SIP Security. ENUM-Tag am 28. September in Frankfurt. Prof. Dr. Andreas Steffen. Agenda. andreas.steffen@zhwin.ch



Similar documents
SIP Security. Andreas Steffen, Daniel Kaufmann, Andreas Stricker

An Introduction to. Voice over IP Security

Session Initiation Protocol

Configuring SIP Support for SRTP

Identity based Authentication in Session Initiation. Session Initiation Protocol

VoIP Security. Piero Fontanini

How to make free phone calls and influence people by the grugq

Three-Way Calling using the Conferencing-URI

internet technologies and standards

SIP: Protocol Overview

3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW

Multimedia & Protocols in the Internet - Introduction to SIP

TECHNICAL SUPPORT NOTE. 3-Way Call Conferencing with Broadsoft - TA900 Series

Voice over IP (SIP) Milan Milinković

Request for Comments: August 2006

For internal circulation of BSNL only

SIP Trunking & Peering Operation Guide

SIP for Voice, Video and Instant Messaging

Media Gateway Controller RTP

SIP: Session Initiation Protocol. Copyright by Elliot Eichen. All rights reserved.

SIP Basics. CSG VoIP Workshop. Dennis Baron January 5, Dennis Baron, January 5, 2005 Page 1. np119

EDA095 Audio and Video Streaming

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009

Part II. Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., National Taiwan University

VoIP. What s Voice over IP?

Internet Voice, Video and Telepresence Harvard University, CSCI E-139. Lecture #5

Session Initiation Protocol (SIP) 陳 懷 恩 博 士 助 理 教 授 兼 計 算 機 中 心 資 訊 網 路 組 組 長 國 立 宜 蘭 大 學 資 工 系 TEL: # 340

Session Announcement (SAP, RFC 2974) Session Description (SDP, RFC 2327) (SDP, draft-ietf-mmusic-sdp-new-11)

Multimedia Communication in the Internet. SIP: Advanced Topics. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS

AGILE SIP TRUNK IP-PBX Connection Manual (Asterisk)

Denial of Services on SIP VoIP infrastructures

Internet Engineering Task Force (IETF) Request for Comments: 7088 Category: Informational February 2014 ISSN:

NTP VoIP Platform: A SIP VoIP Platform and Its Services

Session Initiation Protocol (SIP)

Chapter 32 Internet Security

Unit 23. RTP, VoIP. Shyam Parekh

Voice over IP & Other Multimedia Protocols. SIP: Session Initiation Protocol. IETF service vision. Advanced Networking

Technical Bulletin 25751

Hacking Trust Relationships of SIP Gateways

An outline of the security threats that face SIP based VoIP and other real-time applications

IP Office Technical Tip

Chapter 10. Network Security

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

How To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib

SIP RFC (3261) explained, LIGHT 3.2 (1/2011) -

SIP Session Initiation Protocol Nicolas Montavont

SPAM over Internet Telephony and how to deal with it

ARCHITECTURES TO SUPPORT PSTN SIP VOIP INTERCONNECTION

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Electronic Mail Security

BROADWORKS SIP ACCESS SIDE EXTENSIONS INTERFACE SPECIFICATIONS RELEASE Version 1

How To Send A Connection From A Proxy To A User Agent Server On A Web Browser On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Webmail Web Browser (For Ipad) On An Ipad Or

SIP Session Initiation Protocol

SIP Introduction. Jan Janak

IP-Telephony SIP & MEGACO

Chapter 9. IP Secure

Network Security. Lecture 3

FOSDEM 2007 Brussels, Belgium. Daniel Pocock B.CompSc(Melbourne)

Black Hat Briefings 2007 Las Vegas. White Paper on Vulnerabilities in Dual-mode/Wi-Fi Phones

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

SIP: Session Initiation Protocol

SIP Essentials Training

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

EE4607 Session Initiation Protocol

MOHAMED EL-SHAER Teaching Assistant. Room TASK Exercises Thu., Nov. 17, 2014 CONTENT

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

SIP and ENUM. Overview DENIC. Introduction to SIP. Addresses and Address Resolution in SIP ENUM & SIP

OSSIR, November /45

Application Note. Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0

Internet Services & Protocols Multimedia Applications, Voice over IP

Internet Services & Protocols Multimedia Applications, Voice over IP

NAT and Firewall Traversal. VoIP and MultiMedia /77

AGILE SIP TRUNK IP- PBX Connection Manual (Asterisk, Trixbox)

