Transcript Tulsa talk

A look at security
of Voice over IP protocols
Irene Gassko
Lucent Technologies
Bell Laboratories
Secure Technologies Department
[email protected]
(978)960-5767
27 September, 2000
1
Lucent Technologies - Proprietary
Initial incentives
•
•
•
•
Features that customer demands
Money-making services
Market penetration
Cost savings
• Security is NOT on the list
27 September, 2000
2
Lucent Technologies - Proprietary
27 September, 2000
3
Lucent Technologies - Proprietary
Security and Reliability of
PSTN
Old days
•
•
•
•
•
•
Nowadays
•
•
•
•
•
•
Party lines
Unreliable
Low quality
In-band signaling
Vulnerable to attack
Service theft
27 September, 2000
4
Privacy
Reliability
Quality of Service
Out-of-band signaling
Hardened
Multiple services
Lucent Technologies - Proprietary
1990
1890
27 September, 2000
5
Lucent Technologies - Proprietary
Voice over IP
back to Old
•
•
•
•
•
days
Nowadays
•
•
•
•
•
•
Party lines
Unreliable
Low quality
In-band signaling
Add network
vulnerabilities
27 September, 2000
6
Privacy
Reliability
Quality of Service
Out-of-band signaling
Hardened
Multiple services
Lucent Technologies - Proprietary
Considerations
• Whom or what do we want to protect?
• What are the threats we want to protect
against?
• What vulnerabilities are known and what are
suggested fixes?
• Cost of security versus cost of vulnerability.
• System is as secure as its weakest link.
• Adding new applications or upgrading
existing ones can break existing security.
27 September, 2000
7
Lucent Technologies - Proprietary
Breaking points
• Algorithms
• Protocols
Impersonation, chosen protocol attack, connection
hijacking, ...
• Implementations
Buffer overflows, race conditions, power and timing
analysis, ...
• Interactions of several products
Example: Excel, IE and E-mail reader vulnerability
• How to ensure that all implementations are broken?
27 September, 2000
8
Lucent Technologies - Proprietary
VoIP Standards
• ITU-T H.323 suite
• ETSI TIPHON
• IETF SIP
also
•
•
•
•
MEGACO
IPSec
TLS
etc
27 September, 2000
9
Lucent Technologies - Proprietary
H.323
• H.235 Security and encryption for H-Series
(H.323 and other H.245-based) multimedia
terminals:
• No privacy for control traffic
• No integrity protection for data streams
• Vulnerabilities in the protocols: Flooding,
Man-in-the-Middle, session highjacking, etc.
• No cryptographic algorithms mandated
or recommended therefore compliant noninteroperable
implementations
are possible.
27 September, 2000
10
Lucent Technologies - Proprietary
TIPHON
• No privacy for control traffic
• No integrity and authentication protection for
data streams
• For signature and key encryption only one
algorithm is required (RSA), nothing else is
even recommended
• Unsafe adaptation of ISO 9798-3
authentication mechanism.
• Patch-up approach to security instead of
27 September, 2000
11
built-in
Lucent Technologies - Proprietary
Denial of Service
• Bandwidth hogging
– QoS mechanisms
– Feedback by backchannel
• Useless computation
– Karn-Simpson method
– Puzzle methodology
• Memory depletion
– Policies
27 September, 2000
12
Lucent Technologies - Proprietary
SIP
• HTTP-like protocol
• Text based
• Easier to program
However
• Control signaling only
• Less capabilities
• Needs to interoperate with H.323
27 September, 2000
13
Lucent Technologies - Proprietary
Security of SIP
• An attempt to incorporate security from
scratch
• Privacy protection of control messages
• Some protection against traffic analysis
• Many vulnerabilities in the first versions
• Denial of service
• Weak and inefficient authentication
• Too many applications
27 September, 2000
14
Lucent Technologies - Proprietary
SIP applications
• Instant messaging
• Common Gateway Interface
• Java applets
• Java Mobile Agents
• Simple Object Access Protocol (SOAP)
• Network-capable appliances
• Other
27 September, 2000
15
Lucent Technologies - Proprietary
Appliance networking
protocols
•
•
•
•
•
•
•
Bluetooth
Jini
WAP
CAL
HAVi
UPnP
OSGi
27 September, 2000
16
Lucent Technologies - Proprietary
Initial Deployment of the Telephone Network
Overhead Wires at Broadway and John Street,
New York, 1890
27 September, 2000
17
Lucent Technologies - Proprietary
Conclusions
• Use time-tested public algorithms and
protocols
• Follow established secure design
guidelines
• Involve security experts from day one
• Limit functionality
• Audit for vulnerability at each level
• Divide and conquer
27 September, 2000
18
Lucent Technologies - Proprietary
Password derivation
vulnerability
• H.235, section 10.3.2 authentication
exchange
• Based on ISO/IEC 9798-2 standard
• Password derivation:
– size(Password)=N, Key=password
– size(Password)<N, Key is padded by zeroes
– size(Password)>N, all “extra” password octets are
repeatedly folded into Key by XORing
• If N=7 and password is AmericaAmerica
then we get an all-zero key.
27 September, 2000
19
Lucent Technologies - Proprietary