RTCWeb Security Considerations



Similar documents
IETF Security Architecture Update

RTC-Web Security Considerations

RTCWEB Generic Identity Service

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Secured Communications using Linphone & Flexisip

TLS and SRTP for Skype Connect. Technical Datasheet

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

WebRTC: Why and How? FRAFOS GmbH. FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

Using LifeSize systems with Microsoft Office Communications Server Server Setup

SIP A Technology Deep Dive

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

Step-by-Step Configuration

Application Notes for BT Wholesale/HIPCOM SIP Trunk Service and Avaya IP Office 8.0 Issue 1.0

E-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing

Avaya Solution & Interoperability Test Lab

Configuring the CyberData VoIP 4-Port Zone Controller with Audio Out

MultiSite Manager. Using HTTPS and SSL Certificates

VoIP Security. Seminar: Cryptography and Security Michael Muncan

Who is Watching You? Video Conferencing Security

DEPLOY A SINGLE-SERVER OFFICE WEB APPS SERVER FARM THAT USES HTTPS

Best Practices for SIP Security

Recommended Browser Setting for MySBU Portal

Mediatrix 4404 Step by Step Configuration Guide June 22, 2011

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009

Advanced Configuration Administration Guide

Implementation Vulnerabilities in SSL/TLS

WS_FTP Professional 12. Security Guide

Installing and Configuring vcenter Multi-Hypervisor Manager

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Contents... 1 Version Control... 1 Assumptions... 2 Signing in... 2 Quick Setup... 3 Audio and Video Selection... 3 Microphone...

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Project Code: SPBX. Project Advisor : Aftab Alam. Project Team: Umair Ashraf (Team Lead) Imran Bashir Khadija Akram

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

Polycom RealPresence Desktop for Windows

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP system v10 with Microsoft Exchange Outlook Web Access 2007

Application Note. Onsight Connect Network Requirements v6.3

Deployment Guide for the Polycom SoundStructure VoIP Interface for Cisco Unified Communications Manager (SIP)

Polycom RealPresence Access Director System

The LRS File Transfer Service offers a way to send and receive files in a secured environment

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Live Streaming on YouTube

P309 - Proofpoint Encryption - Decrypting Secure Messages Business systems

Application Notes for Configuring Avaya IP Office 9.0 with HIPCOM SIP Trunk Issue 1.0

New Systems and Services Security Guidance

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Sametime Unified Telephony Lite Client:

Endpoint Security VPN for Windows 32-bit/64-bit

Acano solution. Security Considerations. August E

ABC SBC: Securing and Flexible Trunking. FRAFOS GmbH

6.40A AudioCodes Mediant 800 MSBG

NEXIO 7.0 Software Release

Application Notes for Configuring Cablevision Optimum Voice SIP Trunking with Avaya IP Office - Issue 1.1

White paper. SIP An introduction

Client Server Registration Protocol

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

Application Notes for Configuring Intelepeer SIP Trunking with Avaya IP Office Issue 1.0

Peru State College Distance Education Student s Guide

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

HUAWEI 9000 HD Video Endpoint V100R011. Security Maintenance. Issue 02. Date HUAWEI TECHNOLOGIES CO., LTD.

Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology

Configuring the WT-4 for ftp (Ad-hoc Mode)

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5

Step-by-Step Configuration

VoIP Security regarding the Open Source Software Asterisk

Grandstream Networks, Inc. UCM6100 Security Manual

MITEL SIP CoE Technical. Configuration Note. Configure MCD for use with Thinktel SIP Trunking Service. SIP CoE

Communication Manager configuration for BLU-103

Recommended IP Telephony Architecture

Instructions on TLS/SSL Certificates on Yealink Phones

Application Notes for Revolabs FLX UC 1000 with Avaya IP Office - Issue 0.1

Live Guide System Architecture and Security TECHNICAL ARTICLE

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

webrtc and XMPP Philipp Hancke, XMPP Summit 2013

IP Office Avaya Radvision Interoperation Notes

Introduction to Mobile Access Gateway Installation

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v9.x with Microsoft IIS 7.0 and 7.5

Penetration Testing for iphone Applications Part 1

Where every interaction matters.

Configuring the WT-4 for ftp (Ad-hoc Mode)

Installing and Configuring vcloud Connector

Application Notes for Biamp AudiaFLEX VoIP-2 with Avaya Aura Communication Manager Using Avaya Aura SIP Enablement Services Issue 1.

