trunking Interconnection Guide using Secure Trunking (SRTP/TLS)

Internet Working 15th lecture (last but one) Chair of Communication Systems Department of Applied Sciences University of Freiburg 2005

Grandstream Networks, Inc. GXP2130/2140/2160 Auto-configuration Plug and Play

Chapter 9. IP Secure

EE4607 Session Initiation Protocol

IP-Telephony SIP & MEGACO

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

NTP VoIP Platform: A SIP VoIP Platform and Its Services 1

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

OpenSIPS For Asterisk Users

FortiOS Handbook - VoIP Solutions: SIP VERSION 5.2.0

White paper. SIP An introduction

SIP Introduction. Jan Janak

VoIP Fundamentals. SIP In Depth

SIP, Session Initiation Protocol used in VoIP

VoIP Phreaking Introduction to SIP Hacking. Hendrik Scholz 22C3, Berlin, Germany

The use of IP networks, namely the LAN and WAN, to carry voice. Voice was originally carried over circuit switched networks

Network Security. Lecture 3

3GPP TS V8.1.0 ( )

Technical Communication 1201 Norphonic emergency rugged telephone on Alcatel-Lucent OmniPCX Enterprise

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

IP Office Technical Tip

Hacking / Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions / Endler & Collier / Enumerating a VoIP Network

Secured Communications using Linphone & Flexisip

Interoperability between IPv4 and IPv6 SIP User Agents

Unit 23. RTP, VoIP. Shyam Parekh

AGILE SIP TRUNK IP-PBX Connection Manual (Asterisk)

TraceSim 3.0: Advanced Measurement Functionality. of Video over IP Traffic

Security Issues of SIP

SIP Trunking Manual Technical Support Web Site: (registration is required)

Transcription:

An Introduction to Voice over IP Security July 2006 Holger.Zuleger@hznet.de 1. April 2006 Holger Zuleger 1/18 > c

What is meant by secur ity? Preface Not address or topology hiding Not (D)DoS prevention Not user authorization Just encryption, integrity and confidentially What is meant by encr yption? Encr yption of RTP data (no eavesdropping) Encr yption of Signaling traffic (Not necessarily privacy) All statements in this presentation based on reading the following mater ial... and shameless copying something SIP (RFC3261), SDP (RFC2327), RTP (RFC3550), SRTP (RFC3711) ZRTP (draft-zimmer mann-avt-zr tp-01) SIP Security (Andreas Steffen / 3rd DeNIC-ENUM Tag) No practical exper iences, nothing tested! 1. April 2006 Holger Zuleger 2/18

Classical VoIP Trapezoid SIP Proxy Domain A SIP Signaling SIP Proxy Domain B INVITE User A ACK/BYE RTP/RTCP Voice data User B Bearer traffic flows end to end Good for end to end encryption Hop by hop signaling path via proxy Assurance of signaling security is difficult to manage Secure SIP allows encryption up to the first hop S/MIME for end to end encryption (only SDP) 1. April 2006 Holger Zuleger 3/18

VoIP in Carrier Networ ks SIP Proxy Domain A SIP SBC SIP Proxy Domain B SIPS SBC (Access) SIP (Interconnection) RTP/RTCP SBC (Access) SIP User A User B SBC (B2BUA) used for topology hiding B2BUA ter minates session and rewr ites most of the SIP headers RTP has to flow through SBC (media relay) SBC must be able to read SIP header and SDP body 1. April 2006 Holger Zuleger 4/18

IPsec (Networ k Layer) VoIP Security Var iants Large overhead / QoS problem / Timing problem End to end security scheme difficult to set up NAT / Proxy / B2BUA (Session Border Controller) PKI required VoIP via IPsec VPNs may be feasible SSL/TLS (Transpor t Layer) Only for signaling (SIPS) / Not for RTP Presumes the use of TCP instead of UDP as transpor t protocol Bad perfor mance PKI required End to end security scheme difficult to set up SRTP (Presentation/Application Layer) See the following slides 1. April 2006 Holger Zuleger 5/18

SRTP Secure RTP/RTCP (RFC3711) Profile of RTP/RTCP (RFC 3550 / RFC 3551) Overhead: 4-14 Byte (4 Byte opt. MKI, 4-10 Byte authentication Tag) Defined for unicast and multicast RTP Out of band key management Only one Masterkey required All SRTP keys der ived from master key Session encryption key Session authentication key Session salting key Independent session keys for SRTP and SRTCP Default encryption algorithm: AES-CM 128 Bit Default message authentication algorithm: HMAC-SHA1 1. April 2006 Holger Zuleger 6/18

