DUNDi!"# $. %!%&" ' &" 2008

DUNDi!"# $ %!%&" '&" 2008

, : 10/06/2008!"# $"# " ""# %&'('!"# $"# " ""# %&'('!"# $"# " ""# %&'(' ) 2008

' *& '%!" +&, %&(,' -+& ' ' &$(/ " 0'"'' '% '"% Distributed Universal Number Discovery (DUNDi) #' '' ' &++ &' '!+ Voice over Internet Protocol (VoIP) "1#/ " &' &"( '" %!&*' & + ' " '-* '!&'# '% VoIP ' '' % "%1, %&(,' ' &"(!"'&'"( '/ '$/ Asterisk, / &"/ '/ 0''/ " '/ ' +' +"'(&'& " '& '/ &/, &' 0 '' +($' &" "'(+ %!& '$ Asterisk " '/ ' +' ' &%!, %&(,' &"/ '/ '%+/ '% '"% DUNDi %'"', +($' +" ' +',' &/ &!0 " &/ " &"/ &%+/ % "'*' &' '" ' &%!, '*&&' 10 '/ / '' ' '" '& #&'!% '%! " '-* 0* " % ' ',% ' '', +($'!'"'" '% 0"'*% '!& 1" + ' "'& ' '"# ' & + ' &/, " " / ""/,!% &'"/ $/ + ' 0& '% '"% DUNDi 2'&, %&(,' ' '"( 00 ' "'+(3 " 10+ (%& / '%/ &/,!' &'" " '" (%& ' &''&'"# '&(' "1#/ "' &"( &%(&' ' '%' '' '*&&%,' ' &$(/ " -&'/ & &!& ' + '" -'(,' 00,' ' &'%'"''/, "''/ " &'&/ '%'''/ &' '" DUNDi / &%,'*' 0* ' &"( ' -&'/ %!% "'+$! & &' '" DUNDi!"# $"# " ""# %&'(' - 2008

ABSTRACT In this dissertation is presented the evaluation of security parameters and the efficiency of the protocol Distributed Universal Number Discovery (DUNDi) The first section is an introduction in the Voice over Internet Protocol (VoIP) technology and to the basic VoIP protocols that are being used for the communication of VoIP entities In the following section, are presented the main attributes of the Asterisk PBX and the way that it is installed and configured Furthermore, we outline the basic directories that are being used after the Asterisk activation In the next section, we focus on the protocol DUNDi There is an analytical examination on the way that the DUNDi protocol, dynamically discover how to reach users throughout the VoIP network Moreover, there is an extended description on the configuration of DUNDi files and the process that is used for the communication of two DUNDi `s entities In the following section, we set out the architecture of the network that was used for the research The network was relatively small but we got very important results for the efficiency of the DUNDi protocol In this section are presented the results of the research and the methodology that was used for analyzing them Furthermore, is given a quantitative and a qualitative analysis of the statistical results and finally the main conclusions The final section is focused on security and reliability issues of the DUNDi protocol There is an examination about the issues deal with the confidentiality, the integrity and the authentication services of the DUNDi protocol Finally are presented some reliability problems that are committed to date, about the DUNDi protocol PETROS G PISSAS Information and Communication Systems Engineering UNIVERSITY OF THE AEGEAN - 2008

- " & '/ 0'" / % +&/ &'0' " ' '/ ' '%!"# % &%0# %' &'+, ' ( "'( + %!&' & ( %/ '%/ +/ %, " #+, + ' &' - & %/ '%/ '/ % %! %'( '! 4 &/ %!&' & ' 0$ % ', % "10 +& &'/ 0*&"/ &'+/ ' '%!"# % &%0# " 1& %&&'"( &' "#& %' ' &'! # $ & - %' ' &0 %/ '%/ $%/ % " &' ( " 1& +'"( &' #& %'( '! %,& &' & 5/ '%/ $1/ 0 1! $'(&! 0# 6'('/ / &' "*$& ' '%!"# % &%0#, #1 ' (+" %!&' & ' " %(" + ' "10 +& % %! &' 0*&" + '/ 0'" / ++/ ' ' " '!(&'" ' &/ ", '& &'" "' + ' " & %' / '/ +&/ 1 " * &!& '%, & &'"( ' 0 '/ 0'" / " ' %!&'# 1( + %' #'/, %' ' 0*&" 0 % '(, + ' &'(0 ' &%0# %, 1 1 %!&' & ' 00"'" &" '% ' '/ '!"# $"# " ""# %&'(' + ' +#& % % '0& (&/ %! ( "(% #1 &!% &' '+&'" ( %,* %' 0* +(, %'( ' 0*&" ( "0'"(! %,&, &/ 0'" +& $#' &' 0$ % ', +' & ' "(& ' '0 ' %' & " 0 1 & 0 % &'/ $/ ( " &'/ 0*&"/ / % 1 "%1 &%

1VoIP 1 11 &++ &' VoIP 1 12 '" VoIP 3 121 323 3 122 SIP 5 123 IAX2 8 2 Asterisk 10 21 Asterisk Installation 11 211 ' &/ %&' '/ 11 212 +"'(&'& ' '' "' 12 22 +"'(&'& Asterisk 12 221 +"'(&'& & Ubuntu 6x 12 222 +"'(&'& & Fedora Core 15 23 '(+ %!&*' ' Asterisk 19 24 ""& '% Asterisk 23 3 DUNDi 26 31 &++ ' DUNDi 26 32 '%+ % '"% 28 33 %+/ % '"% DUNDi 29 331 "/ 30 332 ++$!"& 30 333 "(%3!0 &/ 30 334 ' ' EID (Entity IDentifier) 32 335 0+' # %+# 32 34 "' 34 35 $& % '"% DUNDi 35 351! dundiconf 35 352! iaxconf 41 353 $& '%!% extensionsconf 41 36 " ' 44 4!" # $" 56 41 $& "'*% 56 42 "'& ' & 61 43 */ ' & 62 44 ' &/ (%& '&(' 66 441 * % ' 67 5 %$ &!"! '!! (" 75 51 7' ' &$(/ 75 511 General Peer Agreement (GPA) 76 512 %1'"& " "'' 79 5121 RSA 79 5122 Advanced Encryption Standard (AES) 81 5123 DUNDi, AES " RSA 84 513 Peer-to-Peer vs Clients Server (DNS) 86 52 7' ' -&'/ 88 521 ("'& " &/ 88 522 '(%& " 89 6 )& 92

