introduction to voip security mark fawcett, head of global professional services, aculab

Introduction to VoIP securityIntroduction to VoIP security

Mark Fawcett, Head of Global Professional Services, Aculab Mark Fawcett, Head of Global

Professional Services, Aculab

Session agenda

Introduction to VoIP security

Security – the basics

Essential technology and terminology

Threats and vulnerabilities

Best practices for VoIP security – recommendations


What do we mean by VoIP security?• Different things to different people• Private users, business users, 3rd party providers, carriers

Privacy

Protection

Technology

The state of VoIP security – are we in trouble?


So, we’re all doomed

Not really• Security and fraud are not new

• e-Security is pretty good

• VoIP security is similar

We’re all saved

Not really• Poacher vs. gamekeeper

• People will make mistakes

Time to look in more detail…


What are the real threats?

Remember, the PSTN isn’t secure either

Before we look at the details, let’s start with the basics…

Eavesdropping

Unauthorised call capture, either internally or

externally

Includes remote speakerphone activation

Toll fraud

Internal misuse or external access to call

services

Rogue call placement

DoS(Denial of Service)

Attacks against call servers, gateways and other network

elements

Session agenda






Security – the basics, 3 principles

It’s all about information (spoken, printed, transmitted, etc.)

Worldwide principles: DOD, CESG, Academia

Eavesdropping

Unauthorised call capture, either internally or

externally

Includes remote speakerphone activation

Toll fraud

Internal misuse or external access to call

services

Rogue call placement

DoS(Denial of Service)

Attacks against call servers, gateways and other network

elements

Confidentiality

Only those who need to know…

Integrity

Who, what, where, when…

Availability

When it absolutely, positively has to be

there…

Security: the basics, threat assessment

So, we have the 3 tenets• Confidentiality

• Integrity

• Availability

But how do we apply them?

Threat assessment• Ask a number of questions

• Specific to the requirement

• Relate them to the 3 tenets

• Always think consequences

Security: the basics, threat assessment

The wrong questions• Can I be overheard or recorded?• Am I talking to who I think I’m talking to?• Can I get through when I need to?

The right questions• What am I trying to protect?• What could happen if I can’t get through?• What information could be compromised if I’m recorded?• What are the costs to my business of toll-fraud / DoS?• What are the real and important consequences?

Consequences

Depends on circumstance• Consider monitoring of VoIP

On the Internet• Joe Public – worried about credit card details – little threat• Terrorist – worried about being monitored – big threat

On a private business LAN• Secure premises, no wireless – little threat• Open premises/access, aggressive competitors – high threat

Consequences: a question of balance

If you focus on Confidentiality• It’s to the detriment of Integrity and Availability• What-ifs and backup plans get forgotten

Example – ACME holding corp. • Need secure communications – so all comms are secured• System’s comms keys expire 1st Jan• No sys-admin on duty• No fallback in place• No communications at all

Security – the basics, some truisms

Security is a form of risk management

Security through obscurity is not security

A chain is only as strong as its weakest link

Nothing is 100% certain…• …except death…• ...and taxes

Session agenda






Encryption

Think of locking a valuable in a safe with a padlock and key• The valuable is your data• The padlock is the algorithm• The key is…the key

There are two main types of lock and key…

Encryption

Symmetric • Basic, strong, padlock• 2 copies of the same key• AES, DES

Asymmetric• Complex strong padlock• 2 different key holes• 2 different keys• Diffie-Hellman, RSA

A word of warning…

Symmetric

Uses a single key to lock/unlock the padlock

The algorithm (padlock) can come in a variety of forms• Some are more complex than others• All are fast (lightweight)• Lots of different modes

Asymmetric

Uses one key to lock the padlock, the other to unlock it

The padlock is very complicated• How’s your prime number and factoring mathematics?• The algorithms are slow

How does it work in practice?• Keys come in pairs, public/private• I publish (or send you) my public key• You write something • You encrypt (lock) it using my public key• I (and only I) can decrypt (unlock) it using my private key

To summarise

Symmetric• Good, strong but basic padlock• Needs copies of the same key – vulnerable to compromise• Fast

Asymmetric• Good, strong and complex padlock• Uses different keys – much less vulnerable to compromise• Slow

Need a fast encryption/decryption algorithm for RTP comms• Symmetric (AES etc.)• Relies on a shared, common, key• Change the key regularly - how to exchange it securely?

Symmetric keys are typically short (in comparison to traffic)• We need a reliable, secure exchange mechanism• Does not need to be fast (real-time)• So we can use asymmetric algorithm to exchange keys

…we have the power…

How to make this work for VoIP

VoIP security – essential technology and terminology

..we have the power, are we ready for some terms…

TLS

Secure RTP (SRTP)

SIPS

IPsec

MIKEY

HMAC SHA-1 / MD5


TLS

Secure RTP (SRTP)

SIPS

IPsec

MIKEY

HMAC SHA-1 / MD5

Transport Layer Security (TLS)

- Cryptographic protocol for Internet applications (supersedes SSL)

- TLS involves three basic phases:

• Peer negotiation for algorithm support

• Key exchange and authentication (RSA, Diffie-Hellman, etc.)

