© 2006 Cisco Systems, Inc. All rights reserved.1 TOI Unity 5.0(1)

© 2006 Cisco Systems, Inc. All rights reserved. 1

TOIUnity 5.0(1)


TOI for Secure Messaging

TOIUnity 5.0(1)

Erich Von NormannUnity [email protected]


Introduction to TOI for Secure Messaging

Unity 5.0(1) extends the Confidential Messaging feature that was introduced in Unity 4.0(5), by allowing all messages to be secured and accessible over the TUI, VMO, and Unity Inbox.

It is an important feature which involves many Unity components, and it is critical that Cisco TAC understands how it works and knows how to support it.

This module will include detailed descriptions of the purpose for Secure Messaging, how it works, and how to troubleshoot and support it.


After completing this module you will be able to: Describe the purpose of Secure Messaging and understand why we

designed it the way we did

Describe the related feature of Message Aging

Describe which Unity components are affected by the feature and the role of each component in the feature

Describe the current limitations of Secure Messaging

Describe the AD Schema Extensions associated with Secure Messaging and Unity 5.0

Troubleshoot customer problems with Secure Messaging

Module Objectives


Purpose of Secure Messaging

Technical Details of the Design

Instructions on Troubleshooting

Demos of diagnostics

Agenda


Intent of Secure Messaging

Make it as difficult as possible for Unity subscribers to do the following:

– Accidentally or intentionally forward voicemail messages to third parties outside the messaging system.

– Accidentally or intentionally violate a customer’s voicemail retention policy.

There have been a number of cases where an employee of a company accidentally or intentionally forwarded a confidential voicemail outside the company.

Preventing that from occurring is a key feature for many large companies, particularly in the financial sector.

What is the purpose of this feature?


Design of Secure Messaging

Unity encrypts the audio data in a voicemail message in such a way that access to a private key stored on the Unity server is required before the message can be decrypted and played.

If a subscriber forwards a voicemail message outside the Unity organization, it will not be decryptable, so the recipient will not be able to play it back.

The only methods that a subscriber can use to decrypt and play back secure messages are the Unity TUI, VMO, and Unity Inbox.

Other clients will not know how to decrypt the audio and will instead play back a decoy message which explains that it’s a secure message and will not be decrypted.

Secure Messaging is configured for the sending subscriber (not the receiving subscriber), and for messages from outside callers; if a site wants all secure, they can configure that via Bulk Edit

How does the feature meet these goals?


Message Aging

Message Aging refers to putting a time-bomb on a message, so that after a configurable period has passed, the message contents cannot be retrieved

Many companies have a message retention policy, and must comply with regulations such as Sarbanes-Oxley (SOX)

Messages can be downloaded to a client such as Outlook and it’s very hard to control deletion of such messages

Also, even messages in Exchange may not actually get deleted when an admin expects

What is it and why is it needed?


Message Aging & Secure Messaging

Unity implements Message Aging on top of the Secure Messaging infrastructure

When Message Aging is enabled, the Unity server will create a new public/private key every day, and also delete the oldest private key from the system

This deletion of the private key is what renders a message undecryptable, and thus unable to be played back

Please note the following:

– Message Aging will only apply to secure messages

– Message Aging is disabled by default

– Message Aging is granular to the nearest day, which means all messages recorded on a given day will expire at the same time

What is the link between these two features?


Confidential vs. Secure Messaging

Introduced in Unity 4.0(5)

Only private messages can be encrypted

Messages can only be encrypted and decrypted using the Unity TUI

Limited support for secure messages with VM Interop and remote locations

Public/Private Keys must be managed manually, which makes Message Aging difficult to manage

Introduced in Unity 5.0(1)

Encryption for each user is All, Private-Only, or None

Messages can also be encrypted and decrypted using VMO and Unity Inbox

Enhancements to secure messaging for VM Interop and remote locations

A new Unity service creates and deletes Public/Private Keys and thus enables Message Aging.

