karanjit (4).ppt
-
Upload
vikash-singh -
Category
Documents
-
view
239 -
download
0
Transcript of karanjit (4).ppt
-
8/10/2019 karanjit (4).ppt
1/21
SIP Security Mechanisms
Through a secure Software Engineeringapproach
Prajwalan [email protected]
-
8/10/2019 karanjit (4).ppt
2/21
Agenda
Introduction
Security Issues during phases of SDLC
Requirements Engineering
System Design
Implementation
Testing
Open Issues
-
8/10/2019 karanjit (4).ppt
3/21
Introduction
SIPSession Management Protocol, Signalling/Call ControlProtocol
Many Applications:
VoIP, Distributed Classroom, Virtual Meeting, Shared Whiteboard,
Publish/Subscribe based applications etc... Vulnerable to several attacks
Attacks on confidentiality/secrecy (sniffing, traffic analysis)
Attacks on integrity (message tampering, hijack REGISTER)
Attacks on authenticity (spoofing)
Attacks on availability (message fabrication, replay, false proxy )
Countermeasures
TLS/SSL, S/MIME, Digest Authentication, IPSec, and many others ...
-
8/10/2019 karanjit (4).ppt
4/21
Introduction
But, is just considering countermeasures enough ?
No, Not at all
A systematic and disciplined approach of development
Security aspects need to considered in all phases of Software
Development Life Cycle (SDLC)
SQUARE (Security Quality Requirements Engineering)
UMLSec
Safety critical systems require Spiral Model
R. Anderson. Security Engineering: A Guide to Building Dependable Distributed
Systems. Wiley, 2001.
What about other models ?
Waterfall, Agile Development Methods, eXtreme Programming
Software
Engineering
-
8/10/2019 karanjit (4).ppt
5/21
Boehm Spiral Model
RequirementsEngineering
System Design
Implementation
(Coding)
System
Testing and
Customer
Review
-
8/10/2019 karanjit (4).ppt
6/21
Requirements Engineering
What could an end user expect ?
Call should be established with right callee
Media will remain confidential throughout the path
Third party should not be able to see who is calling whom
Caller is charged correctly
It is possible to make calls when caller wants
Security goals
Maintain confidentiality (Encryption)
Integrity protection ( MAC)
DoS protection ( Deal with replay, ... )
Entities involved are authenticated ( Both caller and callee)
-
8/10/2019 karanjit (4).ppt
7/21
Requirements Engineering
Attacks and their impactRisk
Threat Impact
Sniffing the signal messages Loss of privacy
Sniffing the media Loss of privacy
Message tampering (Impersonating,
Hijack REGISTER )
DoS, Loss of Integrity, Incorrect Billing,
Unauthorized Access
Replay DoS, Incorrect Billing
Spam REGISTER and INVITE DoS
Fabricated Messages DoS, Incorrect Billing, UnauthorizedAccess
Tearing down session (e.g. BYE attack,
CANCEL attack)
DoS, Incorrect Billing
-
8/10/2019 karanjit (4).ppt
8/21
Requirements Engineering
Prioritize the Requirements
Requirement Priority Level
Connection to correct callee High
Proper billing High
Connection availability High
Signal Proctection High
Caller and callee identity protection High / Medium ???
Call Quality Medium
Media Protection Medium
-
8/10/2019 karanjit (4).ppt
9/21
System Design
Several security mechanismsWhich one to go for ?
Its important to analyze the tradeoffs associated with each
countermeasure
Lets analyze now
xyz.com
sip:[email protected]:[email protected]
abc.com
Trudy
-
8/10/2019 karanjit (4).ppt
10/21
Digest Authentication
Authenticating Client
No EncryptionNo confidentiality
No guarantee of successful client authenticityUse Identity
Header(RFC 4474)
Digest Authentication UA and Proxy Authentication
* Source of Picture: Sawda, S., Urien, P.: SIPSecurity Attacks and Solutions: A state-of-the-art
review. IEEE Network, (2006)
-
8/10/2019 karanjit (4).ppt
11/21
Identity Header
First Step : Digest Authentication
Second Step :
From
To
Call ID
Date
Cseq
Contact
SHA - 1 RSA
Signature
Base 64
Identity
Private
Key ofProxy
INVITE sip:[email protected] SIP 2.0
From: ...
To: ...Call-ID : ...
Cseq: ...
Contact: ...
Date: ...
Identity: IUSY89KJ%)(HASD=
Identity-Info:
;alg=rsa-
sha1Content-Type:
....
-
8/10/2019 karanjit (4).ppt
12/21
TLS/DTLS
Provides confidentiality as well as integrity
Integrated key management
Hop by HopIntermediate proxies must be trusted
If all the links do not use TLS/DTLS then security may be
compromised
sips: URI is used to indicate that TLS must be used.