• Message encryption and authentication (Symmetric ciphers: Triple DES, AES; Cryptographic hash function: HMAC-MD5 or HMAC-SHA )


TLS

Secure RTP (SRTP)

SIPS

IPsec

MIKEY

HMAC SHA-1 / MD5

Secure RTP (IETF RFC 3711)• Encryption (confidentiality)• Authentication (message integrity)• Anti-replay protection

- Used for voice and video

- Supports both unicast and multicast

- No key management mechanism

- Utilised only one cipher (AES)


TLS

Secure RTP (SRTP)

SIPS

IPsec

MIKEY

HMAC SHA-1 / MD5

Secure SIP (SIP with TLS)

- Requires support for SIP over TCP (still part of the IETF RFC 3261)

- Protects SIP messages against• Encryption (confidentiality)• Authentication (message integrity)• Anti-replay protection

- Integrated key management with mutual authentication and secure key distribution

- Applied between proxies or UA/proxy


TLS

Secure RTP (SRTP)

SIPS

IPsec

MIKEY

HMAC SHA-1 / MD5

IPsec – secure form of IP tunnelling• Encryption (confidentiality)• Authentication (message integrity)• Anti-replay protection

- Operates at the network layer (OSI L3) while TLS, SRTP, SIPS @ OSI L4-L7- Mainly used for VPN communications- Mandatory security scheme for IPv6- Two operation modes:

-Transport (message body encryption)- Tunnel (whole packet)


TLS

Secure RTP (SRTP)

SIPS

IPsec

MIKEY

HMAC SHA-1 / MD5

MIKEY – Key management procedure- Negotiation of cryptographic keys and security parameters (SP)

- Multimedia Internet KEYing (IETF RFC 3830)

- Designed for real time traffic (SIP/RTP calls, RTSP, streaming, groups, multicast)

- Single or multiple crypto sessions (RTP/RTCP encrypted separately)

• Symmetric key distribution (pre-shared keys, HMAC integrity protection)

• Asymmetric key distribution

• Diffie-Hellman key agreement protected by digital signatures


TLS

Secure RTP (SRTP)

SIPS

IPsec

MIKEY

HMAC SHA-1 / MD5

HMAC – keyed-Hash Message Authentication Code - Verifies data integrity and authenticity of a message

- IETF RFC 2202

- SHA-1 and MD5 are two main types of cryptographic hash functions

- Operate on 512-bit blocks

- Cryptographic strength depends on the hash functions

We have looked at• TLS• Secure RTP (SRTP)• SIPS• IPsec• MIKEY• HMAC SHA-1 / MD5

…we have even more power…


Session agenda






SIP specific vulnerabilities

Eavesdropping

General/directory scanning

Flooding/Fuzzing

Registration highjack/manipulation

Man-in-the-middle

SIP specific vulnerabilities

Session tear-down

Reboot attacks

Redirection

RTP

SPIT

Vishing

What does it all mean?

Confused, uncertain?

You are not alone, what does it all mean?

What does it all mean – an opinion

The reality – business• VoIP deployments are growing, security is keeping pace• Large scale VoIP is being deployed within business LANs• PSTN provides a ‘firebreak’• Firewalls/SBCs can provide IP ‘firebreaks’

The reality – private users• VoIP is used over the Internet (or on connected systems)• Tend to be on ‘soft’ devices• More vulnerable to attack and compromise• Used as a vector to gain remote access


The reality – third party carriers• Huge amount of cheap call providers• Often use VoIP for long-haul/international legs• What is that VoIP being carried over?• How vulnerable are those links?


The reality – tier 1 and 2 carriers• AT&T, BT et al. moving to IP core networks• Does this mean IP/SIP all the way for voice?• Does this mean end-end security will be provided?• Does this mean end-end security could be added by user?• Will an IP carrier look anything like a current, Internet/LAN call?

Session agenda






Recommendations

KISS

Don’t just install products

Audit and trace

Apply updates

Test and attack

Holistic approach

Recommendations

Separate voice and data on different networks• Logical or physical• Different subnets (address blocks) for voice and data traffic

Apply call control security - SIPS• Additionally apply voice traffic security (SRTP)

Secure access• Remote administration of network devices• WPA not WEP for wireless

Recommendations - additional

Border controls• Use protocol breaks• Allow VoIP traffic via an ‘intelligent’ firewall• Don’t rely on firewall bypass protocols/techniques (STUN etc.)• Stateful packet rules and filtering• Avoid soft-phones if possible• Session Border Controllers can be used

PSTN /PLMN

E1/T1 trunks

Router Firewall

Data LAN

VoIP LAN

GatewayVoIPtraffic

Management

Office PCs

IP-PBX

VoIP phones Call centre telephony

server

Private / Public IP

VoIPtraffic

Management

VoIP phonesAnalog phones

Mobile phones

Sample network architecture

VoIP calls pass via the firewall (STUN, TURN,

ICE)

Separate VoIP and data

logical/physical subnets

SIP and RTP are disallowed, OAM&P is via IPsec or SSH

SecureRTP and SIPS

are applied

Any questions?

Have you got any questions?

Summary

Security = Confidentiality, Integrity and Availability

Consequences and threat assessments

VoIP security threats are real

The risks are not new or unique to VoIP

There are several steps that can mitigate/manage threats

Carriers moving to VoIP cores is a different issue

Essential technology: TLS, Secure RTP, SIPS, IPsec, MIKEY

Thank youThank you

[email protected] [email protected]

introduction to voip security mark fawcett, head of global professional services, aculab

Documents