© 2006 Cisco Systems, Inc. All rights reserved.1 TOI Unity 5.0(1)
-
Upload
delphia-elliott -
Category
Documents
-
view
226 -
download
0
Transcript of © 2006 Cisco Systems, Inc. All rights reserved.1 TOI Unity 5.0(1)
© 2006 Cisco Systems, Inc. All rights reserved. 2
TOI for Secure Messaging
TOIUnity 5.0(1)
Erich Von NormannUnity [email protected]
© 2006 Cisco Systems, Inc. All rights reserved. 3
Introduction to TOI for Secure Messaging
Unity 5.0(1) extends the Confidential Messaging feature that was introduced in Unity 4.0(5), by allowing all messages to be secured and accessible over the TUI, VMO, and Unity Inbox.
It is an important feature which involves many Unity components, and it is critical that Cisco TAC understands how it works and knows how to support it.
This module will include detailed descriptions of the purpose for Secure Messaging, how it works, and how to troubleshoot and support it.
© 2006 Cisco Systems, Inc. All rights reserved. 4
After completing this module you will be able to: Describe the purpose of Secure Messaging and understand why we
designed it the way we did
Describe the related feature of Message Aging
Describe which Unity components are affected by the feature and the role of each component in the feature
Describe the current limitations of Secure Messaging
Describe the AD Schema Extensions associated with Secure Messaging and Unity 5.0
Troubleshoot customer problems with Secure Messaging
Module Objectives
© 2006 Cisco Systems, Inc. All rights reserved. 5
Purpose of Secure Messaging
Technical Details of the Design
Instructions on Troubleshooting
Demos of diagnostics
Agenda
© 2006 Cisco Systems, Inc. All rights reserved. 6
Intent of Secure Messaging
Make it as difficult as possible for Unity subscribers to do the following:
– Accidentally or intentionally forward voicemail messages to third parties outside the messaging system.
– Accidentally or intentionally violate a customer’s voicemail retention policy.
There have been a number of cases where an employee of a company accidentally or intentionally forwarded a confidential voicemail outside the company.
Preventing that from occurring is a key feature for many large companies, particularly in the financial sector.
What is the purpose of this feature?
© 2006 Cisco Systems, Inc. All rights reserved. 7
Design of Secure Messaging
Unity encrypts the audio data in a voicemail message in such a way that access to a private key stored on the Unity server is required before the message can be decrypted and played.
If a subscriber forwards a voicemail message outside the Unity organization, it will not be decryptable, so the recipient will not be able to play it back.
The only methods that a subscriber can use to decrypt and play back secure messages are the Unity TUI, VMO, and Unity Inbox.
Other clients will not know how to decrypt the audio and will instead play back a decoy message which explains that it’s a secure message and will not be decrypted.
Secure Messaging is configured for the sending subscriber (not the receiving subscriber), and for messages from outside callers; if a site wants all secure, they can configure that via Bulk Edit
How does the feature meet these goals?
© 2006 Cisco Systems, Inc. All rights reserved. 8
Message Aging
Message Aging refers to putting a time-bomb on a message, so that after a configurable period has passed, the message contents cannot be retrieved
Many companies have a message retention policy, and must comply with regulations such as Sarbanes-Oxley (SOX)
Messages can be downloaded to a client such as Outlook and it’s very hard to control deletion of such messages
Also, even messages in Exchange may not actually get deleted when an admin expects
What is it and why is it needed?
© 2006 Cisco Systems, Inc. All rights reserved. 9
Message Aging & Secure Messaging
Unity implements Message Aging on top of the Secure Messaging infrastructure
When Message Aging is enabled, the Unity server will create a new public/private key every day, and also delete the oldest private key from the system
This deletion of the private key is what renders a message undecryptable, and thus unable to be played back
Please note the following:
– Message Aging will only apply to secure messages
– Message Aging is disabled by default
– Message Aging is granular to the nearest day, which means all messages recorded on a given day will expire at the same time
What is the link between these two features?
© 2006 Cisco Systems, Inc. All rights reserved. 10
Confidential vs. Secure Messaging
Introduced in Unity 4.0(5)
Only private messages can be encrypted
Messages can only be encrypted and decrypted using the Unity TUI
Limited support for secure messages with VM Interop and remote locations
Public/Private Keys must be managed manually, which makes Message Aging difficult to manage
Introduced in Unity 5.0(1)
Encryption for each user is All, Private-Only, or None
Messages can also be encrypted and decrypted using VMO and Unity Inbox
Enhancements to secure messaging for VM Interop and remote locations
A new Unity service creates and deletes Public/Private Keys and thus enables Message Aging.