Secure MessagingConfidential Messaging


Interoperability with earlier versions

Secure messages recorded in Unity 5.0 store the session keys in a different format than do confidential messages in Unity 4.x

– This change was made to greatly speed-up the decryption of the session key during playback

By default, secure messages from Unity 5.0 save the session keys in both the Unity 5.0 & 4.x formats, so that if a site has a mix of versions, Unity 4.x can play messages from Unity 5.0 (TUI only)

Similarly, Unity 5.0 can handle messages from a Unity 4.x server, and can play them back over the TUI or a PC Client

If a Unity 4.x sub installs VMO from Unity 5.0 on their Client PC, they will not be able to play secure messages, since VMO asks Unity to decrypt the session key and Unity 4.x can’t do that

If a site has only Unity 5.0, then for efficiency they can disable the function to save session keys in both 4.x & 5.0 formats via the Advanced Settings Tool (AST)


Limitations of Secure Messaging

Secure Messaging works only with Unity integrated with Microsoft Exchange, not with Lotus Domino

Secure messages can only be recorded and played back using the Unity TUI, VMO, and Unity Inbox

– Support for CUPC and other Cisco clients is on the roadmap for the 2008 Unity release, but we have not yet EC-ed

Secure messages sent to and received from remote locations (such as 3rd party VM systems) have several configuration options

Secure Messaging enforces that messages can only be played back by someone within the Unity organization, but it does not check whether the user is an intended recipient, just that the user is authenticated


Limitations of Message Aging

Message Aging is configured system-wide

– Sites with multiple Unity servers must set it on each server

– Cannot be configured differently for messages sent from different subscribers or on individual messages

Key pairs are deleted based on count of active keys, not number of days (usually the same, but not always); Example:

– A site has Secure Messaging, but not Message Aging

– After 10 days, sets Message Aging to 30 days

– No keys are deleted until 30 days pass, so the oldest messages will have been around for ~40 days

If a subscriber is out of the office for an extended period, a message may expire while it is still unread

System behavior can be odd with Message Aging of 1-2 days


Secure Messaging & Unity Connection

Unity Connection 2.0 supports Secure Messaging, but it’s quite different from (and simpler than) Unity 5.0’s feature:

– Unity Connection has its own on-box message store, rather than an external message store like MS Exchange

– Unity Connection doesn’t support secure messages to 3rd party clients and only to Cisco clients that do not keep local copies

– Unity Connection employs an Appliance Model, which means that system access is very restricted

Because of these differences, Unity Connection is a Closed Messaging System, and it does not need to Encrypt messages in order to Secure them or impose Message Aging

A thorough discussion of Unity Connection’s Secure Messaging feature is beyond the scope of this presentation


Unity Secure Messaging Components

New Components

– CuMessageAgingSvr – New service to manage keys and certificates, including expiration of old certificates

– CuSessionKey – Runs inside AvMMProxySvr service, and handles encryption/decryption of Session Key for TUI & Clients

Modified Components

– Miu / AvWav – Does decryption-on-a-stream during playback (previously, TUI decrypted entire message before playing)

– VMO & Unity Inbox – Plays & records secure messages

– Voice Connector – Handles encryption of incoming messages and decryption of outgoing messages

– WavCrypt – Provides encryption/decryption services to other components, enhanced for Client/Server functionality


Details of Design (CuMessageAgingSvr)

A new Unity service (CuMessageAgingSvr) manages the keys

– It will create a Public/Private Key pair. If Message Aging is enabled, this happens once per day at 12 AM GMT, at which time it also deletes the oldest Private Key

– It will store the new Public Key in a local MS Access database (\Commserver\CertData\CERTData.mdb). If Message Aging is enabled, the Public Key corresponding to the Private Key that was deleted will be marked as deleted

– It will also publish the Public Key to AD, where other Unity servers in the forest will sync it down and store it in their SQL Servers table; only the most recent Public Key from each server will be stored in SQL – the older one will be overwritten

Replaces & supercedes the old AssignConfCert utility from previous versions of Unity, and also migrates older 4.x keys from the registry to the Access database.


Details of Design (TUI Encryption)

Here’s how a secure message is encrypted from the TUI:

– A new Session Key is created for each secure message

– The Session Key is used to encrypt the audio data, which is then stored in the message’s wave file

– A new Unity component called CuSessionKey is called to encrypt the Session Key

The Session Key is encrypted using the Public Key of each Unity server, which is stored in SQL

This list of Encrypted Session Keys is also stored in the wave file.

– The decoy message is also stored in the wave file in such a way that 3rd party media players will play it rather than the encrypted audio


Details of Design (TUI Decryption)

Here’s how a secure message is decrypted from the TUI:

– The list of Encrypted Session Keys is extracted from the message’s wave file and passed to CuSessionKey

It determines which Encrypted Session Key in the list was encrypted using its Public Key on the sending Unity server

It then checks if that Public/Private Key has been deleted

– If so, it returns an error to the TUI, which plays a prompt notifying the subscriber that the message is expired

– If not, it uses the Private Key to decrypt the Session Key, passing this Decrypted Session Key back to the TUI

– The TUI uses the Decrypted Session Key to decrypt the audio and play back the message

– The Miu & AvWav can decrypt & playback one chunk at a time, rather than decrypt all chunks before playback can start


Details of Design (Client Encryption)

Here’s how a secure message is encrypted in VMO / Unity Inbox:

– On the Client PC, a new Session Key is created

– Still on the Client PC, this Session Key is used to encrypt the audio data, which is then stored in the message’s wave file

– The Client PC makes a secure RPC connection to the Unity server’s CuSessionKey component to encrypt the Session Key

On the Unity server, the Session Key is encrypted using the Public Key of each Unity server, which is stored in SQL

This list of Encrypted Session Keys is passed back to the Client PC via secure RPC, which stores it in the wave file.