1 VoIP (Voice over Internet Protocol) VoIP 11 VoIP VoIP [REF1] () Internet Protocol (IP)! " #, IP! # $ ",, VoIP " % VoIP 1 VoIP VoIP 1

1 VoIP VoIP : & ' %, ' VoIP : " IP, VoIP % VoIP 2

( # " ( VoIP " ( 100, 166 ) ) VoIP spamming 12 VoIP 121 323 H323 [REF2] ITU " IP % H323 realtime audio, video,!, video H323 4 H323, " H323, gateways, gatekeepers multipoint control units (MCUs) 2 : 3

2 H323 % (, voice mail, video cameras ) MS Netmeeting!323 % / video gateways ", ISDN, PSTN H323 * gateways ) gateway SIP H323 % gatekeepers "!323 gatekeepers 4

+, ) " gatekeeper Petros 19216812 % gatekeepers, gatekeeper!323, MCUs " # H323 ", ad-hoc % back-end server (BES) "!323 * BES,,, gatekeepers gateways 122 SIP % SIP [REF3] IP UDP ( 5060) SIP SIP SIP video & " SIP video, " SIP, IP " 5

PSTN SIP -, Proxy Servers User Agents $ " - VoIP ", SIP " IP (') SIP " IETF,!323 " ITU "! SIP RFC 2543 RFC 3261 SIP HTTP " human readable " /, - % SIP,,!323 - SIP!323 3 " SIP: 6

3 SIP * SIP, SIP $ % DUNDi ENUM SIP & SIP & SIP - SIP SIP " Peer-to-Peer (P2P) SIP 7

123 IAX2 IAX2 [REF4], Inter Asterisk exchange, +$( - Asterisk, +$(, " +$(, Asterisk (interfaces) IAX Asterisk IAX2, - UDP ( 4569)! in-band (, ), (firewall) 8

3 IAX % IAX2 " * (firewalls)! # IAX2 UDP &, 9

2 Asterisk Asterisk [REF5], (hardware), (middleware) (software) - Asterisk,,, Asterisk *, Unix/Linux DOS,, /, Asterisk, -, 0 " /, Asterisk PBX - PBX 1 VoIP $ Linux $ OpenBSD, FreeBSD, MacOSX, Sun Solaris MS-Windows -, Linux " Asterisk VoIP $ SIP!323, Inter- Asterisk Exchange (IAX) Asterisk, 10

21 Asterisk Installation " Asterisk Asterisk Linux Asterisk, Ubuntu 610 Fedora FC6 $ Linux, Asterisk $ Asterisk & " Asterisk : - Asterisk; : $ 211! Asterisk 1213 " Asterisk, Zaptel PRI (libpri) " VoIP " Asterisk % Zaptel " # VoIP! libpri 11

* asterisksounds -` Asterisk, " ", 212 - Asterisk gcc ( 3x ) / bison ncurses CLI! Asterisk OpenSSL " Zaptel " / " libpri Asterisk Zaptel linnewt zttool usb-uhci ztdummy / PRI Zaptel " libpri 22 Asterisk, Asterisk Ubuntu 6x Fedora Core 221 Ubuntu 6x Asterisk http://wwwasteriskorg [REF6] 12

: asterisk-1213targz, asterisk-addons-125targz asterisk-sounds-121targz /usr/src/ 2 root # : # cd /usr/src/ # tar zxvf asterisk-1213targz # tar zxvf asterisk-sounds-121targz # tar zxvf asterisk-addons-125targz & : /usr/src/asterisk-1213/ /usr/src/asterisk-sounds-121/ /usr/src/asterisk-addons-125/ Asterisk 2 : # sudo apt-get install gcc build-essential # sudo apt-get install libncurses-dev # sudo apt-get install openssl linssl-dev # sudo apt-get install zlib1g-dev 13

$, Asterisk % : # cd /usr/src/asterisk-1213/ # make clean # make # make install # make samples # make progdocs! make clean «"» (binaries) $ / make samples! Asterisk Asterisk $ /etc/asterisk/, make samples old ) extensionsconf extensionsconfold -,, make samples # samples configs/ Asterisk! make progdocs doxygen / doxygen 14

$ 3, asterisk-sounds-121 -, / : #cd /usr/asterisk-sounds-121 #make install asterisk-addons-121, CDRs (Call Detail Records) MySQL MP3 / Perl " Asterisk 222 Fedora Core ) Asterisk Linux fedora core Ubuntu 4 libpri Zaptel Asterisk Meetme mp3 music hold on $ (kernel)! : # uname a : Linux luser 2617-12142_EL #1 Wen Aug 15 11:32:12 ED 2007 i686 i686 i368 GNU/Linux 15

$ kernel 26 24 26 (kernel sources) ) # rpm -q kernel-devel / kernel sources yum ) : # yum install kernel-devel / yum install kernel sources " $ : # rpm -q bison # rpm -q bison-devel # rpm -q ncurses # rpm -q ncurses-devel # rpm -q zlib # rpm -q zlib-devel # rpm -q openssl # rpm -q openssl-devel # rpm -q gnutls-devel # rpm -q gcc # rpm -q gcc-c++ 16