Secure MessagingConfidential Messaging
© 2006 Cisco Systems, Inc. All rights reserved. 11
Interoperability with earlier versions
Secure messages recorded in Unity 5.0 store the session keys in a different format than do confidential messages in Unity 4.x
– This change was made to greatly speed-up the decryption of the session key during playback
By default, secure messages from Unity 5.0 save the session keys in both the Unity 5.0 & 4.x formats, so that if a site has a mix of versions, Unity 4.x can play messages from Unity 5.0 (TUI only)
Similarly, Unity 5.0 can handle messages from a Unity 4.x server, and can play them back over the TUI or a PC Client
If a Unity 4.x sub installs VMO from Unity 5.0 on their Client PC, they will not be able to play secure messages, since VMO asks Unity to decrypt the session key and Unity 4.x can’t do that
If a site has only Unity 5.0, then for efficiency they can disable the function to save session keys in both 4.x & 5.0 formats via the Advanced Settings Tool (AST)
© 2006 Cisco Systems, Inc. All rights reserved. 12
Limitations of Secure Messaging
Secure Messaging works only with Unity integrated with Microsoft Exchange, not with Lotus Domino
Secure messages can only be recorded and played back using the Unity TUI, VMO, and Unity Inbox
– Support for CUPC and other Cisco clients is on the roadmap for the 2008 Unity release, but we have not yet EC-ed
Secure messages sent to and received from remote locations (such as 3rd party VM systems) have several configuration options
Secure Messaging enforces that messages can only be played back by someone within the Unity organization, but it does not check whether the user is an intended recipient, just that the user is authenticated
© 2006 Cisco Systems, Inc. All rights reserved. 13
Limitations of Message Aging
Message Aging is configured system-wide
– Sites with multiple Unity servers must set it on each server
– Cannot be configured differently for messages sent from different subscribers or on individual messages
Key pairs are deleted based on count of active keys, not number of days (usually the same, but not always); Example:
– A site has Secure Messaging, but not Message Aging
– After 10 days, sets Message Aging to 30 days
– No keys are deleted until 30 days pass, so the oldest messages will have been around for ~40 days
If a subscriber is out of the office for an extended period, a message may expire while it is still unread
System behavior can be odd with Message Aging of 1-2 days
© 2006 Cisco Systems, Inc. All rights reserved. 14
Secure Messaging & Unity Connection
Unity Connection 2.0 supports Secure Messaging, but it’s quite different from (and simpler than) Unity 5.0’s feature:
– Unity Connection has its own on-box message store, rather than an external message store like MS Exchange
– Unity Connection doesn’t support secure messages to 3rd party clients and only to Cisco clients that do not keep local copies
– Unity Connection employs an Appliance Model, which means that system access is very restricted
Because of these differences, Unity Connection is a Closed Messaging System, and it does not need to Encrypt messages in order to Secure them or impose Message Aging
A thorough discussion of Unity Connection’s Secure Messaging feature is beyond the scope of this presentation
© 2006 Cisco Systems, Inc. All rights reserved. 15
Unity Secure Messaging Components
New Components
– CuMessageAgingSvr – New service to manage keys and certificates, including expiration of old certificates
– CuSessionKey – Runs inside AvMMProxySvr service, and handles encryption/decryption of Session Key for TUI & Clients
Modified Components
– Miu / AvWav – Does decryption-on-a-stream during playback (previously, TUI decrypted entire message before playing)
– VMO & Unity Inbox – Plays & records secure messages
– Voice Connector – Handles encryption of incoming messages and decryption of outgoing messages
– WavCrypt – Provides encryption/decryption services to other components, enhanced for Client/Server functionality
© 2006 Cisco Systems, Inc. All rights reserved. 16
Details of Design (CuMessageAgingSvr)
A new Unity service (CuMessageAgingSvr) manages the keys
– It will create a Public/Private Key pair. If Message Aging is enabled, this happens once per day at 12 AM GMT, at which time it also deletes the oldest Private Key
– It will store the new Public Key in a local MS Access database (\Commserver\CertData\CERTData.mdb). If Message Aging is enabled, the Public Key corresponding to the Private Key that was deleted will be marked as deleted
– It will also publish the Public Key to AD, where other Unity servers in the forest will sync it down and store it in their SQL Servers table; only the most recent Public Key from each server will be stored in SQL – the older one will be overwritten
Replaces & supercedes the old AssignConfCert utility from previous versions of Unity, and also migrates older 4.x keys from the registry to the Access database.
© 2006 Cisco Systems, Inc. All rights reserved. 17
Details of Design (TUI Encryption)
Here’s how a secure message is encrypted from the TUI:
– A new Session Key is created for each secure message
– The Session Key is used to encrypt the audio data, which is then stored in the message’s wave file
– A new Unity component called CuSessionKey is called to encrypt the Session Key
The Session Key is encrypted using the Public Key of each Unity server, which is stored in SQL
This list of Encrypted Session Keys is also stored in the wave file.