– The decoy message is also stored in the wave file in such a way that 3rd party media players will play it rather than the encrypted audio


Details of Design (Client Decryption)

Here’s how a secure message is decrypted in VMO / Unity Inbox:

– On the Client PC, the list of Encrypted Session Keys is extracted from the message’s wave file and passed via secure RPC to the Unity server’s CuSessionKey component

It determines which Encrypted Session Key in the list was encrypted using its Public Key on the sending Unity server

It then checks if that Public/Private Key has been deleted

– If so, it returns an error to the Client PC, which tells the subscriber that the message is expired

– If not, it uses the Private Key to decrypt the Session Key, passing this Decrypted Session Key back to the Client PC via Secure RPC

– The Client PC uses the Decrypted Session Key to decrypt the audio and play back the message


Details of Design (VM Interop)

Secure Messaging separates private and secure message flags

For secure messages sent to VPIM, Bridge, or AMIS locations:

– Decrypt All – All secure messages are decrypted and sent

– Decrypt Non-private – All non-private secure messages are decrypted and sent, while private messages are NDR-ed

– Decrypt None – All secure messages are NDR-ed

For messages received from VPIM or Bridge locations:

– Encrypt All – Accept all messages & encrypt them all

– Encrypt Private – Accept all messages & encrypt private only

– Encrypt None – Accept all messages & leave all unencrypted

Note: Messages received from AMIS locations are not encrypted (Due to limitations in the AMIS protocol, the time to implement this was not worth our investment)


Details of Design (VM Interop, cont.)

IVC now includes its own CuMessageAgingSvr and an Access database for storing certificates

New Trusted Internet Subscribers and Trusted Internet Locations:

– Problem: Messages sent to Internet Subscribers go directly through Exchange, so IVC can’t decrypt secure messages, so Internet Subs will always hear the decoy message

– Solution: Messages sent to Trusted Internet Subscribers go through IVC, so messages are decrypted before sent

– Trusted Internet Locations have same settings as VPIM – Decrypt & Send All, Non-private, or None

– Note that Blind Addressing to Trusted Internet Subscribers is not supported


AD Schema Extensions

Unity 5.0 extends the Active Directory Schema in several ways

We made an effort to extend it in such a way that future Unity versions can add new data items to AD without another schema extension (hopefully)

– There are several new AD attributes that are not yet used, but are intended to provide a framework for future changes

– One of these new AD attributes stores a subscriber’s message encryption setting for messages sent from that subscriber – whether Unity encrypts all, private only, or none.


AD Schema Extensions – Details

There are 3 new AD Attributes that are intended be lists of name:value pairs, which will allow new data items to be added in the format name1:value1; name2:value2; etc…

– cisco-Ecsbu-Unity-Attributes: for non-indexed name:value pairs; Encryption:[0|1|2] is the subscriber encryption setting, with 0=None, 1=Private Only, and 2=All

– cisco-Ecsbu-Unity-Attributes-Indexed: for indexed name:value pairs; not currently used

– cisco-Ecsbu-Unity-Attributes-Encoded: for name:value pairs that will be stored encoded; not currently used

There is a new aux class called ciscoEcsbu-UM-Attributes for these attributes, which is now supported by the User, Group, Contact, and Location objects


AD Schema Extensions – Site Object

Unity 5.0 also introduces the concept of a Site Object, which will be used to store site-wide data, called ciscoEcsbu-UM-Site, and it has the ciscoEcsbu-UM-Attributes aux class

Currently do not store any data site-wide, but might in the future

Contains the new cisco-Ecsbu-UM-Schema-Version attribute, which designates the minimum Unity version for any server in the site, so a Unity can decide if it needs to be backwards-compatible

The intent is for any settings that should be the same for all Unity servers in an organization to be stored in one place

Some examples are Message Aging policy, Outside Caller Encryption settings, and lots of the AST settings

