300 likes | 477 Views
Secure Videoconferencing Today. Jill Gemmill University of Alabama at Birmingham jgemmill@uab.edu. Why is security for videoconferencing needed today?. Some applications require privacy: Telemedicine: for patient comfort and HIPAA requirements
E N D
Secure Videoconferencing Today Jill GemmillUniversity of Alabama at Birminghamjgemmill@uab.edu
Why is security for videoconferencing needed today? • Some applications require privacy: • Telemedicine: for patient comfort and HIPAA requirements • Sensitive meetings: grant reviews; counter-terrorism planning • The Internet is no longer a friendly place: any network connected system is a target for attacks.
What is meant by “videoconference security”? • At a “gut level”, we might think of: • No eavesdropping • No denial of service or break-ins • No “spamming” (video/voice from unwanted visitors) • Making sure resources like MCU’s are used only by those authorized
Standards for Security: ITU X.800 and IETF RFC 2828 • Authentication • Access Control • Data Confidentiality • Data Integrity • Nonrepudiation • Availability Service
Encryption Digital Signature Access Control Data Integrity Authentication Exchange Traffic Padding Routing Control Notarization Trusted Functionality Security Label Event Detection Security Audit Trail Security Recovery Standard Security MechanismsITU X.800 Non-trivial
“Legacy” Videoconference Security (H.320) • Used leased telephone line (ISDN) lines – you were buying your own private circuit • No IP connection used • Expensive • “Nailed Down”, not reconfigurable.
Basic Security Concerns (H.323 and SIP) • Remote management interfaces: • use strong password for remote logins (Tandberg alone in offering SSL) • Turn off streaming • Disable FTP, HTML, Telnet and SNMP functions • Disable Viavideo web interface by clearing password • Watch for security patches and update systems immediately.
Downside of basic security…. • Usually breaks ability for video support organization to monitor/manage your systems • Makes it harder to update software (no FTP) • Solution: put systems behind a firewall
Firewalls and NATs • Found especially in medical centers • Firewall: Blocks incoming network traffic • Network Address Translator (NAT): Hides your network addresses so they can’t be reached from outside • For videoconferencing, these protections become OBSTACLES to overcome (securely, of course!)
Encryption • For total privacy, encryption is needed. • All encryption methods are designed to protect data in transit, so that it is readable only at the source and destination • Some encryption methods are tied to user authentication, so that you are assured of who the data came from and that it can be read only by the intended recipient
Encrypt End-to-End or per Link/Hop? * • End-to-End approach encrypts at source and decrypts at destination • Good news: can’t be read in the middle • Issue: routers need to read addresses. Data is secure, destination address is not. • Per Link/Hop Encryption: decrypt/encrypt at router • More time consuming (increases latency) • Unencrypted data at router is vulnerable • It is possible to use both approaches simultaneously • Overhead includes increased bandwidth and latency
Where to encrypt? • Encryption managed by the application • Encryption managed near transport layer • Encryption managed in the network layer • By design, each layer is unaware of what occurs at other layers APPLICATIONS TRANSPORT (TCP/UDP) NETWORK (IP) Data Link (hardware address) Physical Layer (wires)
Virtual Private Network (VPN) IPSec • Capable of encrypting/authenticating ALL data at the IP layer • Transparent to applications (no changes needed) APPLICATIONS TRANSPORT (TCP/UDP) NETWORK (IP) Data Link (hardware address) Physical Layer (wires)
Secure Socket Layer (SSL) APPLICATIONS • Created and torn down on a per-session basis • Frequently used on web servers – https:// • Transparent to the application • Note: over TCP only SSL / TLS UDP TCP TRANSPORT NETWORK (IP) Physical Layer (wires)
Application Specific Encryption Examples • E-Mail • S/MIME • PGP • Kerberos • Video / Voice ???? APPLICATIONS TRANSPORT (TCP/UDP) NETWORK (IP) Physical Layer (wires)
Does the videoconferencing application do encryption? • Not really • Standards exist (next speakers) • Not implemented in the market • Certain vendors offer proprietary use of standard encryption algorithms and claim to have a “standards-based solution” BUT no inter-operability (Tandberg, VCON)
Encryption political issues • Encryption software is slow; Encryption hardware is expensive and increases the cost of the product • Encryption algorithms may be covered by patents and use requires licensing (eg: RSA) • Encryption algorithms may be subject to export control (eg: DES)
Let’s Consider the videoconferencing application Hop to HopCommunication End-to-EndCommunication Model for both H.323 and SIP architectures
Things to notice in the model • SIP Call Control is over TCP • H.323 Call control is UDP at ends and TCP in the middle • Media streamS – separate voice, video, data, etc. Perhaps two video streams (one in each direction) • UDP precludes use of SSL
Review: • Encryption can be done with IPSec, SSL or by Application • No application-layer encryption for VC • No SSL for VC due to UDP • Guess that leaves IPSec and “clever hacks”
Let’s place the model in a university medical center • Videoconferencing uses dynamic ports – BLOCKED • Outside calls coming in – BLOCKED • Willingness to reconfigure firewall - NONE
One approach to secure videoconferencing today Unencrypted here “Secure Telemedicine Utilizing State-Wide Internet” NIH-SBIR Phase 1. Jim Chamberlain, AZ Technology. Julie Harper, Jill Gemmill UAB.
PRO Very inexpensive if you already own the firewall Relatively simple to install and operate Requires cooperation of firewall management CON Requires remote VC station that can load VPN client software Suitable for fixed point to point only Requires cooperation of firewall management VC station must be able to send VPN IP address, not its own Pros and Cons
Pros and Cons PRO • Can be installed at departmental level • Works with “appliance” VC units like Polycoms CON • VC units must be able to send VPN IP address as reply address rather than their own • Added expense of firewall/VPN units • Fixed locations only
IP Freedom Solution Encryption Module Announced & due in market shortly Works with SIP and H.323 Call Servers
Pros and Cons PRO • Extremely easy to install; no need to contact network staff • Flexible connectivity • Available as an I2 Commons service • Transparent to end users • Works for both SIP and H.323 • Client software is free • Supports mobile users CON • Expensive • Encryption module : more expensive • Licensing is based on number of concurrent users; number shrinks with bandwidth used, and encryption • Proprietary technology (but only need one!) “Clever hack”
Other gotcha’s • If your campus has a bandwidth manager (Packeteer-type device) your VC multimedia may be mistaken for annoying video/music and have its bandwidth limited • Result – can degrade or terminate VC session
Action Items ? • Collect “Best Practices” for Secure Videoconferencing? • Feedback to I2/federal agencies on importance of Application-layer security for video/voice applications • Other ?
Acknowledgments “ViDe.Net: Middleware for Scalable Video Services for Research and Higher Education” NSF ANI-022710 (Gemmill, Chatterjee, Johnson) “Alabama Internet2 Middleware Initiative”, NSF EPSCoR, EPS-0091853 via UA-01-016) (Shealy, Gemmill) “Secure Telemedicine Utilizing State-Wide Internet” NIH-SBIR Phase 1. Jim Chamberlain, AZ Technology. Julie Harper, Jill Gemmill UAB. Any opinions, findings or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.