– The decoy message is also stored in the wave file in such a way that 3rd party media players will play it rather than the encrypted audio
© 2006 Cisco Systems, Inc. All rights reserved. 18
Details of Design (TUI Decryption)
Here’s how a secure message is decrypted from the TUI:
– The list of Encrypted Session Keys is extracted from the message’s wave file and passed to CuSessionKey
It determines which Encrypted Session Key in the list was encrypted using its Public Key on the sending Unity server
It then checks if that Public/Private Key has been deleted
– If so, it returns an error to the TUI, which plays a prompt notifying the subscriber that the message is expired
– If not, it uses the Private Key to decrypt the Session Key, passing this Decrypted Session Key back to the TUI
– The TUI uses the Decrypted Session Key to decrypt the audio and play back the message
– The Miu & AvWav can decrypt & playback one chunk at a time, rather than decrypt all chunks before playback can start
© 2006 Cisco Systems, Inc. All rights reserved. 19
Details of Design (Client Encryption)
Here’s how a secure message is encrypted in VMO / Unity Inbox:
– On the Client PC, a new Session Key is created
– Still on the Client PC, this Session Key is used to encrypt the audio data, which is then stored in the message’s wave file
– The Client PC makes a secure RPC connection to the Unity server’s CuSessionKey component to encrypt the Session Key
On the Unity server, the Session Key is encrypted using the Public Key of each Unity server, which is stored in SQL
This list of Encrypted Session Keys is passed back to the Client PC via secure RPC, which stores it in the wave file.
– The decoy message is also stored in the wave file in such a way that 3rd party media players will play it rather than the encrypted audio
© 2006 Cisco Systems, Inc. All rights reserved. 20
Details of Design (Client Decryption)
Here’s how a secure message is decrypted in VMO / Unity Inbox:
– On the Client PC, the list of Encrypted Session Keys is extracted from the message’s wave file and passed via secure RPC to the Unity server’s CuSessionKey component
It determines which Encrypted Session Key in the list was encrypted using its Public Key on the sending Unity server
It then checks if that Public/Private Key has been deleted
– If so, it returns an error to the Client PC, which tells the subscriber that the message is expired
– If not, it uses the Private Key to decrypt the Session Key, passing this Decrypted Session Key back to the Client PC via Secure RPC
– The Client PC uses the Decrypted Session Key to decrypt the audio and play back the message
© 2006 Cisco Systems, Inc. All rights reserved. 21
Details of Design (VM Interop)
Secure Messaging separates private and secure message flags
For secure messages sent to VPIM, Bridge, or AMIS locations:
– Decrypt All – All secure messages are decrypted and sent
– Decrypt Non-private – All non-private secure messages are decrypted and sent, while private messages are NDR-ed
– Decrypt None – All secure messages are NDR-ed
For messages received from VPIM or Bridge locations:
– Encrypt All – Accept all messages & encrypt them all
– Encrypt Private – Accept all messages & encrypt private only
– Encrypt None – Accept all messages & leave all unencrypted
Note: Messages received from AMIS locations are not encrypted (Due to limitations in the AMIS protocol, the time to implement this was not worth our investment)
© 2006 Cisco Systems, Inc. All rights reserved. 22
Details of Design (VM Interop, cont.)
IVC now includes its own CuMessageAgingSvr and an Access database for storing certificates
New Trusted Internet Subscribers and Trusted Internet Locations:
– Problem: Messages sent to Internet Subscribers go directly through Exchange, so IVC can’t decrypt secure messages, so Internet Subs will always hear the decoy message
– Solution: Messages sent to Trusted Internet Subscribers go through IVC, so messages are decrypted before sent
– Trusted Internet Locations have same settings as VPIM – Decrypt & Send All, Non-private, or None
– Note that Blind Addressing to Trusted Internet Subscribers is not supported
© 2006 Cisco Systems, Inc. All rights reserved. 23
AD Schema Extensions
Unity 5.0 extends the Active Directory Schema in several ways
We made an effort to extend it in such a way that future Unity versions can add new data items to AD without another schema extension (hopefully)
– There are several new AD attributes that are not yet used, but are intended to provide a framework for future changes
– One of these new AD attributes stores a subscriber’s message encryption setting for messages sent from that subscriber – whether Unity encrypts all, private only, or none.