SRTP Secure RTP/RTCP (2) Encr yption and authentication (integrity) of RTP/RTCP packets RTP payload encr yption Authentication is recommended but optional (allows header compression) RTP Version, Flags Payload Type sequence # timestamp sync. source identifier cont. source identifier Header extension (opt) RTP Payload padding pad count SRTP SRTP master key identifier (4 Byte opt) authentication tag (4-10 Byte recommended) Also some minor header changes for SRTCP 1. April 2006 Holger Zuleger 7/18

SRTP Keymanagement Der ivation of session keys out of one master key Ke y exchange via exter nal mechanism Session Description Protocol (RFC2327) Ke y Mangement Extensions for SDP (encrypted signaling required) MIKEY (RFC3830) Multimedia Internet KEYing (no encrypted signaling required) SDP Security Descriptions for Media Streams (draft-ietf-mmusic-sdescr iptions-12.txt) Encr ypted key Transpor t for SRTP (draft-mcgrew-sr tp-ekt-00.txt) HIP-SRTP (draft-tschofenig-hiprg-hip-sr tp-01.txt) Using SRTP transpor t format with HIP ZRTP (draft-zimmer mann-avt-zr tp-01.txt) Extension to RTP for Diffie-Hellman Key Agreement for SRTP Currently available mechanism? SDP, ZRTP, MIKEY(?) 1. April 2006 Holger Zuleger 8/18

SIP & SDP Session Initiation Protocol (RFC3261) for call signaling Header for mat is similar to HTTP UDP Por t 5060 used (recommended) TCP is also allowed (required for SIPS) Responsible for connection setup and release INVITE, OK, ACK, BYE, CANCEL Registration service for mobile user agents REGISTER Uses DNS for routing (SRV-Record RFC3263; NAPTR). Session Description Protocol (RFC 2327) for parameter exchange Body of SIP-Messages Looks (a little bit) like sendmail mail queue for mat Contact address (ip address, por t #) c=in IP4 1.25.43.66 Codec m=audio 7078 RTP/AVP 8 0 2 102 100 97 101 (Master)Key for SRTP k=clear:geheim 1. April 2006 Holger Zuleger 9/18

SIP/SDP Example Packet INVITE sip:642022@example.net SIP/2.0 Via: SIP/2.0/udp 1.25.43.66:5060;branch=z9hG4bK5E04B432A7CE4D494016D27E86B2D From: <sip:hoz@sip.example.de>;tag=1167b5b5d227aa6656b12714f8441 To: <sip:642022@example.net> Call-ID: 135F08716ED07E5D0C0B7B855BC21@1.25.43.66 CSeq: 9 INVITE Contact: <sip:hoz@1.25.43.66;uniq=964e34a1883165ee1829bfae36988> Max-Forwards: 70 User-Agent: AVM FRITZ!Box Fon WLAN 7170 29.04.02 (Jan 25 2006) Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, UPDATE, PRACK, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE Content-Type: application/sdp Accept: application/sdp, multipart/mixed Content-Length: 381 v=0 o=user 10512055 10512055 IN IP4 1.25.43.66 s=call c=in IP4 1.25.43.66 t=1144829986 1144833586 k=base64:acx4fimf1pqdu6y2qtzttxjr5z3eovmmvu4yrzqokqc= m=audio 7078 RTP/AVP 8 0 2 102 100 97 a=sendrecv a=rtpmap:2 G726-32/8000 a=rtpmap:102 G726-32/8000 a=rtpmap:100 G726-40/8000 a=rtpmap:97 ilbc/8000 a=fmtp:97 mode=30 a=rtcp:7079 1. April 2006 Holger Zuleger 10/18

SIPS is like HTTPS Is set on top of TCP only SIPS SIP-Secure over TLS Signaling over sips URI: sips:user@example.de;transport=tcp Demands for TLS along the (signaling)path Recommended for mobile user agents Allows for first mile encryption (but now deprecated) Ser ver authentication via Certificate Client authentication (mostly) via username/digest What about incoming invites? How to authenticate the UA? Client authentication via Certificate possible Difficult because of changing contact address / networ k attachment points Only Hop by Hop Security Enables legal (and not so legal) interception 1. April 2006 Holger Zuleger 11/18

S/MIME secure SDP Data for mat based on S/MIME mail Encr yption of the SDP portion of the SIP messsage See example on next slide End-to-End or Hop by Hop allowed Tunneled (and S/MIME encrypted) SDP also allowed Suppor ts UDP or TCP TCP is recommended because of UDP fragmentation Pr ior (public)key exchange necessary (We have to encr ypt the SDP with the public key of the communication partner) 1. April 2006 Holger Zuleger 12/18

