Lawful Interception in P2Pbased



Similar documents
ENUM: Migrating to VoIP. P2P Voice Applications

Link2VoIP SIP Trunk Setup

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, Eschborn, Germany

NCAS National Caller ID Authentication System

SIP Security Controllers. Product Overview

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

Mobile P2PSIP. Peer-to-Peer SIP Communication in Mobile Communities

VoIP telephony over internet

Bridging the gap between peer-to-peer and conventional SIP networks

Chapter 10 Session Initiation Protocol. Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University

EXPLOITING SIMILARITIES BETWEEN SIP AND RAS: THE ROLE OF THE RAS PROVIDER IN INTERNET TELEPHONY. Nick Marly, Dominique Chantrain, Jurgen Hofkens

Simple Law Enforcement Monitoring

nexvortex SIP Trunking Implementation & Planning Guide V1.5

NETWORKS AND THE INTERNET

RELOAD Usages for P2P Data Storage and Discovery

of the existing VoLTE roaming and interconnection architecture. This article compares existing circuit-switched models with the earlier

IP Ports and Protocols used by H.323 Devices

TALKSWITCH VOIP NETWORK TROUBLESHOOTING GUIDE

SIP Trunking with Microsoft Office Communication Server 2007 R2

NAT TCP SIP ALG Support

Authentication and Authorisation for Integrated SIP Services in Heterogeneous Environments 1

JetWave SIP Trunk Setup

WHITE PAPER. Gaining Total Visibility for Lawful Interception

SIP, Security and Session Border Controllers

nexvortex Setup Template

nexvortex Setup Guide

Application Note. Onsight Connect Network Requirements v6.3

AoIP Codecs and network security

SIP and VoIP 1 / 44. SIP and VoIP

How To Use A Phone Over Ip (Phyto) For A Phone Call

SOSIMPLE: A SIP/SIMPLE Based P2P VoIP and IM System

Security Technology: Firewalls and VPNs

A Peer-to-peer Secure VoIP Architecture

VOICE OVER IP SECURITY

Service Announcements for Hot-Spots: Enabling Automated Access and Provider Selection for (WLAN-based) Voice Upperside WiFi Voice 2005

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Source-Connect Network Configuration Last updated May 2009

This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1.

Broadvox SIP Trunk Setup

Connecting with Vonage

IP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online

Technical Manual 3CX Phone System for Windows

Networks and the Internet A Primer for Prosecutors and Investigators

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University

Nokia E65 Internet calls

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP LTM for SIP Traffic Management

athenahealth Interface Connectivity SSH Implementation Guide

DSX. DSX SIP Setup. April 22, 2011 Issue NEC Corporation of America 4 Forest Parkway, Shelton, CT 06484

Voxitas SIP Trunk Setup

A P2P SIP Architecture - Two Layer Approach - draft-sipping-shim-p2p-arch-00.txt

Multimedia Communication in the Internet. SIP: Advanced Topics. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS

SIP and ENUM. Overview DENIC. Introduction to SIP. Addresses and Address Resolution in SIP ENUM & SIP

OpenScape Business V1

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

SIP Trunking Manual Technical Support Web Site: (registration is required)

Chapter 37. Secure Networks

TECHNICAL CHALLENGES OF VoIP BYPASS

Quantitative Analysis of 2-tier P2P- SIP Architecture with ID-based Signature

Bit Chat: A Peer-to-Peer Instant Messenger

OpenScape Business V2

AT&T IP Flex Reach/ IP Toll Free Configuration Guide IC 3.0 with Interaction SIP Proxy

Broadvox SIP Trunking. Frequently Asked Questions (FAQs)

nexvortex SIP Trunking

Overview of VoIP Systems

Application Note. Onsight TeamLink And Firewall Detect v6.3

End-2-End QoS Provisioning in UMTS networks

Deploying Media Probes in Evolving VoIP Networks

Overview ENUM ENUM. VoIP Introduction (2/2) VoIP Introduction (1/2)

TLS and SRTP for Skype Connect. Technical Datasheet

Decentralized supplementary services for Voice-over-IP telephony

Application Notes for Configuring Microsoft Office Communications Server 2007 R2 and Avaya IP Office PSTN Call Routing - Issue 1.0

Internet Communications Using SIP

White paper. SIP An introduction

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0

Ecessa Proxy VoIP Manual

Voice over IP Security

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

An outline of the security threats that face SIP based VoIP and other real-time applications

MODELLING OF INTELLIGENCE IN INTERNET TELEPHONE SYSTEM

StarLeaf Network Guide

Basic Vulnerability Issues for SIP Security

Verifying SIP Signalling

P2P VoIP for Today s Premium Voice Service 1

I-TNT: PHONE NUMBER EXPANSION AND TRANSLATION SYSTEM FOR MANAGING INTERCONNECTIVITY ADDRESSING IN SIP PEERING

Best Practices for Securing IP Telephony

SERIES A : GUIDANCE DOCUMENTS. Document Nr 3

Research on P2P-SIP based VoIP system enhanced by UPnP technology

Transcription:

