VoIP Security – More VoIP Security – More than Encryption and than Encryption and PKI PKI Henning Schulzrinne (with Kumar Srivastava, Andrea Forte, Takehiro Kawata, Sangho Shin, Xiaotao Wu) Dept. of Computer Science -- Columbia University VoIP Security Workshop Globecom 2004 -- Dallas, Texas December 3, 2004
VoIP Security – More than Encryption and PKI. Henning Schulzrinne (with Kumar Srivastava, Andrea Forte, Takehiro Kawata, Sangho Shin, Xiaotao Wu) Dept. of Computer Science -- Columbia University VoIP Security Workshop Globecom 2004 -- Dallas, Texas December 3, 2004. Evolution of VoIP. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
VoIP Security – More VoIP Security – More than Encryption and PKIthan Encryption and PKI
Dept. of Computer Science -- Columbia UniversityVoIP Security Workshop
Globecom 2004 -- Dallas, TexasDecember 3, 2004
Evolution of VoIPEvolution of VoIP
“amazing – thephone rings”
“does it docall transfer?”
“how can I make itstop ringing?”
1996-2000 2000-2003 2004-
catching upwith the digital PBX
long-distance calling,ca. 1930 going beyond
the black phone
OverviewOverview Primarily VoIP, but most applies to all real-
time, person-to-person communications IM, presence, event notification will be SIP-focused focused on protocol issues, not why vendors don’t
implement security Why is VoIP different? Basic protocol integrity Infrastructure protection User information privacy Safe service creation Spam, spit and other unsavory things
Why is VoIP (+IM) security Why is VoIP (+IM) security different?different? Hardware end systems with limited resources:
modest stable storage (flash) modest computational capabilities very basic UI (few buttons, small screen) limited interfaces (e.g., no USB)
Communication associations with strangers VPN-style models don’t work Cannot pre-negotiate secrets ACLs don’t work
Mobile users temporary device users session and profile mobility
Privacy implications Emergency calling vs. IM/presence privacy
Security issues: other Security issues: other threatsthreats “bluebugging”
= turn on microphone or camera via virus-inserted remote control
provide user-observable activity indications
phishing impersonate credit card company or bank
power drain attacks protocol or virus e.g., disable sleep mode or “off” button large-scale denial-of-service
A SIP-based security A SIP-based security architecturearchitecture
TLSDigest
authenticationsignaling S/MIME
media S/RTP
identityauthenticatedidentity body
assertedidentity
speaker recognitionface recognition
trust
builds on
conveyed in
controls
domainreputation
personalreputation
socialnetworks
hop-by-hop end-to-end
SIP and securitySIP and security Designed in 1996 modest security emphasis Easy to backfit:
channel security (primarily TLS) end-to-end body protection (initially PGP, now
S/MIME) Proven to be harder and uglier:
end-to-middle security allow inspection by designated proxy
mixture of originator-signed and proxy-modifiable header information
Via and Record-Route vs. To, From, Subject middle-to-end security
signing of middle-inserted information
DOS attack preventionDOS attack prevention
userauthentication
return routability
port filtering (SIP only)address-based rate limiting
UDP: SIPTCP: SYN attack precautions neededSCTP: built-in
DNS for mapping SIP proxies SIP end systems at PSAP
types of attacks: amplification only if no
routability check, no TCP, no TLS
state exhaustion no state until return routability established
bandwidth exhaustion no defense except filters for repeats
one defense: big iron & fat pipe
danger of false positives
unclear: number of DOS attacks using spoofed IP addresses mostly for networks not
following RFC 2267 (“Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”)
limit impact of DOS: require return routability built-in mechanism for SIP
(“null authentication”) also provided by TLS allow filtering of attacker
IP addresses (pushback)
TLSTLS End-to-end
security S/MIME but PKI issues proxy inspection
of messages TLS as convenient
alternatives need only server
certificates allows inspection
for 911 services and CALEA
hop-by-hop
home.comDigest
TLS performanceTLS performance
TLS performanceTLS performanceKey Size vs Time taken to initiate, setup and complete a SSL connection
0
200
400
600
800
1000
1200
1400
1600
1800
1024 2048 4096
Key size (bits)
Tim
e (
milliseco
nd
s)
Time taken to send connection request to serverTime taken to accept connection request from clientTime taken to send connection accept to client over network
TLS performanceTLS performanceKey Size Vs Total time taken to set up a SSL connection
0
200
400
600
800
1000
1200
1400
1600
1800
1024 2048 4096
Key Size (Bits)
Tim
e (
Milliseco
nd
s)
Total time taken to setup SSL connection at the client Total time taken to setup SSL connection at the server
GEOPRIV and SIMPLE GEOPRIV and SIMPLE architecturesarchitectures