A look at security of Voice over IP protocols
description
Transcript of A look at security of Voice over IP protocols
27 September, 2000 1Lucent Technologies - Proprietary
A look at security
of Voice over IP protocols
Irene GasskoLucent Technologies
Bell LaboratoriesSecure Technologies Department
[email protected] (978)960-5767
27 September, 2000 2Lucent Technologies - Proprietary
Initial incentives
• Features that customer demands• Money-making services• Market penetration• Cost savings
• Security is NOT on the list
27 September, 2000 3Lucent Technologies - Proprietary
27 September, 2000 4Lucent Technologies - Proprietary
Security and Reliability of PSTN
Old days
• Party lines• Unreliable• Low quality• In-band signaling• Vulnerable to
attack• Service theft
Nowadays
• Privacy• Reliability• Quality of Service• Out-of-band
signaling• Hardened• Multiple services
27 September, 2000 5Lucent Technologies - Proprietary
1890
1990
27 September, 2000 6Lucent Technologies - Proprietary
Voice over IP
back to Old days
• Party lines• Unreliable• Low quality• In-band signaling• Add network
vulnerabilities
Nowadays
• Privacy• Reliability• Quality of Service• Out-of-band
signaling• Hardened• Multiple services
27 September, 2000 7Lucent Technologies - Proprietary
Considerations
• Whom or what do we want to protect?• What are the threats we want to protect
against?• What vulnerabilities are known and what
are suggested fixes?• Cost of security versus cost of vulnerability.• System is as secure as its weakest link.• Adding new applications or upgrading
existing ones can break existing security.
27 September, 2000 8Lucent Technologies - Proprietary
Breaking points
• Algorithms• Protocols
Impersonation, chosen protocol attack, connection hijacking, ...
• ImplementationsBuffer overflows, race conditions, power and timing
analysis, ...
• Interactions of several productsExample: Excel, IE and E-mail reader vulnerability
• How to ensure that all implementations are broken?
27 September, 2000 9Lucent Technologies - Proprietary
VoIP Standards
• ITU-T H.323 suite• ETSI TIPHON • IETF SIP
also
• MEGACO• IPSec• TLS• etc
27 September, 2000 10Lucent Technologies - Proprietary
H.323
• H.235 Security and encryption for H-Series (H.323 and other H.245-based) multimedia terminals:
• No privacy for control traffic• No integrity protection for data streams• Vulnerabilities in the protocols: Flooding,
Man-in-the-Middle, session highjacking, etc.• No cryptographic algorithms mandated
or recommended therefore compliant non-interoperable implementations are possible.
27 September, 2000 11Lucent Technologies - Proprietary
TIPHON
• No privacy for control traffic• No integrity and authentication protection
for data streams • For signature and key encryption only one
algorithm is required (RSA), nothing else is even recommended
• Unsafe adaptation of ISO 9798-3 authentication mechanism.
• Patch-up approach to security instead of built-in
27 September, 2000 12Lucent Technologies - Proprietary
Denial of Service
• Bandwidth hogging– QoS mechanisms– Feedback by backchannel
• Useless computation– Karn-Simpson method– Puzzle methodology
• Memory depletion– Policies
27 September, 2000 13Lucent Technologies - Proprietary
SIP
• HTTP-like protocol• Text based• Easier to program
However• Control signaling only• Less capabilities • Needs to interoperate with H.323
27 September, 2000 14Lucent Technologies - Proprietary
Security of SIP
• An attempt to incorporate security from scratch
• Privacy protection of control messages• Some protection against traffic analysis• Many vulnerabilities in the first versions• Denial of service• Weak and inefficient authentication• Too many applications
27 September, 2000 15Lucent Technologies - Proprietary
SIP applications
• Instant messaging• Common Gateway Interface • Java applets • Java Mobile Agents• Simple Object Access Protocol (SOAP) • Network-capable appliances• Other
27 September, 2000 16Lucent Technologies - Proprietary
Appliance networking protocols
• Bluetooth• Jini• WAP• CAL• HAVi• UPnP• OSGi
27 September, 2000 17Lucent Technologies - Proprietary
Initial Deployment of the Telephone NetworkOverhead Wires at Broadway and John Street,
New York, 1890
27 September, 2000 18Lucent Technologies - Proprietary
Conclusions
• Use time-tested public algorithms and protocols
• Follow established secure design guidelines
• Involve security experts from day one• Limit functionality• Audit for vulnerability at each level• Divide and conquer
27 September, 2000 19Lucent Technologies - Proprietary
Password derivation vulnerability• H.235, section 10.3.2 authentication
exchange• Based on ISO/IEC 9798-2 standard• Password derivation:
– size(Password)=N, Key=password– size(Password)<N, Key is padded by zeroes– size(Password)>N, all “extra” password octets are
repeatedly folded into Key by XORing
• If N=7 and password is AmericaAmerica then we get an all-zero key.