This implies that there would also be a site-wide SA/Config tool

Work to move settings to Site Object is not yet committed, but at least the AD Schema won’t need to be extended if we do it


Tools Updates for Secure Messaging

Several Unity Tools have been updated for Secure Messaging:

– Bulk Edit, CUBI, DiRT, DBWalker, GUSI, and others support the new subscriber encryption setting (encrypt all, private, or none), and also Trusted Internet Subscribers and Locations

– DiRT also supports exporting and importing the public and private keys from/to the Access database and OS store

These keys can also be imported to a different Unity server, which means that if a site adds a new Unity later (perhaps a Failover server), then subs moved to that server can still listen to secure messages sent to them on the old server

Sites must be careful to delete old backups, since if they restore the keys, then previously expired messages will again be decryptable and thus can be played again!


Secure Messaging Setup & Config

Please consult the Securing Subscriber Messages chapter in the Security Guide for Cisco Unity for detailed instructions

Here are a few possible setup/config mistakes to look for:

– Active Directory and Account permission problems – would prevent public keys from getting to other Unity servers

– IP Port 5050 blocked – default port on Unity server for Client PCs to ask it to encrypt/decrypt session keys

– Inconsistent message aging policy – make sure that all Unity servers & IVCs have the same policy; it must be configured on each server, there isn’t a site-wide parameter

– Problems with secure messages to/from remote subscribers – make sure IVC is configured for Secure Messaging, and that the delivery location is properly configured in Unity SA


Secure Messaging Troubleshooting

Please consult the Secure Messaging section of the Troubleshooting Guide for Cisco Unity 5.0

Make sure that unsecured messages are working correctly, so that you’re troubleshooting the right issue!

Make sure that the certificates for the Unity/IVC server are in CertData.mdb (and if Message Aging is enabled, make sure the count is correct) and in the OS store

Make sure that the public keys for all Unity servers are in the SQL Servers table, and for IVC, make sure that the public keys are in Active Directory (it goes directly to AD rather than SQL)

Make sure that CuMessageAgingSvr is running (should be by default) – if it crashed, won’t create new keys and age/delete older ones


Viewing Certs in the OS Store

To view the Certificates in the OS Store, use the Certificates MMC snap-in for the Local Computer (aka Computer Account)

To get details on a Certificate, right-click it and select Open


Viewing Certs in the Access DB

To view the Certificates in the Access DB, copy \Commserver\CertData\CertData.mdb to a computer with Microsoft Access and open it.

Sort the list by the Index column – you’ll see the Serial Number, the encoded Certificate (Access may truncate it since it’s a large data item), and whether it’s been deleted (expired)


Viewing Certs in Active Directory

To view the Certificates in AD, run ldp.exe

Run File\Bind with an admin account & then run View\Tree

Expand the root node, the Domain Controllers node, and then select the Unity system

The encoded Certificate is in ciscoEcsbuUMLocationObjectId


Viewing Certs in SQL Servers table

To view the Certificates in SQL, run SQL Query Analyzer

Using the UnityDb, run “select * from servers”

A list of all Unity & IVC servers should be the result

For each server, you’ll see the encoded Certificate in the EncryptionPublicKey column (SQL Query Analyzer might truncate it since it’s a large data item)


Troubleshooting for VMO & Unity Inbox

Make sure account credentials can access CuSessionKey

– VMO – Configurable via Tools\Viewmail Options\SM Tab

– Unity Inbox – Local account’s credentials

Unity Inbox with IE 6 or 7 – first time CPCA is loaded on Unity 5.0, set “Download unsigned ActiveX Controls” to Prompt, so that you can install the MediaMaster Control (can disable afterwards)

VMO 5.0 does not support offline playback of secure messages!

– By design – must access Unity server to decrypt session key

VMO 5.0 has a setting to support offline composition of messages

– “Force Messages Secure”, customized in ViewMail.msi

0 (Default) = Don’t ask Unity to encrypt, send unsecure

1 = If can’t reach Unity, require to save & send secure later

2 = If can’t reach Unity, give user the choice


Throttle for VMO Connections

Unity puts a throttle on the number of VMO Clients that may ask for session key encryption and decryption simultaneously, so a large number of connections doesn’t use too many CPU cycles

– Only throttles requests to encrypt/decrypt session keys, not the encryption/decryption of the audio on the PC Client itself

– If VMO gets a server-busy, it retries for up to 3 seconds

– The throttle is set at 15 simultaneous connections, which was based on testing on a 7815 server – a sustained load of 15 connections added ~25% CPU load

– Sites might want to allow more simultaneous VMO connections if subs get server-busy messages when Unity CPU% is low

– The BU does not yet have hard data on how many should be allowed for more powerful servers, so if a site needs to increase this, TAC will need to escalate for assistance.