© 2006 Cisco Systems, Inc. All rights reserved. 24
AD Schema Extensions – Details
There are 3 new AD Attributes that are intended be lists of name:value pairs, which will allow new data items to be added in the format name1:value1; name2:value2; etc…
– cisco-Ecsbu-Unity-Attributes: for non-indexed name:value pairs; Encryption:[0|1|2] is the subscriber encryption setting, with 0=None, 1=Private Only, and 2=All
– cisco-Ecsbu-Unity-Attributes-Indexed: for indexed name:value pairs; not currently used
– cisco-Ecsbu-Unity-Attributes-Encoded: for name:value pairs that will be stored encoded; not currently used
There is a new aux class called ciscoEcsbu-UM-Attributes for these attributes, which is now supported by the User, Group, Contact, and Location objects
© 2006 Cisco Systems, Inc. All rights reserved. 25
AD Schema Extensions – Site Object
Unity 5.0 also introduces the concept of a Site Object, which will be used to store site-wide data, called ciscoEcsbu-UM-Site, and it has the ciscoEcsbu-UM-Attributes aux class
Currently do not store any data site-wide, but might in the future
Contains the new cisco-Ecsbu-UM-Schema-Version attribute, which designates the minimum Unity version for any server in the site, so a Unity can decide if it needs to be backwards-compatible
The intent is for any settings that should be the same for all Unity servers in an organization to be stored in one place
Some examples are Message Aging policy, Outside Caller Encryption settings, and lots of the AST settings
This implies that there would also be a site-wide SA/Config tool
Work to move settings to Site Object is not yet committed, but at least the AD Schema won’t need to be extended if we do it
© 2006 Cisco Systems, Inc. All rights reserved. 26
Tools Updates for Secure Messaging
Several Unity Tools have been updated for Secure Messaging:
– Bulk Edit, CUBI, DiRT, DBWalker, GUSI, and others support the new subscriber encryption setting (encrypt all, private, or none), and also Trusted Internet Subscribers and Locations
– DiRT also supports exporting and importing the public and private keys from/to the Access database and OS store
These keys can also be imported to a different Unity server, which means that if a site adds a new Unity later (perhaps a Failover server), then subs moved to that server can still listen to secure messages sent to them on the old server
Sites must be careful to delete old backups, since if they restore the keys, then previously expired messages will again be decryptable and thus can be played again!
© 2006 Cisco Systems, Inc. All rights reserved. 27
Secure Messaging Setup & Config
Please consult the Securing Subscriber Messages chapter in the Security Guide for Cisco Unity for detailed instructions
Here are a few possible setup/config mistakes to look for:
– Active Directory and Account permission problems – would prevent public keys from getting to other Unity servers
– IP Port 5050 blocked – default port on Unity server for Client PCs to ask it to encrypt/decrypt session keys
– Inconsistent message aging policy – make sure that all Unity servers & IVCs have the same policy; it must be configured on each server, there isn’t a site-wide parameter
– Problems with secure messages to/from remote subscribers – make sure IVC is configured for Secure Messaging, and that the delivery location is properly configured in Unity SA
© 2006 Cisco Systems, Inc. All rights reserved. 28
Secure Messaging Troubleshooting
Please consult the Secure Messaging section of the Troubleshooting Guide for Cisco Unity 5.0
Make sure that unsecured messages are working correctly, so that you’re troubleshooting the right issue!
Make sure that the certificates for the Unity/IVC server are in CertData.mdb (and if Message Aging is enabled, make sure the count is correct) and in the OS store
Make sure that the public keys for all Unity servers are in the SQL Servers table, and for IVC, make sure that the public keys are in Active Directory (it goes directly to AD rather than SQL)
Make sure that CuMessageAgingSvr is running (should be by default) – if it crashed, won’t create new keys and age/delete older ones
© 2006 Cisco Systems, Inc. All rights reserved. 29
Viewing Certs in the OS Store
To view the Certificates in the OS Store, use the Certificates MMC snap-in for the Local Computer (aka Computer Account)
To get details on a Certificate, right-click it and select Open
© 2006 Cisco Systems, Inc. All rights reserved. 30
Viewing Certs in the Access DB
To view the Certificates in the Access DB, copy \Commserver\CertData\CertData.mdb to a computer with Microsoft Access and open it.
Sort the list by the Index column – you’ll see the Serial Number, the encoded Certificate (Access may truncate it since it’s a large data item), and whether it’s been deleted (expired)
© 2006 Cisco Systems, Inc. All rights reserved. 31
Viewing Certs in Active Directory
To view the Certificates in AD, run ldp.exe
Run File\Bind with an admin account & then run View\Tree
Expand the root node, the Domain Controllers node, and then select the Unity system
The encoded Certificate is in ciscoEcsbuUMLocationObjectId
© 2006 Cisco Systems, Inc. All rights reserved. 32
Viewing Certs in SQL Servers table
To view the Certificates in SQL, run SQL Query Analyzer
Using the UnityDb, run “select * from servers”
A list of all Unity & IVC servers should be the result
For each server, you’ll see the encoded Certificate in the EncryptionPublicKey column (SQL Query Analyzer might truncate it since it’s a large data item)
© 2006 Cisco Systems, Inc. All rights reserved. 33
Troubleshooting for VMO & Unity Inbox
Make sure account credentials can access CuSessionKey
– VMO – Configurable via Tools\Viewmail Options\SM Tab
– Unity Inbox – Local account’s credentials
Unity Inbox with IE 6 or 7 – first time CPCA is loaded on Unity 5.0, set “Download unsigned ActiveX Controls” to Prompt, so that you can install the MediaMaster Control (can disable afterwards)
VMO 5.0 does not support offline playback of secure messages!