$ yum : # yum install bison # yum install bison-devel # yum install ncurses # yum install ncurses-devel # yum install zlib # yum install zlib-devel # yum install openssl # yum install openssl-devel # yum install gnutls-devel # yum install gcc # yum install gcc-c++ yum " PBone (http://rpmpbonenet/) $, : # rpm -i PACKAGErpm # rpm -Uvh PACKAGErpm Fedora kernel sources /usr/src/linuc Makefile Zaptel Asterisk ) ` /usr/src link " 'linux' kernel sources (% default /usr/src/kernels) " " " : # tar -vxzf PACKAGEtargz 17

$, : Libpri: # cd /path/to/source/libpri # make # make install Zaptel: # cd /usr/src/asterisk/zaptel # make ( 24 ) # make linux26 ( 26 ) # make install Asterisk: # cd /usr/src/asterisk/asterisk # make mpg123! mp3 music on hold ) Asterisk : # make # make install # make samples! 1213 Asterisk " Fedora " chan_phone ) Makefile /asterisk/channels/ chan_phone chan_phonec #include compilerh 18

23 Asterisk Asterisk [REF7] % asteriskconf! " voice mail recordings, (voice promts) /etc/asterisk/ Asterisk /usr/lib/asterisk/modules/ % (modules) Asterisk /,, Asterisk / Asterisk / modulesconf, " Asterisk Asterisk /var/lib/asterisk/ $ astdb astdb Asterisk, Microsoft Windows! Asterisk v1 Berkeley % /var/lib/asterisk/ : 19

agi-bin/ $, Asterisk Asterisk Getway Interface (AGI) firmware/ $ - (firmware) Asterisk / iax/ images/ / ", ", 5, " keys/ Asterisk / RSA # $ keys/, " ( IAX2 ) $, pub key keys/ 20

sounds/ 4 Asterisk, Asterisk, soundstxt sounds-extratxt, ( asterisk-sounds-121) var/spool/asterisk/ %, outgoing/, qcall/, tmp/ voicemail/ Asterisk outgoing qcall % tmp/ " # # $ " # 4 (voicemail) voicemail/ var/run/ % process id (pid), Asterisk ( " asteriskconf) $ var/run/ ` 21

var/log/asterisk/ % Asterisk & " loggerconf /etc/asterisk " $ loggerconf: ; Logging Configuration ; [general] ; ' ;! ISO 8601 yyyy-mm-dd HH:MM:SS ;dateformat=%f %T ; host ;appendhostname = yes ; " ;(! yes) ;queue_log = no ; " ;(! yes) ;event_log = no ;) " ;) ; Asterisk v ( ) ;-d ( ) [logfiles] ;! 22

; : ; debug ; notice ; warning ; error ; verbose ; dtmf ; "console" ;debug => debug console => notice,warning,error messages => notice,warning,error ;full => notice,warning,error,debug,verbose 24 Asterisk! Asterisk /usr/sbin/ & asterisk (daemon) ) asterisk h : #cd /usr/sbin/ #asterisk h : -c : (console) / Asterisk CLI -v: (verbosity) $ CLI -g: (core dump) $ asterisk (crash), core gdb 23

-r: (remote) $ Asterisk -x : (execute) ( r CLI, CLI $ ) Asterisk CLI (verbosity) 3, : #asterisk cvvv $ Asterisk, : #asterisk vvvr petros-deskop:~ # asterisk -cvvv Asterisk already running on /var/run/asteriskctl Use 'asterisk -r' to connect petros-desktop:~ # asterisk -vvvr Asterisk 1213, Copyright (C) 1999-2005 Digium Written by Mark Spencer <markster@digiumcom> ======================================================== Connected to Asterisk 1213 currently running on Petros-desktop (pid = 7450) -- Remote UNIX connection Verbosity is at least 3 Petros-desktop*CLI> ) CLI ( script), x r : #asterisk rx restart now 24

, : #asterisk vvvvvvvvvc tee/tmp/debuglog 25

3! DUNDi DUNDi [REF8] DUNDi 31 DUNDi & DUNDi VoIP Public Switched Network (PSTN) % DUNDi (wwwdundicom) : DUNDi Peer-to-Peer (P2P) $ ( ENUM), DUNDi DUNDi " " DUNDi " (SIP, IAX, H323) DUNDi " 6 bytes $ Ethernet MAC Address DUNDi " (dialplans) - ) # 26

" (context) private % /164[REF9] ) DUNDi E164 General Peering Agreement (GPA) [REF10] ) DUNDi " " $ -, 4 DUNDi, ) Advanced Encryption Standard (AES) [REF11] RSA[REF12], " / General Peering Agreement (GPA) [REF10] 27

32 "! $ DUNDi,, [REF8], ( " ) - DUNDi : 4 # 4 $ B ' 6 $ ) $, 6, ) ' " $ $ 1234 $ " " 6 ' " 28

$ 6 ' " ( ) $ " 6 1234 ) ) $ 1234 $" $ ( ) $ ' ) 33! DUNDi & [REF8] DUNDi & " 16 bit, 1 65535 % "! 0 1 bit F (Final) 1 (incoming sequence number) (outgoing sequence number) 8 bit 0 1 (ACK) " 29

331 DUNDi 10 $ 10 10 332 - DUNDi REGREQ REGRESPONSE % REGREQ ( ) REGRESPONSE / EXPIRATION REGRESPONSE & 333 $ % % DPDISCOVER DPRESPONSE #! DPDISCOVER $ ( ) (ACK) DPRESPONSE " 4 DPDISCOVER DPRESPONSE milliseconds TTL 200 30