SIP ALG - Session Initiated Protocol Applications- Level Gateway

Asterisk with Twilio Elastic SIP Trunking Interconnection Guide using Secure Trunking (SRTP/TLS)

point to point and point to multi point calls over IP

The VoIP Vulnerability Scanner

How To Write A Sip Message On A Microsoft Ipa (Sip) On A Pcode (Siph) On An Ipa Or Ipa On A Ipa 2 (Sips) On Pcode On A Webmail (

Internet Working 15th lecture (last but one) Chair of Communication Systems Department of Applied Sciences University of Freiburg 2005

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Telecommunication Services Engineering (TSE) Lab. Chapter V. SIP Technology For Value Added Services (VAS) in NGNs

Prof. Sead Muftic Feng Zhang. Lecture 10: Secure Systems

Multimedia networking Voice/data integration

Communication Systems SSL

Session Initiation Protocol (SIP)

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ (Used to encrypt) A secret key: ABC98765 (Used to decrypt)

Advanced Networking Voice over IP & Other Multimedia Protocols

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Formación en Tecnologías Avanzadas

Enabling Security Features in Firmware DGW v2.0 June 22, 2011

Security in VoIP Systems

Transcription:

ENUM-Tag am 28. September in Frankfurt SIP Security Prof. Dr. Andreas Steffen andreas.steffen@zhwin.ch Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 1 Agenda SIP The Session Initiation Protocol Securing the Session Management Securing the Media Streams Conclusions Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 2

Session Initiation Protocol (RFC 3261) sip:alice@atlanta.com atlanta.com biloxi.com sip:bob@biloxi.com User Agent Proxy Proxy UA INVITE F1 INVITE F2 100 Trying F3 INVITE F4 100 Trying F5 180 Ringing F6 180 Ringing F7 180 Ringing F8 200 OK F9 200 OK F10 200 OK F11 ACK F12 Media Session BYE F13 200 OK F14 Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 3 Basic SIP Trapezoid Proxy Proxy Hop 2 Hop 1 atlanta.com biloxi.com Hop 3 UA sip:alice@atlanta.com Direct path Media stream UA sip:bob@biloxi.com udp/sip or tcp/sip Session Management udp/rtp Media Streams Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 4

Securing the Session Management Authentication methods: PSK Pre-Shared Keys PKI Public Key Infrastructure Authentication Data Integrity Confidentiality HTTP 1.0 Basic Authentication PSK - - HTTP 1.1 Digest Authentication PSK - - Deprecated by SIPv2 Insecure transmission of password Challenge/response exchange based on MD5 hash of [strong] password Pretty Good Privacy (PGP) PKI Deprecated by SIPv2 Secure MIME (S/MIME) PKI For encryption the public key of the recipient user agent must be known SIPS URI (TLS) PKI SIP application and proxies must tightly integrate TLS IP Security (IPsec) PKI Integration with SIP application not required but proxies must be trusted Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 5 Securing the Media Streams Authentication methods: PSK Pre-Shared Keys PKI Public Key Infrastructure Authentication Data Integrity Confidentiality Secure RTP (SRTP) PSK Uses master key which must be distributed by other means IP Security (IPsec) PKI Integration with SIP application not required but peer must be trusted Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 6

SIP Security Securing the Media Streams Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 7 Secure RTP Packet Format (RFC 3711) 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 encrypted V P X CC M PT sequence number timestamp synchronization source (SSRC) identifier contributing source (CSRC) identifiers RTP header extension (optional) RTP payload RTP padding SRTP master key identifier (MKI, optional) authentication tag (recommended) RTP pad count authenticated Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 8

Secure RTCP Packet Format (RFC 3711) 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 encrypted E V P X RC M PT=RR length SSRC of packet sender sender info report block 1 report block 2 SRTCP index SRTCP master key identifier (MKI, optional) authentication tag authenticated Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 9 Default Encryption and Authentication Algorithms Encryption uses AES in Counter Mode (AES-CTR) with 128 bit key 128 bits IV IV = f(salt_key, SSRC, packet index) 112 bits 128 bits encr_key keystream generator AES-CTR XOR RTP/RTCP payload + encrypted payload Authentication uses HMAC-SHA-1 with truncated 80 bit MAC RTP/RTCP payload HMAC 160 bits auth_key SHA-1 auth tag 80/32 bits Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 10

Session Key Derivation Key Derivation uses AES in Counter Mode (AES-CTR) master_key 128 bits 192 bits 256 bits 128 bits IV SRTP session keys key derivation AES-CTR SRTCP session keys IV = f(master_salt, label, packet index) 112 bits div label key derivation rate 0x00 0x01 0x02 0x03 0x04 0x05 encr_key auth_key salt_key encr_key auth_key salt_key 128 bits 160 bits 112 bits 128 bits 160 bits 112 bits Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 11 SIP Security Securing the Session Management Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 12