CPCA & Unity Inbox are already throttled via an AST setting


Secure Messaging Diagnostic Traces

In Unity Diagnostic Tool, there are new macro traces for Secure Messaging, in 3 different categories:

– Message Aging Service – traces for CuMessageAgingSvr, which will appear in diag_CuMessageAgingSvr_*.txt

– Encryption & Decryption (High Level) – traces for the Conversation & Miu portions of the feature, which will appear in diag_AvCsMgr_*.txt

– Encryption & Decryption (Low Level) – traces for WavCrypt and CuSessionKey, which will appear in diag_AvCsMgr_*.txt and diag_AvMMProxySvr_*.txt, respectively

There are additional micro traces for CuSessionKey, which can be enabled separately in UDT if needed


Secure Messaging Diagnostics (cont.)

To enable traces for the Voice Connector (IVC), set the Voice Connector logging level to 5 (Function) on the IVC, and the Secure Messaging traces will appear in the standard diag file

To enable traces on a Client PC for Secure Messaging issues with VMO or Unity Inbox:

– Create the following registry keys at HKEY_CURRENT_USER\ Software\Cisco Systems\Cisco Unity\Media Master: Trace, TraceRPCAPI, and TraceWavCrypto, and set all 3 keys to 1

– Run a tool like DbgView.exe (from sysinternals.com) on the Client PC to capture the traces

– Set the above keys to 0 (or delete them) to disable traces


Log of TUI Encryption (AvCsMgr)15:00:33:734 Starting to encrypt the message on line 1488 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp ...15:00:33:765 Encryption Engine Initialized on line 1516 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp 15:00:33:796 WavCryptoCreateSessionKey(...) ...15:00:33:796 WavCryptoCreateSessionKey(...) - 00000000 15:00:33:797 WavCryptoEncryptWithSessionKey(...) ...15:00:33:906 WavCryptoEncryptWithSessionKey(...) - 00000000 // - This is when CuSessionKey code is executing -- see diag_AvMMProxySvr!15:00:34:218 WavCryptoSetKeyHeaders(...) ...15:00:34:218 WavCryptoSetKeyHeaders(...) - 00000000 15:00:34:219 Encryption Process Complete on line 1942 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp 15:00:34:312 Encrypted Stream was copied into the message on line 1950 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp ...15:00:34:313 Message property AVP_IS_ENCRYPTED set to TRUE on line 1308 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp ...15:00:34:468 Message data comitted on line 1429 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp

Encryption begins

Succeeded CreatingSession Key

Succeeded EncryptingAudio Data

See next slide

Succeeded SavingEncrypted Session Keys

Committed Messageto Exchange


Log of TUI Encryption (AvMMProxySvr)15:00:33:938 RpcServerIfCallback - BindString[ncalrpc:LT-2708[CuSessionKeySvr]] SecurityContext[EVONNORM\UnityMsgSvc] ... 15:00:33:937 RpcServerIfCallback - Authorized context: EVONNORM\UnityMsgSvc - Allowing access 15:00:33:938 EncryptSessionKeys received incoming RPC call ...15:00:34:015 GetUnityServerInfo - Executing query select Alias DirectoryId EncryptionPublicKey from vw_servers where EncryptionPublicKey is not NULL 15:00:34:016 GetUnityServerInfo - Query complete ...15:00:34:015 GetUnityServerInfo - Server 1 - Name LT-2708 15:00:34:016 GetUnityServerInfo - Server 1 - DirectoryId 2a592d28cd7ee94b81baea9dc7a46899 15:00:34:031 GetUnityServerInfo - Retrieved 1 servers ...15:00:34:031 WavCryptoEncryptSessionKey(...) ...15:00:34:110 WavCryptoEncryptSessionKey(...) - 00000000 15:00:34:109 EncryptSessionKeys - WavCryptoEncryptSessionKey(eENCRYPTED_CIPHER_KEY_V1) returned: 0 15:00:34:110 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.szServerDirId to: 2a592d28cd7ee94b81baea9dc7a46899 15:00:34:125 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.SerialNum to: lwvr9yw/70GFEG3gy2I/wQ== 15:00:34:126 WavCryptoEncryptSessionKey(...) ...15:00:34:203 WavCryptoEncryptSessionKey(...) - 00000000 15:00:34:204 EncryptSessionKeys - WavCryptoEncryptSessionKey(eENCRYPTED_CIPHER_KEY_DOWNLEVEL) returned: 0