2000 & DPDISCOVER CANCEL + 200 milliseconds DPDISCOVER DPRESPONSE DPDISCOVER / DPDISCOVER DPDISCOVER : 1 2 TTL 1 DPDISCOVER TTL 0 2 3 " DPREQUEST / DPDISCOVER DPRESPONSE: 1 DPRESPONSE / 31

2 / TTL 1 flag TTLEXPIRED 3! UNAFFECTED 1 DPDISCOVER ( EID_DIRECT) 4! DONTASK 1 " " 334 EID (Entity IDentifier) % EIDQUERY EIDRESPONSE * EIDQUERY / EIDRESPONSE " bit F 1 % EID DPDISCOVER DPRESPONSE 335 % & ' ' DUNDi 1 Si, So, Ts, Td F bit 32

% 1: request/response # # --------------REGREQ (So=0, Si=0, Ts=1234, Td=0, F=0) --------------> <------- REGRESPONSE (So=0, Si=1, Ts=5678, Td=1234, F=1) ----- ----------- ACK (So=1, Si=1, Ts=1234, Td=5678, F=1) ------------------> % 2: $ % # # -----------DPDISCOVER (So=0, Si=0, Ts=2345, Td=0, F=0) ---------> <------------- ACK (So=0, Si=1, Ts=6789, Td=2345, F=0) --------------- <-------- DPRESPONSE (So=0, Si=1, Ts=6789, Td=2345, F=1) ----- ----------- ACK (So=1, Si=1, Ts=2345, Td=6789, F=1) -----------------> % 3: EID # # -----------EIDQUERY (So=0, Si=0, Ts=3456, Td=0, F=0) -------------> <------------- ACK (So=0, Si=1, Ts=6789, Td=3456, F=0) --------------- <-------- EIDRESPONSE (So=0, Si=1, Ts=6789, Td=2346, F=1) ----- ----------- ACK (So=1, Si=1, Ts=3456, Td=6789, F=1) -----------------> 33

34 (! [REF8] DUNDi UDP 4520 % 6 bytes & MAC address! DUNDi : 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Source Transaction Destination Transaction ISeqno OSeqno F R CmdResp CmdFlags Information Elements Source Transaction: % Destination Transaction: % ISeqno: % 34

OSeqno: % F: bit / 1 R: bit / 0 1 CmdResp:! CmdFlags: / Information Elements: 35 (! DUNDi ) DUNDi $ dundiconf, extensionsconf iaxconf * iaxconf, DUNDi * sipconf, h323conf mgcpconf 351 dundiconf dundiconf " $ " " 35

/, " - dundiconf Asterisk: ; DUNDi configuration file ; ; [general] ; ; "general" ; client server ; ; ;, ; ; ;department=your Department ;organization=your Company, Inc ;locality=your City ;stateprov=st ;country=us ;email=your@emailcom ;phone=+12565551212 ; ; ; IP, ; 4520 ; ;bindaddr=0000 ;port=4520 ; 36

;! ( MAC ; " eth, ; MAC ;!) ; ;entityid=00:07:e9:3b:76:60 ; ; # DUNDi ( ; ) ; ttl=32 ; ; $ ACK DPREQUEST 2000ms, autokill ; yes, ( ; ) ;% & ; ; host $ «yes» ;«no» ; autokill=yes ; ;' pbx_dundi «secret», ; ; «secretpath» " ;dundi ( ; dundi/secret); ;secretpath=dundi [mappings] ; ;' «mappings» DUNDi 37

; ;Asterisk ; DUNDi ; DUNDi General Peering Agreement (GPA) ; ; dundi_context => local_context,weight,tech,dest[,options]] ; ;' dundi_context ;' local_context ; ;' tech (IAX, SIP, H323) ;' dest ( ; ${NUMBER} ; ;! (options) : ;nounsolicited: # ; ;nocomunsolicit: # ;residential: % ;commercial: % ;mobile: % ;nopartial: ) (partial) ; DUNDi ;, ; ;e164 => dundi-e164-38

canonical,0,iax2,dundi:${secret}@${ipaddr}/${number},nounsolicited,no comunsolicit,nopartial ;e164 => dundi-e164- customers,100,iax2,dundi:${secret}@${ipaddr}/${number},nounsolicited,nocomunsolicit,nopartial ;e164 => dundi-e164-viapstn,400,iax2,dundi:${secret}@${ipaddr}/${number},nounsolicited,noco munsolicit,nopartial ;digexten => default,0,iax2,guest@lappy/${number} ;asdf => ; ; ; ' ; ' name ; ; ; ;inkey: * ;outkey: ;host: host ;order: (order) * ;(primary), (secondary), (tertiary) (quartiary) ;include: ; ( «all» host) 39

;noinclude: ) ; ( «all» host) ;permit: $ &( DUNDi ; ( «all» host ) ;deny: % &( DUNDi ; ( «all» host ) ;model: $ (inbound), ( (outbound), (symmetric) ;, ;! * ; ; Sample Primary e164 DUNDi peer ; [00:50:8B:F3:75:BB] model = symmetric host = 6421596114 inkey = digium outkey = misery include = e164 permit = e164 qualify = yes ; ; Sample Secondary e164 DUNDi peer ; ;[00:A0:C9:96:92:84] ;model = symmetric 40