– By design – must access Unity server to decrypt session key
VMO 5.0 has a setting to support offline composition of messages
– “Force Messages Secure”, customized in ViewMail.msi
0 (Default) = Don’t ask Unity to encrypt, send unsecure
1 = If can’t reach Unity, require to save & send secure later
2 = If can’t reach Unity, give user the choice
© 2006 Cisco Systems, Inc. All rights reserved. 34
Throttle for VMO Connections
Unity puts a throttle on the number of VMO Clients that may ask for session key encryption and decryption simultaneously, so a large number of connections doesn’t use too many CPU cycles
– Only throttles requests to encrypt/decrypt session keys, not the encryption/decryption of the audio on the PC Client itself
– If VMO gets a server-busy, it retries for up to 3 seconds
– The throttle is set at 15 simultaneous connections, which was based on testing on a 7815 server – a sustained load of 15 connections added ~25% CPU load
– Sites might want to allow more simultaneous VMO connections if subs get server-busy messages when Unity CPU% is low
– The BU does not yet have hard data on how many should be allowed for more powerful servers, so if a site needs to increase this, TAC will need to escalate for assistance.
CPCA & Unity Inbox are already throttled via an AST setting
© 2006 Cisco Systems, Inc. All rights reserved. 35
Secure Messaging Diagnostic Traces
In Unity Diagnostic Tool, there are new macro traces for Secure Messaging, in 3 different categories:
– Message Aging Service – traces for CuMessageAgingSvr, which will appear in diag_CuMessageAgingSvr_*.txt
– Encryption & Decryption (High Level) – traces for the Conversation & Miu portions of the feature, which will appear in diag_AvCsMgr_*.txt
– Encryption & Decryption (Low Level) – traces for WavCrypt and CuSessionKey, which will appear in diag_AvCsMgr_*.txt and diag_AvMMProxySvr_*.txt, respectively
There are additional micro traces for CuSessionKey, which can be enabled separately in UDT if needed
© 2006 Cisco Systems, Inc. All rights reserved. 36
Secure Messaging Diagnostics (cont.)
To enable traces for the Voice Connector (IVC), set the Voice Connector logging level to 5 (Function) on the IVC, and the Secure Messaging traces will appear in the standard diag file
To enable traces on a Client PC for Secure Messaging issues with VMO or Unity Inbox:
– Create the following registry keys at HKEY_CURRENT_USER\ Software\Cisco Systems\Cisco Unity\Media Master: Trace, TraceRPCAPI, and TraceWavCrypto, and set all 3 keys to 1
– Run a tool like DbgView.exe (from sysinternals.com) on the Client PC to capture the traces
– Set the above keys to 0 (or delete them) to disable traces
© 2006 Cisco Systems, Inc. All rights reserved. 37
Log of TUI Encryption (AvCsMgr)15:00:33:734 Starting to encrypt the message on line 1488 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp ...15:00:33:765 Encryption Engine Initialized on line 1516 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp 15:00:33:796 WavCryptoCreateSessionKey(...) ...15:00:33:796 WavCryptoCreateSessionKey(...) - 00000000 15:00:33:797 WavCryptoEncryptWithSessionKey(...) ...15:00:33:906 WavCryptoEncryptWithSessionKey(...) - 00000000 // - This is when CuSessionKey code is executing -- see diag_AvMMProxySvr!15:00:34:218 WavCryptoSetKeyHeaders(...) ...15:00:34:218 WavCryptoSetKeyHeaders(...) - 00000000 15:00:34:219 Encryption Process Complete on line 1942 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp 15:00:34:312 Encrypted Stream was copied into the message on line 1950 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp ...15:00:34:313 Message property AVP_IS_ENCRYPTED set to TRUE on line 1308 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp ...15:00:34:468 Message data comitted on line 1429 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp
Encryption begins
Succeeded CreatingSession Key
Succeeded EncryptingAudio Data
See next slide
Succeeded SavingEncrypted Session Keys
Committed Messageto Exchange
© 2006 Cisco Systems, Inc. All rights reserved. 38