RPC Binding & Authorization

EncryptSessionKeys begins

Query SQL Servers Table

Server Name & DirectoryID

Succeeded EncryptingSession Key in V1 Format

Writing ServerID andSerialNum to Output Param

Succeeded EncryptingSession Key in DL Format


Log of TUI Decryption (AvCsMgr Part 1)15:00:49:968 COM CAvMiuCall::GetMediaCharacteristics(...) entered. ...15:00:49:968 Added to StreamListCache: StreamList for StreamID {C3A401E0-03E2-4892-BF22-0FE51FA302DB} (Size 1) ...15:00:49:968 CAvMiuWave::DecryptSessionKey(...) entered. 15:00:49:969 WavCryptoFileIsEncrypted(...) ...15:00:49:969 WavCryptoFileIsEncrypted(...) - 00000001 15:00:49:968 WavCryptoGetKeyHeaders(...) ...15:00:49:969 WavCryptoGetKeyHeaders(...) - 00000000 // - This is when CuSessionKey code is executing -- see diag_AvMMProxySvr!15:00:50:109 Stream 0x07187880 has MediaCharacteristics 0x00000002 (Encrypted) 15:00:50:110 CAvMiuWave::DecryptSessionKey(...) exited with success (0x00000000). ...15:00:50:109 COM CAvMiuCall::GetMediaCharacteristics(...) exited with HRESULT 0x00000000 (S_OK). ...// - Conversation plays appropriate prompts here...

Finds if Unencrypted,Encrypted, or Expired

Message Playback –GUID to ID StreamList

File is Encrypted

Extracted EncryptedSession Keys from File

CuSessionKey was able to Decrypt Session Key

Message Expired, Error,or Message Headers


Log of TUI Decryption (AvMMProxySvr)15:00:50:032 RpcServerIfCallback - BindString[ncalrpc:LT-2708[CuSessionKeySvr]] SecurityContext[EVONNORM\UnityMsgSvc] ...15:00:50:031 RpcServerIfCallback - Authorized context: EVONNORM\UnityMsgSvc - Allowing access 15:00:50:032 DecryptSessionKeys received incoming RPC call ...15:00:50:031 DecryptSessionKeys - Received list of 1 keys 15:00:50:032 DecryptSessionKeys - Processing Key#1 Key DirID: 2a592d28cd7ee94b81baea9dc7a46899 Computer DirID: 2a592d28cd7ee94b81baea9dc7a46899 15:00:50:031 DecryptSessionKeys - Found key#1 as local server key 15:00:50:032 CDecryptCertCache::FindCertInCache - SerialNum —ë÷ ?ïA….màËb?Á was Found ...15:00:50:032 WavCryptoDecryptSessionKey(...) ...15:00:50:109 WavCryptoDecryptSessionKey(...) - 00000000 15:00:50:110 DecryptSessionKeys - WavCryptoDecryptSessionKey returned: 0 15:00:50:109 DecryptSessionKeys returned 0x00000000

RPC Binding & Authorization

DecryptSessionKeys begins

Found Matching ComputerID

Found Cert in Cachefrom Access DB

Succeeded DecryptingSession Key


Log of TUI Decryption (AvCsMgr Part 2)// - After Conversation plays appropriate prompts...15:00:55:593 COM CAvMiuCall::Play(...) entered. ...15:00:55:593 Found in StreamListCache: StreamList for StreamID {C3A401E0-03E2-4892-BF22-0FE51FA302DB} (Size 1) ...15:00:55:593 CAvMiuWave::Play(...) entered. 15:00:55:594 WavCryptoStoreSessionKey(...) ...15:00:55:641 WavCryptoStoreSessionKey(...) - 00000000 ...15:00:55:656 WavCryptoIORead (47648) ...15:00:55:656 CryptoDecryptDataWithSessionKey(...) ...15:00:55:656 CryptoDecryptDataWithSessionKey(...) - 00000000 ...15:00:55:656 WavCryptoIOProc(uMessage=0) exited (47648) 15:00:55:657 MiuWave (Device 95): Play succeeded on operation WavPlay (0x00000000). 15:00:55:656 CAvMiuWave::Play() beginning WaitFor(WavStopped or StopRequested).