;host = miserydigiumcom ;inkey = misery ;outkey = ourkey ;include = e164 ;permit = e164 ;qualify = yes ;order = secondary ;[*] ; 52 iaxconf " Asterisk " [priv] type=user dbsecret=dundi/secret context=dundi-priv-incoming disallow=all allow=ulaw allow=g726 353 ( extensionsconf extensionsconf " ; Macro Block [macro-stdexten] ; standard extension macro exten => s,1,answer 41

exten => s,2,dial(sip/${arg1},25,t) exten => s,3,goto(s-${dialstatus},1) exten => s-noanswer,1,voicemail(u${arg1}) exten => s-noanswer,2,hangup exten => s-busy,1,voicemail(b${arg1}) exten => s-busy,2,hangup exten => _s,1,goto(s-noanswer,1) exten => a,1,voicemailmain(${arg1}) [macro-dundi-lookup] exten => s,1,goto(${arg1},1) include => dundi-priv-lookup ;Directory Service Contexts [dundi-test-canonical] exten => 19050000000,1,Goto(pstn-in,s,1) exten => 19050000001,1,Goto(pstn2-in,s,1) exten => 14160000000,1,Goto(pstn2-in,s,1) ;$ DUNDi 0 ;% [dundi-test-local] include => dundi-test-canonical include => dundi-pstn-local ;E ;dundi-test, ( [dundi-test-lookup] switch => DUNDi/dundi-test ;$ (, ; " switch &( 42

; [dundi-pstn-local] exten => _1416NXXXXXX,1,SetGroup(PSTN-OUTBOUND) ; increase PSTN- OUTBOUND +1 exten => _1416NXXXXXX,2,CheckGroup(2) ; check if <=1, else n+101 exten => _1416NXXXXXX,3,Dial(${LOCALTRUNK}/${EXTEN:1}) exten => _1416NXXXXXX,103,Wait(1) ; too many callers, drop exten => _1416NXXXXXX,104,Playback(goodbye) exten => _1905NXXXXXX,1,SetGroup(PSTN-OUTBOUND) exten => _1905NXXXXXX,2,CheckGroup(2) exten => _1905NXXXXXX,3,Dial(${LOCALTRUNK}/${EXTEN:1}) exten => _1905NXXXXXX,103,Wait(1) exten => _1905NXXXXXX,104,Playback(goodbye) ;$ 416 905, ; 2 [dundi-priv-local] exten => _1XXX,1,Macro(stdexten,${EXTEN}) ;+ 1000 -> 1999 [dundi-priv-lookup] switch => DUNDi/priv ;+(,( ;'priv' dundi [dundi-priv-incoming] include => dundi-priv-local 43

;-, ; ;Outgoing Calls Contexts [local] exten => _[1-2]XXX,1,Macro(dundi-lookup,${EXTEN}) ; 1000 -> 2999 ; dundi-lookup 36 ) # DUNDi! Asterisk DUNDi ` 2 " 227-303-(((( * 7, DUNDi [REF12] +$( (" DUNDi VoIP) 2 iaxconf DUNDi " 44

iaxconf : [priv] type=user dbsecret=dundi/secret context=dundi-priv-local & " priv Asterisk % priv dundi-priv-local / " dbsecret dundiconf dundi-priv-local $ " [mappings] - priv=>dundi-priv-canonical,0,iax2,priv:${secret}@{ipaddr} /${NUMBER},nopartial priv => dundi-priv-via-pstn,100,iax2,priv:${secret}@{ipaddr} /${NUMBER},nopartial priv => dundi-priv- customers,400,iax2,priv:${secret}@{ipaddr} /${NUMBER},nopartial 6 0, 100 400 & ", 45

0 " & {IPADDR} 127001 )` extensionsconf " Asterisk /, " - extensionsconf DUNDi $" ) " ;private DUNDi network [dundi-priv-canonical] ;Direct numbers [dundi-priv-customers] ; ; ITSP [dundi-priv-via-pstn] ; ; 46

[dundi-priv-local] include => dundi-priv-canonical include => dundi-priv-customers include => dundi-priv-via-pstn [dundi-priv-switch] ; # switch => DUNDi/priv [dundi-priv-lookup] include => dundi-priv-local include => dundi-priv-switch [macro-dundi-priv] exten => s,1,goto(${arg1},1) include => dundi-priv-lookup [trydundi] exten => _,1,Macro(dundi-priv,${EXTEN}) exten => _,2,Congestion " script /asterisk- 1213/var/lib/asterisk/keys & astgenkey " hostname Asterisk ) hostname ), server " box1 domain domaincom hostname box1domaincom, box1 /, n 47

" Asterisk - " hostname petros1 # cd /var/lib/asterisk/keys # astgenkey n petros1 This script generates an RSA private and public key pair in PEM format for use by Asterisk You will be asked to enter a passcode for your key multiple times Please enter the same code each time The resulting files will need to be moved to /var/lib/asterisk/keys if you want to use them, and any private keys (key files) will need to be initialized at runtime either by running Asterisk with the '-i' option, or with the 'init keys' command once Asterisk is running Press ENTER to continue or ^C to cancel Generating SSL key 'petros1': Generating RSA private key, 1024 bit long modulus ++++++ ++++++ e is 65537 (0x10001) writing RSA key Key creation successful Public key: petros1pub Private key: petros1key petros1:/var/lib/asterisk/keys # 4 script " petros1pub 48