Log of TUI Encryption (AvMMProxySvr)15:00:33:938 RpcServerIfCallback - BindString[ncalrpc:LT-2708[CuSessionKeySvr]] SecurityContext[EVONNORM\UnityMsgSvc] ... 15:00:33:937 RpcServerIfCallback - Authorized context: EVONNORM\UnityMsgSvc - Allowing access 15:00:33:938 EncryptSessionKeys received incoming RPC call ...15:00:34:015 GetUnityServerInfo - Executing query select Alias DirectoryId EncryptionPublicKey from vw_servers where EncryptionPublicKey is not NULL 15:00:34:016 GetUnityServerInfo - Query complete ...15:00:34:015 GetUnityServerInfo - Server 1 - Name LT-2708 15:00:34:016 GetUnityServerInfo - Server 1 - DirectoryId 2a592d28cd7ee94b81baea9dc7a46899 15:00:34:031 GetUnityServerInfo - Retrieved 1 servers ...15:00:34:031 WavCryptoEncryptSessionKey(...) ...15:00:34:110 WavCryptoEncryptSessionKey(...) - 00000000 15:00:34:109 EncryptSessionKeys - WavCryptoEncryptSessionKey(eENCRYPTED_CIPHER_KEY_V1) returned: 0 15:00:34:110 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.szServerDirId to: 2a592d28cd7ee94b81baea9dc7a46899 15:00:34:125 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.SerialNum to: lwvr9yw/70GFEG3gy2I/wQ== 15:00:34:126 WavCryptoEncryptSessionKey(...) ...15:00:34:203 WavCryptoEncryptSessionKey(...) - 00000000 15:00:34:204 EncryptSessionKeys - WavCryptoEncryptSessionKey(eENCRYPTED_CIPHER_KEY_DOWNLEVEL) returned: 0
RPC Binding & Authorization
EncryptSessionKeys begins
Query SQL Servers Table
Server Name & DirectoryID
Succeeded EncryptingSession Key in V1 Format
Writing ServerID andSerialNum to Output Param
Succeeded EncryptingSession Key in DL Format
© 2006 Cisco Systems, Inc. All rights reserved. 39
Log of TUI Decryption (AvCsMgr Part 1)15:00:49:968 COM CAvMiuCall::GetMediaCharacteristics(...) entered. ...15:00:49:968 Added to StreamListCache: StreamList for StreamID {C3A401E0-03E2-4892-BF22-0FE51FA302DB} (Size 1) ...15:00:49:968 CAvMiuWave::DecryptSessionKey(...) entered. 15:00:49:969 WavCryptoFileIsEncrypted(...) ...15:00:49:969 WavCryptoFileIsEncrypted(...) - 00000001 15:00:49:968 WavCryptoGetKeyHeaders(...) ...15:00:49:969 WavCryptoGetKeyHeaders(...) - 00000000 // - This is when CuSessionKey code is executing -- see diag_AvMMProxySvr!15:00:50:109 Stream 0x07187880 has MediaCharacteristics 0x00000002 (Encrypted) 15:00:50:110 CAvMiuWave::DecryptSessionKey(...) exited with success (0x00000000). ...15:00:50:109 COM CAvMiuCall::GetMediaCharacteristics(...) exited with HRESULT 0x00000000 (S_OK). ...// - Conversation plays appropriate prompts here...
Finds if Unencrypted,Encrypted, or Expired
Message Playback –GUID to ID StreamList
File is Encrypted
Extracted EncryptedSession Keys from File
CuSessionKey was able to Decrypt Session Key
Message Expired, Error,or Message Headers
© 2006 Cisco Systems, Inc. All rights reserved. 40
Log of TUI Decryption (AvMMProxySvr)15:00:50:032 RpcServerIfCallback - BindString[ncalrpc:LT-2708[CuSessionKeySvr]] SecurityContext[EVONNORM\UnityMsgSvc] ...15:00:50:031 RpcServerIfCallback - Authorized context: EVONNORM\UnityMsgSvc - Allowing access 15:00:50:032 DecryptSessionKeys received incoming RPC call ...15:00:50:031 DecryptSessionKeys - Received list of 1 keys 15:00:50:032 DecryptSessionKeys - Processing Key#1 Key DirID: 2a592d28cd7ee94b81baea9dc7a46899 Computer DirID: 2a592d28cd7ee94b81baea9dc7a46899 15:00:50:031 DecryptSessionKeys - Found key#1 as local server key 15:00:50:032 CDecryptCertCache::FindCertInCache - SerialNum —ë÷ ?ïA….màËb?Á was Found ...15:00:50:032 WavCryptoDecryptSessionKey(...) ...15:00:50:109 WavCryptoDecryptSessionKey(...) - 00000000 15:00:50:110 DecryptSessionKeys - WavCryptoDecryptSessionKey returned: 0 15:00:50:109 DecryptSessionKeys returned 0x00000000
RPC Binding & Authorization
DecryptSessionKeys begins
Found Matching ComputerID
Found Cert in Cachefrom Access DB
Succeeded DecryptingSession Key
© 2006 Cisco Systems, Inc. All rights reserved. 41
Log of TUI Decryption (AvCsMgr Part 2)// - After Conversation plays appropriate prompts...15:00:55:593 COM CAvMiuCall::Play(...) entered. ...15:00:55:593 Found in StreamListCache: StreamList for StreamID {C3A401E0-03E2-4892-BF22-0FE51FA302DB} (Size 1) ...15:00:55:593 CAvMiuWave::Play(...) entered. 15:00:55:594 WavCryptoStoreSessionKey(...) ...15:00:55:641 WavCryptoStoreSessionKey(...) - 00000000 ...15:00:55:656 WavCryptoIORead (47648) ...15:00:55:656 CryptoDecryptDataWithSessionKey(...) ...15:00:55:656 CryptoDecryptDataWithSessionKey(...) - 00000000 ...15:00:55:656 WavCryptoIOProc(uMessage=0) exited (47648) 15:00:55:657 MiuWave (Device 95): Play succeeded on operation WavPlay (0x00000000). 15:00:55:656 CAvMiuWave::Play() beginning WaitFor(WavStopped or StopRequested).
