Introduction to VoIP security

Download Report

Transcript Introduction to VoIP security

Introduction to VoIP security
Mark Fawcett, Head of Global
Professional Services, Aculab
Session agenda
Introduction to VoIP security
Security – the basics
Essential technology and terminology
Threats and vulnerabilities
Best practices for VoIP security – recommendations
Session agenda
Introduction to VoIP security
Security – the basics
Essential technology and terminology
Threats and vulnerabilities
Best practices for VoIP security – recommendations
Introduction to VoIP security
What do we mean by VoIP security?
• Different things to different people
• Private users, business users, 3rd party providers, carriers
Privacy
Protection
Technology
The state of VoIP security – are we in trouble?
Introduction to VoIP security
So, we’re all doomed
Not really
• Security and fraud are not new
• e-Security is pretty good
• VoIP security is similar
We’re all saved
Not really
• Poacher vs. gamekeeper
• People will make mistakes
Time to look in more detail…
Introduction to VoIP security
What are the real threats?
Eavesdropping
Unauthorised call capture,
either internally or
externally
Includes remote
speakerphone activation
Toll fraud
Internal misuse or
external access to call
services
Rogue call
placement
DoS
(Denial of Service)
Attacks against call servers,
gateways and other network
elements
Remember, the PSTN isn’t secure either
Before we look at the details, let’s start with the basics…
Session agenda
Introduction to VoIP security
Security – the basics
Essential technology and terminology
Threats and vulnerabilities
Best practices for VoIP security – recommendations
Security – the basics, 3 principles
It’s all about information (spoken, printed, transmitted, etc.)
Eavesdropping
Unauthorised call capture,
Confidentiality
either internally or
externally
Only those who need to
Includes
remote
know…
speakerphone activation
Toll fraud
Integrity
Internal misuse or
external access to call
Who, services
what, where,
when…
Rogue call
placement
DoS
(Denial
of Service)
Availability
Attacks against call servers,
Whenand
it absolutely,
gateways
other network
positively
has to be
elements
Worldwide principles: DOD, CESG, Academia
there…
Security: the basics, threat assessment
So, we have the 3 tenets
• Confidentiality
• Integrity
• Availability
But how do we apply them?
Threat assessment
•
•
•
•
Ask a number of questions
Specific to the requirement
Relate them to the 3 tenets
Always think consequences
Security: the basics, threat assessment
The wrong questions
• Can I be overheard or recorded?
• Am I talking to who I think I’m talking to?
• Can I get through when I need to?
The right questions
•
•
•
•
•
What am I trying to protect?
What could happen if I can’t get through?
What information could be compromised if I’m recorded?
What are the costs to my business of toll-fraud / DoS?
What are the real and important consequences?
Consequences
Depends on circumstance
• Consider monitoring of VoIP
On the Internet
• Joe Public – worried about credit card details – little threat
• Terrorist – worried about being monitored – big threat
On a private business LAN
• Secure premises, no wireless – little threat
• Open premises/access, aggressive competitors – high threat
Consequences: a question of balance
If you focus on Confidentiality
• It’s to the detriment of Integrity and Availability
• What-ifs and backup plans get forgotten
Example – ACME holding corp.
•
•
•
•
•
Need secure communications – so all comms are secured
System’s comms keys expire 1st Jan
No sys-admin on duty
No fallback in place
No communications at all
Security – the basics, some truisms
Security is a form of risk management
Security through obscurity is not security
A chain is only as strong as its weakest link
Nothing is 100% certain…
• …except death…
• ...and taxes
Session agenda
Introduction to VoIP security
Security – the basics
Essential technology and terminology
Threats and vulnerabilities
Best practices for VoIP security – recommendations
Encryption
Think of locking a valuable in a safe with a padlock and key
• The valuable is your data
• The padlock is the algorithm
• The key is…the key
There are two main types of lock and key…
Encryption
Symmetric
• Basic, strong, padlock
• 2 copies of the same key
• AES, DES
Asymmetric
•
•
•
•
Complex strong padlock
2 different key holes
2 different keys
Diffie-Hellman, RSA
A word of warning…
Symmetric
Uses a single key to lock/unlock the padlock
The algorithm (padlock) can come in a variety of forms
• Some are more complex than others
• All are fast (lightweight)
• Lots of different modes
Asymmetric
Uses one key to lock the padlock, the other to unlock it
The padlock is very complicated
• How’s your prime number and factoring mathematics?