petro1key $ /var/lib/asterisk/keys web server " & text! - " : petros1pub: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADiQKBgQC45BoYojLegRQOLOunRlX WOiGu O5iMbVhyuDipF/fY+qY9vQDacAT6xBTuIJteJewQ8BclLiRtmJLx+2/ZAXv37pW8 mtqpho2l69ppruckei52dvylz11hfsyql3fppahxgug//oe59rubccqi3+nuacb F qidzpq3e1bo7q6yxlqidaqab -----END PUBLIC KEY----- petros1key: -----BEGIN RSA PRIVATE KEY----- MIICXwIBAAKBgQC45BoYojLegRQOLOunRlXWOiGuO5iMbVhyuDipF/fY+qY9vQDa cat6xbtuijtejewq8bcllirtmjlx+2/zaxv37pw8mtqpho2l69ppruckei52dvyl Z11HfsyQl3fPpAhXGUG//oe59RUbCCqI3+NuaCbFqIdzPQ3E1BO7q6YXlQIDAQAB AoGBAJcJd6wB7G5JobmGxqcqVPqhGFx9wLuOo79rcJXpx4VQFLfAi07mTZsQzUxO BL3fWr3nc/Dihc2l4vycex0aEkruR9McTAu2yXjuqTFcEC1MpnDPMhDh6xvrUkEM btdupl/gfq8yd+9cl9wc+cneuzkwfjstv8dmx1pzhdqy9yehakea59b6wulct4j+ FA/dnFVsB3UVryJ7qr1aAgPvAwiSpVjnZZGL1FQvm6108cLArY6wywrrnSzILC/V pcprlzwl2qjbamwuwzkyozujlbj0zqc2xf8letrnl4v0yj06kzyes+bykxuyxur7 49

+5IYxA90yr4xYLMOOdImohNTj6m+WeAt/h0CQQCSzzx+ENY45AK27+lYldzJyEQI W11Yn3y+ZAFduXMuFmTNtWSJ/xr7i9nRNpbSE9kxbeQT8YWAPncd8cWCZBDZAkEA syqo7mmfdhr3mapvnenweqfqjq+2ptu0ke3m+rezgwc91wgrv9tfudmlmztmo2zo 2DZPfpzv882LbwPdkd5J8QJBAMSQeBIh3IlxoAURsLmISBxC1R9cjCxdcMWpN46l cte3/+fv6p6kr3stwik3z6whncd879fvjsayrmzsn7ymrje= -----END RSA PRIVATE KEY----- $ CLI Asterisk show keys : *CLI> show keys Key Name Type Status Sum switch-1n2netnet PUBLIC [Loaded] 58197ca5bae150876332eef373685197 petros1 PUBLIC [Loaded] 34bae63322c802fcd90fae81218332d9 petros1 PRIVATE [Loaded] 4cc788941a9292468ebeb7213031b17d freeworlddialup PUBLIC [Loaded] 5efd552d73309f29212331a75f3c701e samos PUBLIC [Loaded] f9c6003c32d8969a80a2e234b6374b3c iaxtel PUBLIC [Loaded] d919b3ef03eb4dc54c8fee86bfeeada1 6 known RSA keys / res_cryptoso pbx_dundiso Asterisk dundiconf *CLI> reload res_cryptoso -- Reloading module 'res_cryptoso' (Cryptographic Digital Signatures) -- Loaded PRIVATE key 'petros1' -- Loaded PUBLIC key ' petros1' 50

*CLI> reload pbx_dundiso -- Reloading module 'pbx_dundiso' (Distributed Universal Number Discovery (DUNDi)) == Parsing '/etc/asterisk/dundiconf': Found $ ", 4 DUNDi MAC (Media Access Control) " ) MAC Linux: # ifconfig eth0 eth0 Link encap:ethernet HWaddr 00:02:AA:12:A2:32 inet addr: 6421596114 Bcast:19216898255 Mask:2552552550 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (00 b) TX bytes:0 (00 b) Interrupt:9 Base address:0x5000! MAC ) CLI Asterisk : pbx*cli> dundi show entityid Global EID for this system is 00:02:AA:12:A2:32 51

& MAC, dundiconf # ) hostname petros1domaincom petros-desktopdomaincom ", # : petros1domaincomkey / petros1domaincompub petros-desktopdomaincompub / petros-desktopdomaincomkey MAC : petros1domaincom petros-desktopdomaincom 00:02:AA:12:A2:32 00:01:A2:6/:92:$6 $ dundiconf : petros1domaincom ; Primary e164 DUNDi peer ; [00:02:AA:12:A2:32] model = symmetric host = 6421596114 inkey = petros-desktopdomaincompub outkey = petros1domaincompub include = e164 52

permit = e164 qualify = yes petros-desktopdomaincom ; Primary e164 DUNDi peer ; [00:01:A2:6/:92:$6] model = symmetric host = 6421596115 inkey = petros1domaincompub outkey = petros-desktopdomaincompub include = e164 permit = e164 qualify = yes $ dundiconf Asterisk # $ CLI Asterisk dundi show peers : *CLI> dundi show peers EID Host Model AvgTime Status 00:01:A2:6/:92:$6 6421596115 (S) Symmetric Unavail OK (273 ms) 1 dundi peers [1 online, 0 offline, 0 unmonitored] $ & dundi show peer CLI Asterisk 53

*CLI> dundi show peer 00:01:A2:6/:92:$6 Peer: 00:01:A2:6/:92:$6 Model: Symmetric Host: 6421596115 Dynamic: no KeyPend: no Reg: No In Key: petros1domaincompub Out Key: petros-desktopdomaincompub Include logic: -- include dundi-priv Query logic: -- permit dundi-priv $ extensionconf " * DUNDi ", DUNDi ) "! extensionsconf ) " # [dundi-priv-customers] $ " # 2 : exten => _2XXX,1,Goto(ext-local,${EXTEN},1) 54

& DUNDi 2100 $ dundi lookup CL+ Asterisk *CLI> dundi lookup 2100 1 0 IAX2/dundi: 34bae63322c802fcd90fae81218332d9@ petros1domaincom /2100 (EXISTS NOUNSLCTD NOCOMUNSLTS) from 00:01:A2:6/:92:$6, expires in 787 s DUNDi lookup completed in 331 ms " : *CLI> dundi lookup 7100 DUNDi lookup returned no results DUNDi lookup completed in 1006 ms 55

