karanjit (4).ppt

8/10/2019 karanjit (4).ppt

1/21

SIP Security Mechanisms

Through a secure Software Engineeringapproach

Prajwalan [email protected]


2/21

Agenda

Introduction

Security Issues during phases of SDLC

Requirements Engineering

System Design

Implementation

Testing

Open Issues


3/21

Introduction

SIPSession Management Protocol, Signalling/Call ControlProtocol

Many Applications:

VoIP, Distributed Classroom, Virtual Meeting, Shared Whiteboard,

Publish/Subscribe based applications etc... Vulnerable to several attacks

Attacks on confidentiality/secrecy (sniffing, traffic analysis)

Attacks on integrity (message tampering, hijack REGISTER)

Attacks on authenticity (spoofing)

Attacks on availability (message fabrication, replay, false proxy )

Countermeasures

TLS/SSL, S/MIME, Digest Authentication, IPSec, and many others ...


4/21

Introduction

But, is just considering countermeasures enough ?

No, Not at all

A systematic and disciplined approach of development

Security aspects need to considered in all phases of Software

Development Life Cycle (SDLC)

SQUARE (Security Quality Requirements Engineering)

UMLSec

Safety critical systems require Spiral Model

R. Anderson. Security Engineering: A Guide to Building Dependable Distributed

Systems. Wiley, 2001.

What about other models ?

Waterfall, Agile Development Methods, eXtreme Programming

Software

Engineering


5/21

Boehm Spiral Model

RequirementsEngineering

System Design

Implementation

(Coding)

System

Testing and

Customer

Review


6/21


What could an end user expect ?

Call should be established with right callee

Media will remain confidential throughout the path

Third party should not be able to see who is calling whom

Caller is charged correctly

It is possible to make calls when caller wants

Security goals

Maintain confidentiality (Encryption)

Integrity protection ( MAC)

DoS protection ( Deal with replay, ... )

Entities involved are authenticated ( Both caller and callee)


7/21


Attacks and their impactRisk

Threat Impact

Sniffing the signal messages Loss of privacy

Sniffing the media Loss of privacy

Message tampering (Impersonating,

Hijack REGISTER )

DoS, Loss of Integrity, Incorrect Billing,

Unauthorized Access

Replay DoS, Incorrect Billing

Spam REGISTER and INVITE DoS

Fabricated Messages DoS, Incorrect Billing, UnauthorizedAccess

Tearing down session (e.g. BYE attack,

CANCEL attack)

DoS, Incorrect Billing


8/21


Prioritize the Requirements

Requirement Priority Level

Connection to correct callee High

Proper billing High

Connection availability High

Signal Proctection High

Caller and callee identity protection High / Medium ???

Call Quality Medium

Media Protection Medium


9/21

System Design

Several security mechanismsWhich one to go for ?

Its important to analyze the tradeoffs associated with each

countermeasure

Lets analyze now

xyz.com

sip:[email protected]:[email protected]

abc.com

Trudy


10/21

Digest Authentication

Authenticating Client

No EncryptionNo confidentiality

No guarantee of successful client authenticityUse Identity

Header(RFC 4474)

Digest Authentication UA and Proxy Authentication

* Source of Picture: Sawda, S., Urien, P.: SIPSecurity Attacks and Solutions: A state-of-the-art

review. IEEE Network, (2006)


11/21

Identity Header

First Step : Digest Authentication

Second Step :

From

To

Call ID

Date

Cseq

Contact

SHA - 1 RSA

Signature

Base 64

Identity

Private

Key ofProxy

INVITE sip:[email protected] SIP 2.0

From: ...

To: ...Call-ID : ...

Cseq: ...

Contact: ...

Date: ...

Identity: IUSY89KJ%)(HASD=

Identity-Info:

;alg=rsa-

sha1Content-Type:

....


12/21

TLS/DTLS

Provides confidentiality as well as integrity

Integrated key management

Hop by HopIntermediate proxies must be trusted

If all the links do not use TLS/DTLS then security may be

compromised

sips: URI is used to indicate that TLS must be used.