• The algorithms are slow
How does it work in practice?
•
•
•
•
•
Keys come in pairs, public/private
I publish (or send you) my public key
You write something
You encrypt (lock) it using my public key
I (and only I) can decrypt (unlock) it using my private key
To summarise
Symmetric
• Good, strong but basic padlock
• Needs copies of the same key – vulnerable to compromise
• Fast
Asymmetric
• Good, strong and complex padlock
• Uses different keys – much less vulnerable to compromise
• Slow
How to make this work for VoIP
Need a fast encryption/decryption algorithm for RTP comms
• Symmetric (AES etc.)
• Relies on a shared, common, key
• Change the key regularly - how to exchange it securely?
Symmetric keys are typically short (in comparison to traffic)
• We need a reliable, secure exchange mechanism
• Does not need to be fast (real-time)
• So we can use asymmetric algorithm to exchange keys
…we have the power…
VoIP security – essential technology and terminology
..we have the power, are we ready for some terms…
TLS
Secure RTP (SRTP)
SIPS
IPsec
MIKEY
HMAC SHA-1 / MD5
VoIP security – essential technology and terminology
TLS
Secure RTP (SRTP)
SIPS
IPsec
MIKEY
HMAC SHA-1 / MD5
Transport Layer Security (TLS)
- Cryptographic protocol for Internet
applications (supersedes SSL)
- TLS involves three basic phases:
• Peer negotiation for algorithm support
• Key exchange and authentication (RSA,
Diffie-Hellman, etc.)
• Message encryption and authentication
(Symmetric ciphers: Triple DES, AES;
Cryptographic hash function: HMAC-MD5
or HMAC-SHA )
VoIP security – essential technology and terminology
TLS
Secure RTP (SRTP)
SIPS
IPsec
MIKEY
HMAC SHA-1 / MD5
Secure RTP (IETF RFC 3711)
• Encryption (confidentiality)
• Authentication (message integrity)
• Anti-replay protection
- Used for voice and video
- Supports both unicast and multicast
- No key management mechanism
- Utilised only one cipher (AES)
VoIP security – essential technology and terminology
TLS
Secure RTP (SRTP)
SIPS
IPsec
MIKEY
HMAC SHA-1 / MD5
Secure SIP (SIP with TLS)
- Requires support for SIP over TCP (still
part of the IETF RFC 3261)
- Protects SIP messages against
• Encryption (confidentiality)
• Authentication (message integrity)
• Anti-replay protection
- Integrated key management with mutual
authentication and secure key distribution
- Applied between proxies or UA/proxy
VoIP security – essential technology and terminology
TLS
Secure RTP (SRTP)
SIPS
IPsec
MIKEY
HMAC SHA-1 / MD5
IPsec – secure form of IP tunnelling
• Encryption (confidentiality)
• Authentication (message integrity)
• Anti-replay protection
- Operates at the network layer (OSI L3)
while TLS, SRTP, SIPS @ OSI L4-L7
- Mainly used for VPN communications
- Mandatory security scheme for IPv6
- Two operation modes:
-Transport (message body encryption)
- Tunnel (whole packet)
VoIP security – essential technology and terminology
TLS
Secure RTP (SRTP)
SIPS
IPsec
MIKEY
HMAC SHA-1 / MD5
MIKEY – Key management procedure
- Negotiation of cryptographic keys and security
parameters (SP)
- Multimedia Internet KEYing (IETF RFC 3830)
- Designed for real time traffic (SIP/RTP calls,
RTSP, streaming, groups, multicast)
- Single or multiple crypto sessions (RTP/RTCP
encrypted separately)
• Symmetric key distribution (pre-shared
keys, HMAC integrity protection)
• Asymmetric key distribution
• Diffie-Hellman key agreement protected
by digital signatures
VoIP security – essential technology and terminology
TLS
Secure RTP (SRTP)
SIPS
IPsec
MIKEY
HMAC SHA-1 / MD5
HMAC – keyed-Hash Message
Authentication Code
- Verifies data integrity and authenticity of
a message
- IETF RFC 2202
- SHA-1 and MD5 are two main types of
cryptographic hash functions
- Operate on 512-bit blocks
- Cryptographic strength depends on the
hash functions
VoIP security – essential technology and terminology
We have looked at
•
•
•
•
•
•
TLS
Secure RTP (SRTP)
SIPS
IPsec
MIKEY
HMAC SHA-1 / MD5
…we have even more power…
Session agenda
Introduction to VoIP security
Security – the basics
Essential technology and terminology
Threats and vulnerabilities
Best practices for VoIP security – recommendations
SIP specific vulnerabilities
Eavesdropping
General/directory scanning
Flooding/Fuzzing
Registration highjack/manipulation
Man-in-the-middle
SIP specific vulnerabilities
Session tear-down
Reboot attacks
Redirection
RTP
SPIT
Vishing
What does it all mean?