4 * % DUNDi $ DUNDi 41 ( ( ) % RAM 512 &6, Intel Pentium 2,8 MHz 80 GB Linux Ubuntu 610 Fedora FC6 % 512 &6 RAM, 1,6 &!z Intel Celeron 60 GB % RAM 1GB, Intel Pentium 2,4 &!z 200 GB Linux Ubuntu 610 Asterisk 1213 (/3) $ Asterisk - " hostname MAC, +, ( ) " 56

PC1 hostname: petros-desktop MAC: 00:01:02:DE:27:2E IP: 19525116632 NUMBER: 1000-1999 PC2 hostname: petros1 MAC: 00:0D:9D:D1:5E:92 IP: 19525116681 NUMBER: 2000-2999 PC3 hostname: gkamb1 MAC: 00:16:17:C4:62:44 IP: 195251166165 NUMBER: 9000-9999 PC4 hostname: petros2 MAC: 00:50:04:44:53:96 IP: 19525116623 NUMBER: 3000-3999 PC5 hostname: petros23 MAC: 00:01:02:DE:27:A3 IP : 19525116636 NUMBER: 4000-4999 ) $ 57

, NFS SMB shared-keys : # sudo mkdir /home/petros/desktop/shared-keys $ $ shared $ IP, mount $ : # sudo mount 19525116681:/home/petros/Desktop/shared-keys /home/gkamb1/desktop/shared-keys $ DUNDi petrosdesktoppub, petros1pub, petros2pub, gkamb1pub petros23pub 58

5 DUNDi: 5 % # 59

5 " (PC1, PC2, PC3, PC4, PC5) & " DUNDi % 4 DUNDi $, " ( 1000) '" VoIP $ DUNDi ) 1000: *CLI> dundi lookup 1000 1 0 IAX2/dundi: 34bae63322c802fcd90fae81218332d9@karlovasigr/1000 (EXISTS NOUNSLCTD NOCOMUNSLTS) from 00:0F:FE:0A:7E:97, expires in 787 s DUNDi lookup completed in 731 ms 60

42 * - [REF13] )` script, script ( 1 : result1txt), test $ Linux : $ /test % script : clear for ( ( i=100; i<=599 ; i++ ) ) do asterisk rx dundi lookup 1$i@priv >> resultx done script «"» for " $i " # 500 script asterisk rx CLI asterisk! " 1XXX DUNDi priv % 1((( " ' " 1100, " 61

1101 1599 " resultx ( # & 500 " % $ 43! * # hops " % " " hop 6 hop 6 «1» 62

hop 7 hop 7 «2» hop 8 hop 8 «3» 63

hop 9 hop 9 «4» hops, "! " 10 * & & '& 64

10 «5» hop result1 $ ', result2, result3, result4 result5 " DUNDi! 65

44 * &: / script, " ': script " '#: % $, (# ) /, cache!/ &: % 11 % 2007! () $ : (txt) Excel 66

441 Excel,, [REF13] $ " max( x),min( x) * hop & $, Excel, AVERAGE x x x x 1 2 1 x i i1 4, # ) - & /(() ( ) VAR Excel 67

s 2 1 2 1 x i ( x i ) i1 i1 2 % STDEV (standard deviation) Excel s 2 s - 11-15 " 11: ( ' #1 68

12: ( ' #2 13: ( ' #3 69

14: ( ' #4 15: ( ' #5 70

1 - - - - - #1 #2 #3 #4 #5 / (ms) 32 32 38 34 32 & (ms) 46 56 57 60 62 & 41,1506 43,22807 45,26316 47,15894 46,16291 ' 6,94082 5,754261 4,213565 5,859116 6,371842 $ 2,63454 2,398041 2,052697 2,420561 2,524250 * #1: 1 HOP #2: 2 HOPs #3: 3 HOPs #4: 4 HOPs #5: 4 HOPs 1: 71

$ 2 2,6 milliseconds $ 2 2,6 (milliseconds) 41,1506 43,22807 * 2,07747 ms &" 5,17% 43,22807 45,26316 * 2,03509 ms $ 4,7% ) 45,26316 47,15894 * 1,9 ms &" 4,2% - & & $ - $ - $ - #1 #2 #2 #3 #3 #4 5,17% 4,7% 4,7% 2: # ) #5 " DUNDi 72

#4 $ DUNDi * #4, #5 & " : 16: *# * #5 & [REF14] " y(x) = 1707x + 3968 y " x hops DUNDi 73

! DUNDi hop DUNDi 2 millisecond %, 74

5 +, " DUNDi -" ", " * VoIP,,2, [REF12] DNS server [REF13] DUNDi 51 + 4, DUNDi " VoIP,,2, &, " DNS DUNDi ", ' ( #, # ) &, & DUNDi 75

!, " DUNDi, " E164 [REF9] " e164 ) " e164 # General Peer Agreement (GPA) [REF10], GPA 2, ", GPA, ", 511 General Peer Agreement (GPA) GPA, " E164 e164 & " %, " GPA " $" DUNDi, GPA, " E164, #, E164 76

GPA DUNDi VoIP ) e164, " e164,, " *, " " P2P e164 26 - " (DUNDi, E164, Peering System, Propagate, Participant, Weight ) ",, ", " / &, - # &! GPA forum, 77

, " 2, % /,2,, %, % GPA % " ) DUNDi 1,!, % % " # 78

, " " / " & GPA " - # % site DUNDi (http://wwwdundicom) $ # 512 - DUNDi, AES RES RSA 5121 RSA % RSA [REF17] 1978 (Rivest, Shamir, Adleman) $ RSA RSA " ( - ) " % 79