Lawful Interception in P2Pbased VoIP Systems Jan Seedorf (jan.seedorf_at_nw.neclab.eu) NEC Laboratories Europe Heidelberg, Germany July Page 2008 <date> 1-1 IPTCOMM 2008 Heidelberg, Germany Outline 1. Introduction to Lawful Interception in VoIP Systems 2. VoIP Signalling without Servers: P2P-SIP 3. Technical Implications of the P2P Paradigm for Lawful Interception of VoIP 4. Possible Solutions 5. Conclusion July 2008-2 1

Introduction: Lawful Interception in VoIP Systems July Page 2008 <date> 3-3 Lawful Interception Lawful Interception authorised wiretapping of communications carried out by law enforcement organisations Some Terminology LEA: Law Enforcement Agency IRI: Intercept Related Information signalling data identifying the communication E.g., source identity, destination identity, call duration, CC: Content of Communication actual payload being transmitted For VoIP: audio content of the call, i.e., RTP-packets July 2008-4 2

ETSI Reference Model for Lawful Interception NWO/AP/SvP s domain LEA domain July 2008-5 Challenges for Lawful Interception of VoIP Different Types of VoIP Service Architectures Service Provider, Access Provider and Network Operator can be different entities Signalling (IRI) and media (CC) can take different routes With a session border controller, signalling and media are fully controlled by the VoIP service provider With a regular SIP proxy media packets do not necessarily traverse the server of the VoIP service provider Standard IETF SIP allows signalling to go directly between terminals once the SIP-Invite has reached the callee Consequences IRI and CC may be delivered by different entities Node (and entity) for intercepting the CC have to be determined in real-time from the IRI July 2008-6 3

Example of LI in Client-Server SIP Law Enforcement Agency Administration Function SIP Provider LI request Signalling LI Initiation Request SIP Proxy LI Initiation Request IRI CC CC Mediation Function Target Subscriber RTP traffic Aggregation Router ISP Remote Subscriber July 2008-7 VoIP Signalling without Servers: P2P-SIP July Page 2008 <date> 8-8 4

What is P2P-SIP? P2P-SIP Using a peer-to-peer network as a substrate for SIP user registration and location lookup SIP registrations are not stored on a central server but instead distributedly in a highly dynamic P2P network at participating nodes Arbitrary clients / terminals are storing SIP-registrations July 2008-9 P2P-SIP: Basic Overview P2P node (can Central be the Components user s SIP phone) in SIP Signalling 26 24 27 Hash of the SIP-URI = keyidns Server 212 210 Content stored: Current location (IP-address) for SIP-URI Lookup Location for Bob s SIP URI 215 SIP Proxy DHT 31 55 SIP Proxy 65 89 88 Location Service SIP Registrar Join DHT Join DHT SIP:alice@atlanta.com SIP:bob@biloxy.com July 2008-10 5

Registration of Bob 212 210 215 202 220 (3) Bob (4) 0 (5) 24 26 30 33 Alice 181 192 (2) (1) 64 34 55 65 170 89 88 137 128 H(sip:bob@biloxy.com)=210 July 2008-11 July 2008-12 What will a P2P-based VoIP Service Architecture look like? P2PSIP is an official IETF working group* Many open issues Architecture not clearly defined yet NAT traversal / Routing Security / Replication of SIP registrations What seems to be clear... Signalling (after locating the callee through the overlay) and Call Content (RTP) can go directly peer-to-peer Central Enrollment Server, but only for node-id assignment To protect against virtual node-ids (so-called Sybil-attacks) and chosen location attacks Central authority is not on every signalling path Specifically, the enrollment server is not involved during call setup * more info: http://www.ietf.org/html.charters/p2psip-charter.html http://www.p2psip.org/ 6

Technical Implications of the P2P Paradigm for Lawful Interception of VoIP July Page 2008 <date> 13-13 Challenges for Lawful Interception in P2PSIP Systems P2P implies a significant paradigm shift for VoIP signalling no centralised components on the signalling path network is highly dynamic and there are no static routing paths between entities LI methods used in Client-Server systems are not applicable Similarities with Client-Server SIP signalling and media take different routes in the network the media path cannot be determined prior to a call This analysis focuses on the signalling differences in P2PSIP (compared to client-server SIP) and the consequences for Lawful Interception July 2008-14 7