TLSTCP, DTLSUDP

If signalling is also done over UDPOnly DTLS may be sufficient

Using DTLS (without RTP) for media may result into high networkoverhead

PKI Problem


13/21

S/MIME

Encrypt the MIME body with public key of receiver

Provides both confidentiality and integrity

Entity authentication

Public key of receiverObtained through X.509 certificate(signed by trusted CA )

Additional overhead due to PKI

All the headers cannot be encryptedRequest URI, Via,

Record-Route, To, From, Cseq, Call ID OR, encrypt all the headers along with body and their hash over

header and body + attach unencrypted header

End to End


14/21

IPSec

Network layer security, so protects both TCP and UDP

Confidentiality, Integrity, Entity Authentication

Integrated Key Management

Transparent to application But it is also based on PKI

Deployment challenges

SAD, Administrative Rights, Support by all OS

Hop by Hop

It seems like application will have to depend on the platform

Chang, C., Lu, Y.F., Pang, A.C., Kuo, T.W..: Design and

Implementation of SIP Security.

LNCS, vol. 3391, pp. 669--678. Springer, Heidelberg (2005)


15/21

Secure RTP

Basically RTP based media protection

ConfidentialityAES in key stream mode

IntegrityHMAC-SHA-1

Replay based DoSSequence Numbers Low network overhead

Key Management Issue

Have to depend on additional SIP signal + TLS or S/MIME

ZRTPkey agreement protocol which performs Diffie-Hellman keyexchange for SRTP, No need of PKI, SAS (Short Authentication String)

What if media is not RTP ?


16/21

So Which one to go with ?

Digest + Identity...

S/MIMEPKI problem

IPSecDeployment issues + PKI problem

TLSTrusted Proxies and all intermediate proxis must support it

SRTPKey Distribution issues and supports only RTP

DTLSTLS problems + network overhead if RTP is not used.

Requirement Solution

Connection to correct callee TLS/DTLS, S/MIME, IPSec

Proper billing Digest, TLS/DTLS, S/MIME, IPSec

Connection availability ???

Signal Proctection TLS/DTLS, S/MIME, IPSec

Caller and callee identity protection Digest, TLS/DTLS, S/MIME, IPSec

Call Quality ???

Media Protection DTLS, SRTP, IPSec


17/21

Implementation

Configuration of different servers such as DNS, Proxies etc...

Developing custom proxies, UAs

JAIN SIP + JAIN SDP from Sun Microsystems and NIST

SIP Servlet

SIP API for J2ME from Sun Microsystems and Nokia

As per recent documentation, none provides API support for above

security mechanismsDifferent API needed

Open SSLStrictly C based with Unix libraries

Java and .NET based API Visual C++ (Win 32 and MFC)

Write Responsiblecodes


18/21

SIP Security Testing

Should at least focus on security requirements identified in

Requirements Engineering phase

Should be performed by sending malformed SIP requests,

Sending a lot of authenticated and unauthenticated requests

Check of TLS or S/MIME or DTLS or SRTP support

Check if deprecated technologies are used

RTP or media tampering

Buffer overflow and SQL Injection???


19/21

SIP Security Testing

Tools:

SIPp:A free Open Source test tool / traffic generator for the SIP protocol.

PROTOS SIP Fuzzer:- Tool that sends a set of malformed SIP messages.

SiVuS:A SIP Vulnerability Scanner that scans for SIP targets and attacks them

SIPNess:A basic tool to construct, send or receive SIP messages

SIPBomber:A sip-protocol [RFC3261] testing tool

SFTF: A SIP Forum test framework to evaluate and report the security and

robustness of a SIP user agent


20/21

Open Issues

Denial of Service Attacks

Against UA, Proxies

FloodingSet threshold for each user in the proxy

How to know that proxy is authorized for a particular domain

Attribute Certificate

Existing X.509 fields ??

Will the method described in this paper really result into a

secure SIP based product ?


21/21

Summary

SIP is highly vulnerable to several attacks

Security Mechanims are there, but each of them have their

own tradeoffs

Mainly implementation issues and practical problems

Security should be considered through all the phases of SDLC

From Requirements Engineering to Testing

karanjit (4).ppt

Documents

Transcript of karanjit (4).ppt