Confused, uncertain?
You are not alone, what does it all mean?
What does it all mean – an opinion
The reality – business
•
•
•
•
VoIP deployments are growing, security is keeping pace
Large scale VoIP is being deployed within business LANs
PSTN provides a ‘firebreak’
Firewalls/SBCs can provide IP ‘firebreaks’
The reality – private users
•
•
•
•
VoIP is used over the Internet (or on connected systems)
Tend to be on ‘soft’ devices
More vulnerable to attack and compromise
Used as a vector to gain remote access
What does it all mean – an opinion
The reality – third party carriers
•
•
•
•
Huge amount of cheap call providers
Often use VoIP for long-haul/international legs
What is that VoIP being carried over?
How vulnerable are those links?
What does it all mean – an opinion
The reality – tier 1 and 2 carriers
•
•
•
•
•
AT&T, BT et al. moving to IP core networks
Does this mean IP/SIP all the way for voice?
Does this mean end-end security will be provided?
Does this mean end-end security could be added by user?
Will an IP carrier look anything like a current, Internet/LAN call?
Session agenda
Introduction to VoIP security
Security – the basics
Essential technology and terminology
Threats and vulnerabilities
Best practices for VoIP security – recommendations
Recommendations
KISS
Don’t just install products
Audit and trace
Apply updates
Test and attack
Holistic approach
Recommendations
Separate voice and data on different networks
• Logical or physical
• Different subnets (address blocks) for voice and data traffic
Apply call control security - SIPS
• Additionally apply voice traffic security (SRTP)
Secure access
• Remote administration of network devices
• WPA not WEP for wireless
Recommendations - additional
Border controls
•
•
•
•
•
•
Use protocol breaks
Allow VoIP traffic via an ‘intelligent’ firewall
Don’t rely on firewall bypass protocols/techniques (STUN etc.)
Stateful packet rules and filtering
Avoid soft-phones if possible
Session Border Controllers can be used
Sample network architecture
Separate SecureRTP
VoIP
and dataand SIPS
logical/physical
are applied
subnets
VoIP phones
Call centre
telephony
server
Mobile phones
VoIP LAN
VoIP
traffic
PSTN /
PLMN
Gateway
VoIP
traffic
IP-PBX
E1/T1 trunks
Router
Firewall
Private /
Public IP
Management
Management
Data LAN
VoIP phones
Analog phones
SIP and RTP
are disallowed,
OAM&P is via
IPsec or SSH
Office PCs
VoIP calls pass
via the firewall
(STUN, TURN,
ICE)
Any questions?
Have you got any questions?
Summary
Security = Confidentiality, Integrity and Availability
Consequences and threat assessments
VoIP security threats are real
The risks are not new or unique to VoIP
There are several steps that can mitigate/manage threats
Carriers moving to VoIP cores is a different issue
Essential technology: TLS, Secure RTP, SIPS, IPsec, MIKEY
Thank you
[email protected]