VoIP Security Seminar: Cryptography and Security Michael Muncan
Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1
Introduction (1) Internet changed to a mass media in the middle of the 1990s Bandwidth for private Internet Access is increasing Voice over Internet Protocol is getting more and more important Security and Cryptography for VoIP are receiving more attention 2
Introduction (2) Standardization board IETF (Internet Engineering Task Force) plays a central role Focus on three technologies for VoIP in this presentation: Secure SIP/RTP Zfone Skype 3
Secure SIP/RTP Session Initiation Protocol (SIP) RFC 3261 Realtime Transport Protocol (RTP) RFC 3550 Transporting the multimedia datastream Sending packets via UDP Seems to become the standard protocol for VoIP Protocol for Multimediasupport in 3G-Mobilecommunication (UMTS) Standard port-number 5060 4
Setting up a SIP connection Source: Bundesamt für Sicherheit in der Informationstechnik 5
Realtime Transport Protocol (RTP) Usage of dynamic UDP Ports causes problems with firewalls and NAT Solution: STUN (Simple Traversal of UDP over NATs) Uses end-to-end connection No Quality of Service (QoS) 6
Secure RTP (SRTP) Specification in RFC 3711 (2004) Secure VoIP communication, e.g. WLAN, public Hotspot Alternative to IPSec based VPN communication Designed for Real-Time-Transmission Symmetric data encryption with AES all provided features (such as encryption and authentication) are optional and can be separately enabled or disabled 7
Security functionality of SRTP Encryption of VoIP to avoid tapping Authentification of Sender avoids identityspoofing Integrity checks to avoid unauthorized changes Anti-replay functionality to avoid unauthorized access 8
Zfone Link to the project webpage: http://www.philzimmermann.com/en/zfone/index-start.html new protocol called ZRTP achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity does not rely on SIP signaling for the key management 9
Zfone not rely on any servers performs key agreements and key management in a purely peer-to-peer manner over the RTP packet stream interoperates with any SIP phone, but only encrypts if calling another ZRTP client new protocol submitted to the IETF uses ephemeral Diffie-Hellman with hash commitment, allows detection of man-in-the-middle (MiTM) attacks by displaying short authentication string for users to read and compare over phone 10
Zfone GUI Source: www.philzimmermann.com 11
Skype Source: www.skype.com 12
Skype Cryptography Skype uses only standard cryptographic primitives: AES block cipher, the RSA public-key cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hash function and the RC4 stream cipher. 13
Skype Security Policy Skype usernames unique Users or applications must present Skype username and authentication credential (e.g., password) before exercise username s identity or privileges Each peer correctly provides the other with proof of username and privileges whenever Skype session is established. Each verifies other s proof before session allowed carry messages (e.g., voice, video, files, or text) Messages transmitted through Skype session are encrypted from Skype-end to Skype-end. No intermediary node has access to meaning of messages 14
Overview of Skype Cryptography central cryptographic secret in Skype is Central Server s private signing key corresponding public verification key, VS, and identifier for key pair installed in every Skype client at build time user s client generates an RSA key pair private signing key, SA, and hash of password, H(PA), are stored as securely as possible on user platform (On Windows platform done using Windows CryptProtectData API) 15
Overview of Skype Cryptography client next establishes 256-bit AES-encrypted session with Central Server key for session selected by client with aid of platform-specific random number generator client can and does verify really talking to server The client sends server, among other things, A, H(PA) and VA 16
Overview of Skype Cryptography Central Server decides whether A is unique, and otherwise acceptable under Skype naming rules server stores (A, H(H(PA))) in database forms and signs an Identity Certificate for A, ICA, which contains, among other things, Central Server s RSA signature binding A and VA, {A, VA }SS and key identifier of SS ICA returned to client 17
Overview of Skype Cryptography Central Server consists of number of machines with different functions, including one machine which does nothing but sign certificates entire Central Server pod replicated several times over for performance and business continuity traffic in session encrypted by XORing plaintext with key stream generated by 256-bit AES 18
Conclusion SRTP Zfone Skype Advantages: - nearly standard for VoIP Disadvantages: - Has to be used by application Advantages: - Open Source - Easy handling - May become standard Disadvantages: - Additional software installation Advantages: - No additional software - Very popular Disadvantages: - Closed source - Only applicable for private users 19
Thank you for your attention.