SIP S/MIME Example (IPv6) Packet INVITE sip:642022@example.net SIP/2.0 Via: SIP/2.0/udp [2001:db8::27:2]:5060;branch=z9hG4bK5E04B432A7CE4D494016D27E86B2D From: <sip:hoz@example.de>;tag=1167b5b5d227aa6656b12714f8441 To: <sip:642022@example.net> Call-ID: 135F08716ED07E5D0C0B7B855BC21@example.de CSeq: 9 INVITE Contact: <sip:hoz@[2001:db8::27:2];uniq=964e34a1883165ee1829bfae36988> Max-Forwards: 70 Content-Type: multipart/signed;boundary=e4ef8847482d240d0 Accept: application/sdp, multipart/mixed Content-Length: 3381 --e4ef8847482d240d0 Content-Type: application/pkcs7-mime smime-type=envelopeddata; name=smime.p7m Content-Disposition: attachment;handling=required;filename=smime.p7m Content-Transfer-Encoding: binary *** envelopeddata object containing encrypted SDP body *** * v=0 * o=- 0 0 IN IP6 2001:db8::27:2 * c=in IP6 2001:db8::27:2 * k=base64:acx4fimf1pqdu6y2qtzttxjr5z3eovmmvu4yrzqokqc= *... ********************************************************** --e4ef8847482d240d0 Content-Type: application/pkcs7-signature;name=smime.p7s Content-Disposition: attachment;handling=required;filename=smime.p7s Content-Transfer-Encoding: binary... signeddata object containing signature... --e4ef8847482d240d0 1. April 2006 Holger Zuleger 13/18

ZRTP Zimmermann secure RTP Use of SRTP for media encryption (end to end) No signaling protocol required, but ZRTP could use SDP/MIKEY keys Instead, ZRTP uses RTP extensions/options for key exchange Diffie Hellman Key exchange with man-in-the-middle detection Defined by draft-zimmer mann-avt-zr tp-01 Reference implementation wor ks under MAC OSX, Linux and Windows XP "Bump on the cord" implementation Wor ks with (nearly) all SIP soft clients Encr ypt and decrypt voice packets on the fly 1. April 2006 Holger Zuleger 14/18

ZRTP (2) ZRTP use short authentication strings (SAS) for MITM detection Both partners read a short str ing to each other Compare with written down string on screen Ifboth strings match, the session key will be stored in a cache Like ssh keys This kind of authentication is needed only once SAS algorithm is difficult to use if callee is not a person 1. April 2006 Holger Zuleger 15/18

Secure VoIP (SRTP) in the field Hardware SNOM Phones (e.g. 360; also Softphone 360) Cisco 28xx Router Siemens Hi-Path? Software Patches for Kphone / Asterisk (Linux) CounterPath (eyebeam, for merly x-ten) VOCAL (www.vovida.org) Application independent SRTP (ZRTP) (Linux, MAC, Windows) minisip (Linux, Windows, PocketPC) Librar ys libsr tp (sr tp.sourceforge.net/sr tp.html) S/MIME enabled SIP Stack (www.sipfoundr y.org/resiprocate) Secure VoIP Providers Sipgate dus.net 1. April 2006 Holger Zuleger 16/18

Secure RTP SIPS S/MIME Summar y + End-to-End encryption feasible + Hard- and Software available + Already deployed by some SIP carrier Could be difficult if media relays in-between the path Most of the media gateways don t support SRTP +Allows first mile encryption (only for signaling) + Useful for SRTP master key exchange SIP-Proxy should also wor k as (secure) media gateway No end-to-end encryption/pr ivacy + Secure End-to-End key exchange Not feasible with B2BUA because of SDP inspection Requires PKI 1. April 2006 Holger Zuleger 17/18

Questions? http://www.hznet.de/secur ity/voipsec.pdf 1. April 2006 Holger Zuleger 18/18

Questions? http://www.hznet.de/secur ity/voipsec.pdf Thank you for your attention 1. April 2006 Holger Zuleger 18/18

CONTENTS... 1 Preface... 2 Classical VoIP Trapezoid... 3 VoIP in Carrier Networ ks... 4 VoIP Security Var iants... 5 SRTP Secure RTP/RTCP (RFC3711)... 6 SRTP Secure RTP/RTCP (2)... 7 SRTP Keymanagement... 8 SIP & SDP... 9 SIP/SDP Example Packet... 10 SIPS SIP-Secure over TLS... 11 S/MIME secure SDP... 12 SIP S/MIME Example (IPv6) Packet... 13 ZRTP Zimmermann secure RTP... 14 ZRTP (2)... 15 Secure VoIP (SRTP) in the field... 16 Summar y... 17... 18 <

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information