Notice that severalseconds have passed
Same StreamList ID
Pass Decrypted SessionKey to WavCrypt
Read Data from File
Succeeded DecryptingData with Session Key
Wait for Play toComplete as normal
© 2006 Cisco Systems, Inc. All rights reserved. 42
Log of IVC Message Encryption (Part 1)14:06:10 This voice attachment will be encrypted14:06:10 "EncryptVoiceMsg()": Enter...14:06:10 Refreshing the cached Public key for all the Servers....14:06:10 Search String: (&(objectCategory=Computer)(ciscoEcsbuObjectType=14)(ciscoEcsbuUMLocationObjectId=*))...14:06:10 Current message attachment will be encrypted with the public keys of Unity and Voice Connector server(s): EXCHINTCUTY EXCHINTPUTY1 EXCHINTPUTY2 EXCHINTSDC EXCHINTSUTY UNITY (...)...14:06:10 "EncryptVoiceMsg()":Found public key for 6 Unity and Voice Connector server(s)....14:06:10 "CAvEncrypt::EncryptWavFile(...)": Enter...14:06:10 WavCryptoCreateSessionKey(...)...14:06:10 WavCryptoCreateSessionKey(...) - 00000000...14:06:10 WavCryptoEncryptWithSessionKey(...)...14:06:10 WavCryptoEncryptWithSessionKey(...) - 0000000014:06:10 "CAvEncrypt::EncryptWavFile(...)": WavCryptoEncryptWithSessionKey Succeeded
Message Encryption begins
Retrieving Servers from AD
6 Servers in this Environment
Created New Session Key
Succeeded EncryptingAudio Data
© 2006 Cisco Systems, Inc. All rights reserved. 43
Log of IVC Message Encryption (Part 2)14:06:11 GetUnityServerInfoIvc - Retrieved 6 servers...14:06:11 EncryptSessionKeys - allocating Key Package size of 2270 bytes14:06:11 WavCryptoEncryptSessionKey(...)...14:06:11 WavCryptoEncryptSessionKey(...) - 0000000014:06:11 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.szServerDirId to: FB2127FB07B91C47A517E04471710C7A14:06:11 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.SerialNum to: J+7a1Hn/2ESdqJxEyGH/xg==// Repeats for other 5 servers....14:06:11 WavCryptoEncryptSessionKey(...)...14:06:11 WavCryptoEncryptSessionKey(...) - 00000000// Repeats for other 5 servers....14:06:11 "CAvEncrypt::EncryptWavFile(...)": EncryptSessionKeys Succeeded14:06:11 WavCryptoSetKeyHeaders(...)...14:06:11 WavCryptoSetKeyHeaders(...) - 00000000...14:06:11 "CAvEncrypt::EncryptWavFile(...)": Exit...14:06:11 "EncryptVoiceMsg()": Exit
Succeeded EncryptingSession Key in V1 Format
Writing ServerID andSerialNum to Output Param
Succeeded EncryptingSession Key in DL Format
Succeeded SavingEncrypted Session Keys
Message Encryption is done
© 2006 Cisco Systems, Inc. All rights reserved. 44
Log of IVC Message Decryption (Part 1)14:05:53 Current Message attachment is : Encrypted ....14:05:53 The Voice message is Encrypted, SENSITIVITY is NOT PRIVATE, Option Flags =0X00400444. message Decryption is allowed....14:05:53 Current Message attachment =VoiceMessage.wav is Encrypted, it will be decrypted 14:05:53 "DecryptVoiceMsg()": Enter Function ...14:05:54 WavCryptoFileIsEncrypted(...)...14:05:54 WavCryptoFileIsEncrypted(...) - 00000001...14:05:54 "CAvEncrypt::DecryptWavFile(...)": Enter Function...14:05:54 WavCryptoGetKeyHeaders(...)...14:05:54 WavCryptoGetKeyHeaders(...) - 00000000...14:05:54 GetUnityServerInfoIvc - ExecutingSearch (&(objectCategory=computer)(ciscoEcsbuObjectType=14)(ciscoEcsbuUMLocationObjectId=*))...14:05:54 GetUnityServerInfoIvc - Retrieved 2 servers...14:05:54 GetComputerDirecoryId() - f228ef4b3d159945b88e6717404629b1...
