voip security
DESCRIPTION
VOIP MultimediaTRANSCRIPT
-
Sipera Systems 1
Sipera Overview
Femto-Cell Security Requirements
-
Sipera Systems 2
Internet Transformation
Old Internet Todays Internet
Transactional
In-band Signaling
Collaboration
Out-band Signaling
E-CommerceVPN
EnterprisesEnterprises ConsumersConsumers
IMSSOA Web 2.0
EnterprisesEnterprises ConsumersConsumersCarriersCarriers
C
a
p
a
b
i
l
i
t
y
A
p
p
l
i
c
a
t
i
o
n
S
e
c
u
r
i
t
y
State-less
OS Focused
Viral Threats
Store and Forward
State-Full
Protocol Aware
Domain Aware
Real-time
-
Sipera Systems 3
Security Layers
End Points
Access
Visiting Home
Apps.
L1 L3
L4 L6
L6 L7
StandardsFocus
SiperaFocus
Glossary
End Points L1 L3 Data Store Client Space Device Management Access
L1 L3 QoS Aggregation Point
Visiting Local Data Caching Access Aware Policy
Home Data Store Applications Interface Service Control Environment Foreign Network Peering Points
-
Sipera Systems 4
ConnectionLayer Security
ApplicationLayer Security
EnablementFeatures
Femto-Cell Business Drivers
Operator business case issues:! Handset Subsidies! Backhaul
Femto-Cell business case drivers:! Better indoor coverage! Subsidized backhaul (Leverage broadband)
-
Sipera Systems 5
IMS coreIMS core
CSCF
GW
Call Server
Media Gateway
PDG
Offering IMS services creates possibilities of zombies attack and hacker attacks .Attacks are possible despite subscription authentication & IPSec/TLS encryption.
Bad guys could be customers
Protocol fuzzingFlood attacksDistributed attacksStealth attacksIMS SPAM
BAD GUYS
Real-time IP servicesrequires special attention to security
IMS Offers a large suite of services that can be accessed through Cellular Network as well as via Internet.
Internet BroadbandFemto
PDSN/PDG provides authentication and encryption but does not protect against zombie and hacker attacks.
Zombies
Zombies
~ 1/2 Billion users
DOrAMobileAccess
PDSN
-
Sipera Systems 6
MGW
SIPServer
MGW
PBX MediaServer
Registrar APPsServer
IVR
Download Tools+
Valid Subscription
IPSEC
Building a VoIP/SIP Attack
BYE Teardown, Phone Rebooter, RedirectionPoison, RegistrationAdder, RegistrationEraser, RegistrationHacker, SIP-Kill, SIP-Proxy-Kill, SIP-RedirectRTP
VoIP/SIP Signaling Manipulation tools
IAXFlooder, INVITE Flooder, kphone-ddos, RTP Flooder, Scapy, SIPBomber, SIPNess, SIPp, SIPsak
VoIP/SIP Packet Creation & Flooding Tools
AuthTool, Cain & Abel, NetDude, Oreka, PSIPDump, SIPomatic, SIPv6 Analyzer, VOIPong, VOMIT, Wireshark
VoIP/SIP Sniffing Tools
RTP InsertSound, RTP MixSound, RTP ProxyVoIP Media Manipulation Tools
enumIAX, iWar, Nessus - SIP-Scan, SIPcrack, SIPSCAN, SiVuS, SMAP, VLANping
VoIP/SIP Scanning & EnumTools
-
Sipera Systems 7
Unique SIP Application Layer Attacks
In 2 years, Sipera VIPER lab has discovered thousands of attacks for SIP/UMA/IMS networks
Proactive approach to finding threats and attacks Also create vaccines for previously unidentified threats
Expertise behind Sipera IPCS products and Sipera LAVA tools
>20108>40
>60
8
>20000
SIP
TotalDistributed Flood
Flood
Reconnaissance
Fuzzing
Signaling attacks on infrastructure
366
7
4
19
SIP
TotalSpam
Stealth
Session Anomalies
Misuse/Spoofing
Signaling attacks on end users
21Total7Misuse/Spoofing
4Floods
10Fuzzing
RTP/RTCP
Media attacks
-
Sipera Systems 8
SIP Network Protection LevelsSGW
Valid IPSec tunnels
Firewall DoSData IPS Firewall DoS Data IPS
TCP Syn Flood
ICMP Flood
Un-authorized Ping to CSCF
HTTP Fuzzing
Microsoft OS Virus
SIP Core
SIP Core
IPCS
SIP Register Flood
SIP SPAM
Presence Update with Spoofed IMSI
RTP Flood
VCC Subscribe Fuzzing
Stealth Attack
Un-authorized Ping to CSCF
ICMP Flood
OS Virus
Legitimate Traffic
Legitimate IKE traffic
-
Sipera Systems 9
Femto-cell Deployment Model
Enterprise
Internet
VoIP Infrastructure
DMZ
External F/W
Internal F/W
SIPAS AAA
Secure Sip
Trunking
F/W NATTraversal
DomainPolicies
L4-L7 IPSSipera
IPCS 520
SiperaIPCS 310
Femto
Femto
Femto
-
Sipera Systems 10
IMS coreIMS core
Media Gateway
HSS Apps Chrg
IP-IP GW
P/S/I CSCFSLF/PDF/IBCF
MGCFMRFCBGCFSGF
MGWMRFPT-MGF
ABGFIBGF
Femto-Cell Integration
SIP Server Call Server
SiperaIPCS EMS
AAA
Internet Access & IP Core
Broadband
Femto
MobileAccess&Core
DOrA
Border Router Sipera IPCS
(other nodes)
Out-of-Band Network
PDSN
SiperaIPCS
SGW
-
Sipera Systems 11
VoIP Infrastructure
Wireless Core
Sipera IPCS
Feature Enablement
External Firewall+NAT
Internal Firewall+NAT
4. Signaling over TCP/UDP
3. Media RTP
1. Static Firewall Channel: to enable secure channel between two IPCS
AAA server
3. Authenticate incoming user
Internet
100 - 1000 media ports
5060 always open
5. SRTP/ERTP Media
2. TLS Setup
DMZ
4. Fingerprint VerificationDoS/DDoS and Fuzzing PreventionAnomaly Detection and PreventionBehavior LearningVoice SPAM Prevention
5. Media Anomaly Detection and Prevention
4. Signaling over TLS
F/W NAT TraversalTFTP Config Proxy
Reverse HTTP Proxy
-
Sipera Systems 12
Sipera Overview
Company Founded in November 2003 HQ in Richardson, Texas Current Headcount: 76 Experienced management team Tier 1 VC Funded
Pure Security for VoIP, Mobile, MultimediaSipera Systems provides comprehensive, application-layer security to enable
pervasive, real-time unified communications (VoIP)