ERserver. iseries. Secure Sockets Layer (SSL)

REVIEW OF WEB-BROWSER COMMUNICATIONS SECURITY

Integrate Check Point Firewall

Gigabyte Content Management System Console User s Guide. Version: 0.1

OPENID AUTHENTICATION SECURITY

OAuth Web Authorization Protocol Barry Leiba

Simple Law Enforcement Monitoring

Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0

Blue Jeans Network Security Features

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

4D v11 SQL Release 6 (11.6) ADDENDUM

Practice Fusion API Client Installation Guide for Windows

Cisco Unified Communications Manager SIP Trunk Configuration Guide

Contents. Platform Compatibility. Known Issues

Transcription:

RTCWeb Security Considerations IETF 81 Eric Rescorla ekr@rtfm.com IETF 81 RTCWeb Security Considerations 1

Consensus (or at least silence) on most security issues Addition of this capability must not violate core browser security guarantees ICE must be used to prevent cross-protocol/voice hammer attacks User consent must be obtained (somehow) prior to providing mic/camera access Scoped to origin Sites should only allow calling from HTTPS pages Browsers should forbid calling from mixed content pages Must provide communications security More on this shortly IETF 81 RTCWeb Security Considerations 2

Scope of user consent This is not wholly an IETF issue But it bears on the use cases Here s what I said at the interim: Remember: need to avoid in-flow dialogs Consent cannot be obtained for each call Most likely need to a get approval ahead of time E.g., via an application install experience for each site Does this work for all use cases? IETF 81 RTCWeb Security Considerations 3

Ad Hoc Calling from Embedded Advertisements www.slashdot.org www.slashdot.org doubleclick.com injected by doubleclick.com: <button> Click here to call Ford </button> <button> Click here to call Ford </button> button.onclick( function(){ new PeerConnection()... }); button.onclick( function(){ new PeerConnection()... }); Option A: Ad in an IFRAME Option B: Injected ad IETF 81 RTCWeb Security Considerations 4

Threat Impact of Ad-Hoc Calling In neither case is the site calling the API anyone the user has a relationship with Option A: Slashdot; Option B: DoubleClick They don t even know about DoubleClick Click here to let Commander Taco access your camera and microphone We would rather not have users click here OK, so that s not going to work IETF 81 RTCWeb Security Considerations 5

Ad Hoc Calling from Embedded Advertisements (II) www.slashdot.org www.slashdot.org doubleclick.com doubleclick.com <button> Click here to call Ford </button> <button> Click here to call Ford </button> button.onclick( function(){ window.location = callme.ford.com }); button.onclick( function(){ window.location = proxy.service.com? ford.com }); Option C: Call from target s site Option D: Proxied call from service IETF 81 RTCWeb Security Considerations 6

OK, so that s a little better Option C: Are you willing to let Ford use your camera and microphone We re now into click here to screw yourself territory And what about F0rd? Or Ford models? Option D: Are you willing to let this calling service use your camera and microphone Could maybe do this upfront How does the calling site decide whether to complete the call? Maybe it s got its own dialog? Again, not completely an IETF issue, but our guidance probably appreciated IETF 81 RTCWeb Security Considerations 7

What about communications security? Must provide security against message recovery and message modification For both media (voice/video) and data All the usual protocols work fine for this part What about threats by the calling service itself? Controls nearly all the UI Browser needs to protect the user from the calling service But direct interaction is difficult Potential attacks by the calling service Retrospective: The calling service is is non-malicious during a call but is subsequently compromised (preventable) During-call: The calling service is compromised during the call it wishes to attack (hard to prevent) IETF 81 RTCWeb Security Considerations 8

Protecting Against Retrospective Attack Assume attacker has access to encrypted media stream If calling service has access to traffic keys, attack is trivial Even worse in Web contexts because of extensive logging Hard to believe service can adequately forget keys it has seen Most sites log requests at many different locations Right approach: asymmetric key-based exchange between the endpoints Secure against retrospective attack even if mediated by calling service APIs must not allow calling service to subsequently extract traffic keys Best if it provides perfect forward secrecy (PFS) IETF 81 RTCWeb Security Considerations 9

Protecting Against During-Call Attack Need to have asymmetric key exchange Otherwise passive attack is trivial... Defeating asymmetric key exchange requires MITM attack Defenses against MITM Keying material verification Third-party authentication service (we know this won t work) Out-of-band fingerprint exchange Short authentication string Key continuity Verify that the same key is used for each call IETF 81 RTCWeb Security Considerations 10

Allow unencrypted RTP at all? Practically all existing standards-based VoIP implementations uses RTP With no cryptography If we want to interoperate with those deployments, we must support RTP How likely is interop in any case? Interop already requires ICE not widely deployed For PSTN interop you re likely to have to SBC anyway Basic choice: limited interop versus security all the time IETF 81 RTCWeb Security Considerations 11

Positions With Significant Support at the Interim (in my opinion) DTLS-SRTP all the time MUST implement DTLS-SRTP MUST NOT do RTP or SDES Backward compatibility not so good DTLS-SRTP + RTP and SDES-sorta MUST implement DTLS-SRTP; MUST be the default MUST implement RTP MAY implement SDES UI requirements (see next slide) IETF 81 RTCWeb Security Considerations 12

UI Requirements (draft-kaufman-rtcweb-security-ui) UAs MUST provide an indication of the security characteristics of audio and video MUST include the cipher suite SHOULD provide an indication of PFS or not UAs MUST provide a mechanism for verifying keying material if a secure channel is available MUST provide a binding to the far station identity (e.g., fingerprint, SAS) General consensus on this stuff IETF 81 RTCWeb Security Considerations 13

Relevant Drafts draft-rescorla-rtcweb-security-00 draft-johnston-rtcweb-media-privacy-00 draft-kaufman-rtcweb-security-ui-00 IETF 81 RTCWeb Security Considerations 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information