TLSTCP, DTLSUDP
If signalling is also done over UDPOnly DTLS may be sufficient
Using DTLS (without RTP) for media may result into high networkoverhead
PKI Problem
-
8/10/2019 karanjit (4).ppt
13/21
S/MIME
Encrypt the MIME body with public key of receiver
Provides both confidentiality and integrity
Entity authentication
Public key of receiverObtained through X.509 certificate(signed by trusted CA )
Additional overhead due to PKI
All the headers cannot be encryptedRequest URI, Via,
Record-Route, To, From, Cseq, Call ID OR, encrypt all the headers along with body and their hash over
header and body + attach unencrypted header
End to End
-
8/10/2019 karanjit (4).ppt
14/21
IPSec
Network layer security, so protects both TCP and UDP
Confidentiality, Integrity, Entity Authentication
Integrated Key Management
Transparent to application But it is also based on PKI
Deployment challenges
SAD, Administrative Rights, Support by all OS
Hop by Hop
It seems like application will have to depend on the platform
Chang, C., Lu, Y.F., Pang, A.C., Kuo, T.W..: Design and
Implementation of SIP Security.
LNCS, vol. 3391, pp. 669--678. Springer, Heidelberg (2005)
-
8/10/2019 karanjit (4).ppt
15/21
Secure RTP
Basically RTP based media protection
ConfidentialityAES in key stream mode
IntegrityHMAC-SHA-1
Replay based DoSSequence Numbers Low network overhead
Key Management Issue
Have to depend on additional SIP signal + TLS or S/MIME
ZRTPkey agreement protocol which performs Diffie-Hellman keyexchange for SRTP, No need of PKI, SAS (Short Authentication String)
What if media is not RTP ?
-
8/10/2019 karanjit (4).ppt
16/21
So Which one to go with ?
Digest + Identity...
S/MIMEPKI problem
IPSecDeployment issues + PKI problem
TLSTrusted Proxies and all intermediate proxis must support it
SRTPKey Distribution issues and supports only RTP
DTLSTLS problems + network overhead if RTP is not used.
Requirement Solution
Connection to correct callee TLS/DTLS, S/MIME, IPSec
Proper billing Digest, TLS/DTLS, S/MIME, IPSec
Connection availability ???
Signal Proctection TLS/DTLS, S/MIME, IPSec
Caller and callee identity protection Digest, TLS/DTLS, S/MIME, IPSec
Call Quality ???
Media Protection DTLS, SRTP, IPSec
-
8/10/2019 karanjit (4).ppt
17/21
Implementation
Configuration of different servers such as DNS, Proxies etc...
Developing custom proxies, UAs
JAIN SIP + JAIN SDP from Sun Microsystems and NIST
SIP Servlet
SIP API for J2ME from Sun Microsystems and Nokia
As per recent documentation, none provides API support for above
security mechanismsDifferent API needed
Open SSLStrictly C based with Unix libraries
Java and .NET based API Visual C++ (Win 32 and MFC)
Write Responsiblecodes
-
8/10/2019 karanjit (4).ppt
18/21
SIP Security Testing
Should at least focus on security requirements identified in
Requirements Engineering phase
Should be performed by sending malformed SIP requests,
Sending a lot of authenticated and unauthenticated requests
Check of TLS or S/MIME or DTLS or SRTP support
Check if deprecated technologies are used
RTP or media tampering
Buffer overflow and SQL Injection???
-
8/10/2019 karanjit (4).ppt
19/21
SIP Security Testing
Tools:
SIPp:A free Open Source test tool / traffic generator for the SIP protocol.
PROTOS SIP Fuzzer:- Tool that sends a set of malformed SIP messages.
SiVuS:A SIP Vulnerability Scanner that scans for SIP targets and attacks them
SIPNess:A basic tool to construct, send or receive SIP messages
SIPBomber:A sip-protocol [RFC3261] testing tool
SFTF: A SIP Forum test framework to evaluate and report the security and
robustness of a SIP user agent
-
8/10/2019 karanjit (4).ppt
20/21
Open Issues
Denial of Service Attacks
Against UA, Proxies
FloodingSet threshold for each user in the proxy
How to know that proxy is authorized for a particular domain
Attribute Certificate
Existing X.509 fields ??
Will the method described in this paper really result into a
secure SIP based product ?
-
8/10/2019 karanjit (4).ppt
21/21
Summary
SIP is highly vulnerable to several attacks
Security Mechanims are there, but each of them have their
own tradeoffs
Mainly implementation issues and practical problems
Security should be considered through all the phases of SDLC
From Requirements Engineering to Testing