This Location allows OutgoingSecure Message Decryption
Message Decryption begins
File is Encrypted
Extracted EncryptedSession Keys from File
Retrieving Servers from AD
Local ComputerID
© 2006 Cisco Systems, Inc. All rights reserved. 45
Log of IVC Message Decryption (Part 2)14:05:54 DecryptSessionKeys - Received list of 2 keys...14:05:54 DecryptSessionKeys - Found key#2 as local server key...14:05:54 GetAccessCertData - Searching for SerialNum: eNgEMWr+gkeWGQkTi9QG7w== ..14:05:55 FindAccessCertData - Found data for SerialNum: eNgEMWr+gkeWGQkTi9QG7w==14:05:55 GetAccessCertData returned 0x00000000...14:05:55 GetDecryptedV1Data entered...14:05:55 WavCryptoDecryptSessionKey(...)...14:05:55 WavCryptoDecryptSessionKey(...) - 0000000014:05:55 DecryptSessionKeys - WavCryptoDecryptSessionKey returned: 014:05:55 DecryptSessionKeys returned 0x00000000...14:05:55 WavCryptoDecryptWithSessionKey(...)...14:05:55 WavCryptoDecryptWithSessionKey(...) - 0000000014:05:55 "CAvEncrypt::DecryptWavFile(...)": WavCryptoDecryptWithSessionKey Succeeded...14:05:55 "CAvEncrypt::DecryptWavFile(...)": Exit Function...14:05:55 "DecryptVoiceMsg()": Exit Function
Found Matching ComputerID
Found Cert in Cachefrom Access DB
Succeeded DecryptingSession Key
Succeeded DecryptingAudio Data
Message Decryption is done
© 2006 Cisco Systems, Inc. All rights reserved. 46
Log of PC Client Decryption3:18:31.764 PM IN IsWavStreamEncrypted()3:18:31.795 PM OUT IsWavStreamEncrypted() Yes3:18:31.795 PM IN CAvEncrypt::Init()3:18:31.795 PM IN CAvEncrypt::InitTrace()3:18:31.795 PM OUT CAvEncrypt::InitTrace() (S_OK)3:18:31.795 PM OUT CAvEncrypt::Init() (S_OK)3:18:31.795 PM IN GetUserPasswordReg()3:18:31.795 PM OUT GetUserPasswordReg() (S_OK)3:18:31.795 PM IN CAvEncrypt::OpenRPCConnection()3:18:31.795 PM Enter OpenSessionKeyManager(HUJOHN-UNITY1:5050,AlexGates,hujohn-dom1)3:18:31.795 PM TraceWriteStringW: GetBindingHandle - Created bind string(ncacn_ip_tcp:HUJOHN-UNITY1[5050])3:18:32.170 PM TraceWriteStringW: OpenSessionKeyManager(HUJOHN-UNITY1:5050) - Bind returned: 0x000000003:18:32.170 PM OUT CAvEncrypt::OpenRPCConnection() (0x00000000)3:18:32.170 PM IN CAvEncrypt::DecryptVoiceMsg()3:18:32.170 PM IN CAvEncrypt::DecryptWavFile()3:18:32.170 PM IN IsWavStreamEncrypted()3:18:32.170 PM OUT IsWavStreamEncrypted() Yes3:18:32.233 PM WavCryptoGetKeyHeaders Succeeded3:18:32.686 PM TraceWriteStringW: DecryptSessionKeys returned: 0x000000003:18:32.686 PM DecryptSessionKeys() done. (0x00000000)3:18:32.686 PM DecryptSessionKeys Succeeded3:18:32.842 PM WavCryptoDecryptWithSessionKey Succeeded3:18:32.842 PM OUT CAvEncrypt::DecryptWavFile() (0x00000000)3:18:32.842 PM OUT CAvEncrypt::DecryptVoiceMsg() (0x00000000)3:18:32.858 PM Stream is decrypted successfully.
Audio is Encrypted
Tries to Reach UnityServer’s CuSessionKey,
Includes Credentials
Succeeded OpeningCuSessionKey
Succeeded GettingEncrypted Session
Keys from File
Succeeded DecryptingSession Key
Succeeded onAudio Decryption
Decryption complete,Playback begins
© 2006 Cisco Systems, Inc. All rights reserved. 47
Log of CuMessageAgingSvr08:55:25:859 Message Aging Service first run of the day.... 08:55:25:860 Checking if key pair was already created today 08:55:26:015 No key pair created today. Creating one. ...08:55:26:062 At max key pair of: 30 will proceed to age messages 08:55:26:140 Removing Key pair from MyStore ...08:55:26:296 Creating a new key pair. 08:55:26:297 Creating new Key Pair. ...08:55:26:578 Updating Active Directory with new key pair ...09:00:25:859 Message Aging Service has already today. 09:05:25:859 Message Aging Service has already today.
Message Aging checksIf it’s run yet today
No key pair has beencreated yet today
We have 30 key pairs,so must age/delete one
New key pair created
Publish it to AD
Every 5 mins & at start-up,checks if it’s run today
© 2006 Cisco Systems, Inc. All rights reserved. 48
Reference Documents
“Securing Subscriber Messages” chapter of the Security Guide for Cisco Unity 5.0: http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html
Secure Messaging portion of the Cisco Unity Troubleshooting Guide: http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_troubleshooting_guides_list.html
Other portions of the Cisco Unity Troubleshooting Guide for AD Permissions, VMO, Unity Inbox, and VM Interop/Networking
FFS for Secure Messaging: EDCS-513331