) " RSA " * f(n)=(p-1)(q-1), p q n $ Euler n e, f(n), e f(n) 1, " d, e modulo f(n), d=e -1 mod f(n) O e d " 1 $ 6 $ $ 6 $ C=M e mod n C $ B, &=C d mod n, % RSA! ", ", # 80

% " n! ",, " " -, 2048 bit 5122 Advanced Encryption Standard (AES) % AES [REF18] &, 2002 AES AES 128 bit, 192 bit 256 bit 128 bit, 192 bit 256 bit ",, # $ «Rijndael key schedule» - % : ByteSub, ShiftRow, MixColumn, AddRoundKey - AES 81

% ByteSub bytes [ 17] 17: ByteSub ShiftRow byte, [ 18] 18: ShiftRow 82

MixColumn " c(x) [ 19] 19: MixColumn AddRoundKey byte " byte XOR () [ 20] 20: AddRoundKey 83

% (side channel attacks) AES 128 bit, " AES 5123 DUNDi, AES RSA 4 DUNDi RSA AES RSA 1024 bit AES 128 bit RSA 6 AES $ # DUNDi, " ( 36) " RSA! " RSA # DUNDi PKI!, web site DUNDi " web site dundiconf /, 84

RSA " $ DUNDi DUNDi : Information Element Notes EID KEYCRC32 CRC AES, RSA SHAREDKEY AES, ENCDATA AES 6, $ CRC-32 [REF19] AES & " % SHAREDKEY KEYCRC32 $ ", 85

SHAREDKEY AES REGREQ " $ ENCDATA % REGRESPONSE #, AES! DUNDi,, " 513 Peer-to-Peer vs Client Server (DNS) VoIP ENUM [REF23] DUNDi [REF8], " ENUM, DUNDi, (client - server) [REF20], Domain Name System (DNS) [REF16], " E164 ENUM DNS # E164 DNS ), Nameserver (NS) Naming Authority Pointer (NAPTR), DNS & ENUM 86

DNS 4 DNS &,, $, DNS % Denial of Service (DoS) [REF22] Pharming [REF21] % DoS DNS, (Distributed DoS [REF22]), DNS,, DNS, % Pharming % DNS, & # % Pharming 4, DUNDi ENUM " P2P DUNDi "!, GPA DUNDi *, " 87

DNS, DUNDi $" DUNDi 52 +, DUNDi [REF25] 521, DUNDi, ) " -, DUNDi " () DUNDi,, " " $ DUNDi, % DUNDi ",! " 21 88

21: ( DUNDi # 521 $ $ D!, 17 13 ( ), lookup " ( ) " 522 # "! ", DUNDi, /, 89

, $ ) 16 1 7 16 4 $ 4 5, 7 8, 2 3 5 6-7, 4, 1, 2, 5, 8, 9, 17, 13, 16 $, 7 4 1 5 " 1 2 ', 2 3 5 5 ( 4) * 7 16 " 90

22: % # 522 4 5 # DUNDi / 91

6, DUNDi $, Asterisk, DUNDi! Asterisk, VoIP DUNDi Asterisk DUNDi,!, DUNDi Asterisk,, / DUNDi # $" " DUNDi " $,, % DUNDi, ',, /, $ ( 4), hop 2 ms - DUNDi ( ) " 92

/, " " DUNDi *, ENUM % DNS, P2P DUNDi & AES RSA, DUNDi DUNDi, DUNDi GPA, " & DUNDi, GPA ", DUNDi ", " " " ENUM $ # DUNDi, " 93

$ [REF] 1 http://wwwvoip-infoorg/ 2 H323 Protocol Overview: Paul E Jones (October 2007) 3 SIP Protocol Overview: RADVISION Team 4 IAX: Inter-Asterisk exchange Version 2: M Spencer 5 Asterisk: A Non-Technical Overview: Nasser K Manesh 6 http://wwwasteriskorg/ 7 Asterisk: The Future of Telephony: Leif Madsen, Jared Smith 8 Distributed Universal Number Discovery (DUNDi)draft-mspencer-dundi-01: M Spencer Internet-Draft Digium, Inc October 13, 2004 9 RFC 2916 E164 number and DNS September 2000 10 DIGIUM GENERAL PEERING AGREEMENT (TM)Version 100: Sept 2004 11 $ ' 1: )",, ' )" 12 Practical VoIP Security: Thomas Porter, Jan Kanclirz, Andy Zmolek, Antonio Rosela, Michael Cross, Larry Chaffin, Brian Baskin, Choon Shim 13 & : ) ', 6 ( ( 14 : ) ' 15 An Overview of Peer-to-Peer: Sami Rollins 16 RFC 883 DOMAIN NAMES - IMPLEMENTATION and SPECIFICATION 17 http://wwwrsacom/ 18 ADVANCED ENCRYPTION STANDARD (AES) Federal Information Processing Standards Publication 197 19 http://citeseeristpsuedu 20 The Future of Asterisk: Kevin P Fleming 21 Routing Security: Steven M Bellovin 94

22 Spoof Detection for Preventing DoS Attacks against DNS Servers: Fanglu Guo Jiawu Chen Tzi-cker Chiueh 23 "Security and Privacy issues towards ENUM", Proceedings of the ISSPIT 05 5th IEEE International Symposium on Signal Processing and Information Technology, pp 478-483, December 2005, Athens, Greece, IEEE Press 24 G Kambourakis, D Geneiatakis, S Gritzalis, T Dagiuklas, C Lambrinoudakis 25 http://wwwenumorg/ 26 Call Route Discovery with Asterisk / DUNDi: Andre Wangler, September 2007 95