Lack of a Central Entity No server involved in call-setup Not possible to determine prior to a call which nodes will be on the signalling path for outgoing calls No single interception point for a specific target No VoIP Service Provider to receive interception requests from LEA ETSI reference model assumes an operator (e.g., Network Operator, Access Provider, VoIP Provider) in order for the LEA to trigger Lawful Interception for a specic target identity through the administration function With legal agreements between LEA and operator P2PSIP: LEA has no legal agreement with nodes involved in routing signalling messages through the network July 2008-15 P2P-Routing P2P-routing is very different from Client-Server routing Unique routing path with respect to signalling messages for every call Inbound and outbound signalling messages take different paths last signalling hop of an incoming call is usually different than the first signalling hop of an outgoing call (for a specific target identity) Different outgoing signalling node for different callee SIP-URI of the callee determines the first signalling hop July 2008-16 8

Alice calling Bob Registration of Bob 215 220 Bob 0 24 26 30 212 210 202 (3) 33 Alice 181 192 (2) (1) 64 34 55 65 170 89 88 137 128 H(sip:bob@biloxy.com)=210 July 2008-17 Bob calling Alice Registration of Bob 212 210 181 202 192 215 Bob 24 0 220 30 Registration of Alice (1) (2) 26 33 64 Alice 34 55 65 170 89 88 137 128 H(sip:alice@atlanta.com)=55 July 2008-18 9

Dynamic Nature of P2P Systems P2P systems are highly dynamic network membership and routing paths change constantly Nodes join and leave frequently the signalling routing path between a specific caller and a specific callee cannot be determined prior to call-setup time because it changes frequently over time Responsibility for user registrations changes over time Any LI attempt must derive the first signalling hop for an outgoing call attempt of a target identity in real-time July 2008-19 Alice calling Bob Registration of Bob 215 220 Bob 0 24 26 30 212 210 202 (3) 33 Alice 181 192 (2) (1) 64 34 55 65 170 89 88 137 128 H(sip:bob@biloxy.com)=210 July 2008-20 10

Node Join Registration of Bob 215 220 Bob 0 24 26 30 212 210 202 (3) 33 Alice 181 192 (2) (1) 64 34 55 65 170 164 89 88 137 128 H(sip:bob@biloxy.com)=210 July 2008-21 Node Leave Registration of Bob 215 220 Bob 0 24 26 30 212 210 202 33 Alice 181 192 (2) (1) 64 34 55 65 170 164 89 88 137 128 H(sip:bob@biloxy.com)=210 July 2008-22 11

Trustworthiness of P2P Nodes User registrations are stored distributedly at all participating nodes in the network Nodes can be compromised or act intentionally maliciously Chosen-location attacks Attackers can try to join the DHT at a specific location in order to intercept all traffic for a specific target identity Integrity of user registrations stored in the network cannot be guaranteed Difficult to authenticate user registrations No trust relationship or shared secret between nodes User registrations stored in a P2PSIP network can be forged, possibly misleading Lawful Interception operations July 2008-23 Possible Solutions July Page 2008 <date> 24-24 12

Footprint in Terminals Suggested solution by some government agencies for Lawful Interception of VoIP / IP traffic in general Advantages VoIP signalling and media are correlated in terminals No need to trigger media interception from signalling interception Mobility is not a problem if interception function is embedded in the terminal Would also help against encryption done in terminals Problems with P2PSIP: May be a feasable solution for hardphones but hard to enforce for open source softphones With open standards, anybody can write software July 2008-25 Footprint in Devices Currently heavily discussed in Germany http://www.bundestrojaner.net/ Install the Bundestrojan now and get a one-year subscription of free telephone surveillance July 2008-26 13

Intercepting at IP-Layer Intercept all IP packets at access network and filter SIP messages containing the target URI Problems User mobility the IP-address (and thus the access network) of the target may not be known prior to a call Send out target SIP-URI to all access providers? How to correlate dynamically in real-time the triggering of CC interception between different providers? Authentication and Authorization issues Encryption controlled by end-devices If users have a pre-shared key and encryption is end-to-end, CC cannot be retrieved July 2008-27 Infiltrating P2P network Intentionally place nodes controlled by the LEA in the P2P network Log lookup requests and registration update messages Perform location lookup on target identity frequently Approach pursued by the music industry to find illegal sharing of content in file-sharing P2P networks Goal for music industry is simpler: find somebody who shares music illegally Goal for Lawful Interception: find a specific user P2PSIP will be designed to make chosen-location attacks hard For LI this would be exactly the goal: try to place a node at a specific location in the P2P network July 2008-28 14

Conclusion July Page 2008 <date> 29-29 Conclusion P2P paradigm imposes new challenges to Lawful Interception Future VoIP service architectures may lack central servers Without a central component where (at least) signalling traverses, Lawful Interception gets technically complex Possible Solutions Footprint in devices Correlated interception at IP-layer Infiltrating P2P Network Status Quo All potential solutions have drawbacks Concrete properties of P2P-based VoIP service architectures are not predictable yet (but will affect LI solution space) Further research necessary July 2008-30 15

Contact Details: Jan Seedorf, Research Scientist (jan.seedorf_at_nw.neclab.eu) NEC Laboratories Europe (NLE), Network Division NEC Europe Ltd., Heidelberg, Germany July 2008-31 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information