Notice that severalseconds have passed

Same StreamList ID

Pass Decrypted SessionKey to WavCrypt

Read Data from File

Succeeded DecryptingData with Session Key

Wait for Play toComplete as normal


Log of IVC Message Encryption (Part 1)14:06:10 This voice attachment will be encrypted14:06:10 "EncryptVoiceMsg()": Enter...14:06:10 Refreshing the cached Public key for all the Servers....14:06:10 Search String: (&(objectCategory=Computer)(ciscoEcsbuObjectType=14)(ciscoEcsbuUMLocationObjectId=*))...14:06:10 Current message attachment will be encrypted with the public keys of Unity and Voice Connector server(s): EXCHINTCUTY EXCHINTPUTY1 EXCHINTPUTY2 EXCHINTSDC EXCHINTSUTY UNITY (...)...14:06:10 "EncryptVoiceMsg()":Found public key for 6 Unity and Voice Connector server(s)....14:06:10 "CAvEncrypt::EncryptWavFile(...)": Enter...14:06:10 WavCryptoCreateSessionKey(...)...14:06:10 WavCryptoCreateSessionKey(...) - 00000000...14:06:10 WavCryptoEncryptWithSessionKey(...)...14:06:10 WavCryptoEncryptWithSessionKey(...) - 0000000014:06:10 "CAvEncrypt::EncryptWavFile(...)": WavCryptoEncryptWithSessionKey Succeeded

Message Encryption begins

Retrieving Servers from AD

6 Servers in this Environment

Created New Session Key

Succeeded EncryptingAudio Data


Log of IVC Message Encryption (Part 2)14:06:11 GetUnityServerInfoIvc - Retrieved 6 servers...14:06:11 EncryptSessionKeys - allocating Key Package size of 2270 bytes14:06:11 WavCryptoEncryptSessionKey(...)...14:06:11 WavCryptoEncryptSessionKey(...) - 0000000014:06:11 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.szServerDirId to: FB2127FB07B91C47A517E04471710C7A14:06:11 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.SerialNum to: J+7a1Hn/2ESdqJxEyGH/xg==// Repeats for other 5 servers....14:06:11 WavCryptoEncryptSessionKey(...)...14:06:11 WavCryptoEncryptSessionKey(...) - 00000000// Repeats for other 5 servers....14:06:11 "CAvEncrypt::EncryptWavFile(...)": EncryptSessionKeys Succeeded14:06:11 WavCryptoSetKeyHeaders(...)...14:06:11 WavCryptoSetKeyHeaders(...) - 00000000...14:06:11 "CAvEncrypt::EncryptWavFile(...)": Exit...14:06:11 "EncryptVoiceMsg()": Exit

Succeeded EncryptingSession Key in V1 Format

Writing ServerID andSerialNum to Output Param

Succeeded EncryptingSession Key in DL Format

Succeeded SavingEncrypted Session Keys

Message Encryption is done


Log of IVC Message Decryption (Part 1)14:05:53 Current Message attachment is : Encrypted ....14:05:53 The Voice message is Encrypted, SENSITIVITY is NOT PRIVATE, Option Flags =0X00400444. message Decryption is allowed....14:05:53 Current Message attachment =VoiceMessage.wav is Encrypted, it will be decrypted 14:05:53 "DecryptVoiceMsg()": Enter Function ...14:05:54 WavCryptoFileIsEncrypted(...)...14:05:54 WavCryptoFileIsEncrypted(...) - 00000001...14:05:54 "CAvEncrypt::DecryptWavFile(...)": Enter Function...14:05:54 WavCryptoGetKeyHeaders(...)...14:05:54 WavCryptoGetKeyHeaders(...) - 00000000...14:05:54 GetUnityServerInfoIvc - ExecutingSearch (&(objectCategory=computer)(ciscoEcsbuObjectType=14)(ciscoEcsbuUMLocationObjectId=*))...14:05:54 GetUnityServerInfoIvc - Retrieved 2 servers...14:05:54 GetComputerDirecoryId() - f228ef4b3d159945b88e6717404629b1...

This Location allows OutgoingSecure Message Decryption

Message Decryption begins

File is Encrypted

Extracted EncryptedSession Keys from File

Retrieving Servers from AD

Local ComputerID


Log of IVC Message Decryption (Part 2)14:05:54 DecryptSessionKeys - Received list of 2 keys...14:05:54 DecryptSessionKeys - Found key#2 as local server key...14:05:54 GetAccessCertData - Searching for SerialNum: eNgEMWr+gkeWGQkTi9QG7w== ..14:05:55 FindAccessCertData - Found data for SerialNum: eNgEMWr+gkeWGQkTi9QG7w==14:05:55 GetAccessCertData returned 0x00000000...14:05:55 GetDecryptedV1Data entered...14:05:55 WavCryptoDecryptSessionKey(...)...14:05:55 WavCryptoDecryptSessionKey(...) - 0000000014:05:55 DecryptSessionKeys - WavCryptoDecryptSessionKey returned: 014:05:55 DecryptSessionKeys returned 0x00000000...14:05:55 WavCryptoDecryptWithSessionKey(...)...14:05:55 WavCryptoDecryptWithSessionKey(...) - 0000000014:05:55 "CAvEncrypt::DecryptWavFile(...)": WavCryptoDecryptWithSessionKey Succeeded...14:05:55 "CAvEncrypt::DecryptWavFile(...)": Exit Function...14:05:55 "DecryptVoiceMsg()": Exit Function