SIP INVITE Request INVITE INVITEsip:bob@zhwin.ch SIP/2.0 SIP/2.0 Via: Via: SIP/2.0/UDP SIP/2.0/UDP 160.85.170.139:5060;branch=z9hG4bK4129d28b8904 To: To: Bob Bob <sip:bob@zhwin.ch> From: From: Alice Alice <sip:alice@zhwin.ch>;tag=daa21162 Call-ID: Call-ID: 392c3f2b568e92a8eb37d448886edd1a@160.85.170.139 CSeq: CSeq: 1 INVITE INVITE Max-Forwards: Max-Forwards: 70 70 Contact: Contact: <sip:alice@dskt6816.zhwin.ch:5060> application/sdp application/sdp Content-Length: Content-Length: 239 239 v=0 v=0 o=alice o=alice 3157331353 3157331353 3157331353 3157331353 IN IN IP4 IP4 160.85.170.139 160.85.170.139 s=da s=da SIP SIP Security Security 2003 2003 c=in c=in IP4 IP4 160.85.170.139 160.85.170.139 t=0 t=0 0 k=clear:910bc4defa71eb6190008762fca6ae2f1d959e87cdf3c0c5c5076ad38ee8 k=clear:910bc4defa71eb6190008762fca6ae2f1d959e87cdf3c0c5c5076ad38ee8 m=audio m=audio 10000 10000 RTP/AVP RTP/AVP 0 a=ptime:20 a=ptime:20 128 bit SRTP master key a=rtpmap:0 a=rtpmap:0 PCMU/8000 PCMU/8000 Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 13 S/MIME based Authentication and Encryption INVITE INVITE sip:bob@zhwin.ch sip:bob@zhwin.ch SIP/2.0 SIP/2.0 Via: Via: SIP/2.0/UDP SIP/2.0/UDP 160.85.170.139:5060;branch=z9hG4bK4129d28b8904 160.85.170.139:5060;branch=z9hG4bK4129d28b8904 To: To: Bob Bob <sip:bob@zhwin.ch> <sip:bob@zhwin.ch> From: From: Alice Alice <sip:alice@zhwin.ch>;tag=daa21162 <sip:alice@zhwin.ch>;tag=daa21162 Call-ID: Call-ID: 392c3f2b568e92a8eb37d448886edd1a@160.85.170.139 392c3f2b568e92a8eb37d448886edd1a@160.85.170.139 CSeq: CSeq: 1 1 INVITE INVITE Max-Forwards: Max-Forwards: 70 70 Contact: Contact: <sip:alice@dskt6816.zhwin.ch:5060> <sip:alice@dskt6816.zhwin.ch:5060> multipart/signed;boundary=992d915fef419824; multipart/signed;boundary=992d915fef419824; micalg=sha1;protocol=application/pkcs7-signature micalg=sha1;protocol=application/pkcs7-signature Content-Length: Content-Length: 3088 3088 --992d915fef419824 --992d915fef419824 application/pkcs7-mime; application/pkcs7-mime; smime-type=envelopeddata; smime-type=envelopeddata; name=smime.p7m name=smime.p7m Content-Disposition: Content-Disposition: attachment;handling=required;filename=smime.p7m attachment;handling=required;filename=smime.p7m Content-Transfer-Encoding: Content-Transfer-Encoding: binary binary <envelopeddata <envelopeddata object object encapsulating encapsulating encrypted encrypted SDP SDP attachment attachment not not shown> shown> --992d915fef419824 --992d915fef419824 application/pkcs7-signature;name=smime.p7s application/pkcs7-signature;name=smime.p7s Content-Disposition: Content-Disposition: attachment;handling=required;filename=smime.p7s attachment;handling=required;filename=smime.p7s Content-Transfer-Encoding: Content-Transfer-Encoding: binary binary <signeddata <signeddata object object containing containing signature signature not not shown> shown> --992d915fef419824-- --992d915fef419824-- Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 14

Practical Results and Conclusions Practical Results ZHW diploma thesis in 2003 demonstrated feasability of S/MIME protected session management and SRTP secured media streams. resipprocate available from www.resiprocate.org implements a SIPv2 stack and offers basic S/MIME support using OpenSSL. TinyCA available from tinyca.sm-zone.net was used as a graphical interface on top of OpenSSL for X.509 certificate generation. libsrtp library available from srtp.sourceforge.net implements SRTP. Conclusions S/MIME encrypted and/or signed attachments in SIP messages are an attractive alternative to the hop-by-hop security offered by TLS and allow the secure transfer of secret SRTP master keys via end-toend encryption. Similar to S/MIME protected email, the verification of peer certificates on a global scale remains one of the open problems yet to be solved. Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information