Found Matching ComputerID

Found Cert in Cachefrom Access DB


Succeeded DecryptingAudio Data

Message Decryption is done


Log of PC Client Decryption3:18:31.764 PM IN IsWavStreamEncrypted()3:18:31.795 PM OUT IsWavStreamEncrypted() Yes3:18:31.795 PM IN CAvEncrypt::Init()3:18:31.795 PM IN CAvEncrypt::InitTrace()3:18:31.795 PM OUT CAvEncrypt::InitTrace() (S_OK)3:18:31.795 PM OUT CAvEncrypt::Init() (S_OK)3:18:31.795 PM IN GetUserPasswordReg()3:18:31.795 PM OUT GetUserPasswordReg() (S_OK)3:18:31.795 PM IN CAvEncrypt::OpenRPCConnection()3:18:31.795 PM Enter OpenSessionKeyManager(HUJOHN-UNITY1:5050,AlexGates,hujohn-dom1)3:18:31.795 PM TraceWriteStringW: GetBindingHandle - Created bind string(ncacn_ip_tcp:HUJOHN-UNITY1[5050])3:18:32.170 PM TraceWriteStringW: OpenSessionKeyManager(HUJOHN-UNITY1:5050) - Bind returned: 0x000000003:18:32.170 PM OUT CAvEncrypt::OpenRPCConnection() (0x00000000)3:18:32.170 PM IN CAvEncrypt::DecryptVoiceMsg()3:18:32.170 PM IN CAvEncrypt::DecryptWavFile()3:18:32.170 PM IN IsWavStreamEncrypted()3:18:32.170 PM OUT IsWavStreamEncrypted() Yes3:18:32.233 PM WavCryptoGetKeyHeaders Succeeded3:18:32.686 PM TraceWriteStringW: DecryptSessionKeys returned: 0x000000003:18:32.686 PM DecryptSessionKeys() done. (0x00000000)3:18:32.686 PM DecryptSessionKeys Succeeded3:18:32.842 PM WavCryptoDecryptWithSessionKey Succeeded3:18:32.842 PM OUT CAvEncrypt::DecryptWavFile() (0x00000000)3:18:32.842 PM OUT CAvEncrypt::DecryptVoiceMsg() (0x00000000)3:18:32.858 PM Stream is decrypted successfully.

Audio is Encrypted

Tries to Reach UnityServer’s CuSessionKey,

Includes Credentials

Succeeded OpeningCuSessionKey

Succeeded GettingEncrypted Session

Keys from File


Succeeded onAudio Decryption

Decryption complete,Playback begins


Log of CuMessageAgingSvr08:55:25:859 Message Aging Service first run of the day.... 08:55:25:860 Checking if key pair was already created today 08:55:26:015 No key pair created today. Creating one. ...08:55:26:062 At max key pair of: 30 will proceed to age messages 08:55:26:140 Removing Key pair from MyStore ...08:55:26:296 Creating a new key pair. 08:55:26:297 Creating new Key Pair. ...08:55:26:578 Updating Active Directory with new key pair ...09:00:25:859 Message Aging Service has already today. 09:05:25:859 Message Aging Service has already today.

Message Aging checksIf it’s run yet today

No key pair has beencreated yet today

We have 30 key pairs,so must age/delete one

New key pair created

Publish it to AD

Every 5 mins & at start-up,checks if it’s run today


Reference Documents

“Securing Subscriber Messages” chapter of the Security Guide for Cisco Unity 5.0: http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html

Secure Messaging portion of the Cisco Unity Troubleshooting Guide: http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_troubleshooting_guides_list.html

Other portions of the Cisco Unity Troubleshooting Guide for AD Permissions, VMO, Unity Inbox, and VM Interop/Networking

FFS for Secure Messaging: EDCS-513331

© 2006 Cisco Systems, Inc. All rights reserved.1 TOI Unity 5.0(1)

Documents

Transcript of © 2006 Cisco Systems, Inc. All rights reserved.1 TOI Unity 5.0(1)