1 / 49

TOI Unity 5.0(1)

TOI Unity 5.0(1). TOI Unity 5.0(1). TOI for Secure Messaging. Erich Von Normann Unity Development evonnorm@cisco.com. Introduction to TOI for Secure Messaging.

elan
Download Presentation

TOI Unity 5.0(1)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TOIUnity 5.0(1)

  2. TOIUnity 5.0(1) TOI for Secure Messaging • Erich Von Normann • Unity Development • evonnorm@cisco.com

  3. Introduction to TOI for Secure Messaging • Unity 5.0(1) extends the Confidential Messaging feature that was introduced in Unity 4.0(5), by allowing all messages to be secured and accessible over the TUI, VMO, and Unity Inbox. • It is an important feature which involves many Unity components, and it is critical that Cisco TAC understands how it works and knows how to support it. • This module will include detailed descriptions of the purpose for Secure Messaging, how it works, and how to troubleshoot and support it.

  4. Module Objectives • After completing this module you will be able to: • Describe the purpose of Secure Messaging and understand why we designed it the way we did • Describe the related feature of Message Aging • Describe which Unity components are affected by the feature and the role of each component in the feature • Describe the current limitations of Secure Messaging • Describe the AD Schema Extensions associated with Secure Messaging and Unity 5.0 • Troubleshoot customer problems with Secure Messaging

  5. Agenda • Purpose of Secure Messaging • Technical Details of the Design • Instructions on Troubleshooting • Demos of diagnostics

  6. Intent of Secure Messaging What is the purpose of this feature? • Make it as difficult as possible for Unity subscribers to do the following: • Accidentally or intentionally forward voicemail messages to third parties outside the messaging system. • Accidentally or intentionally violate a customer’s voicemail retention policy. • There have been a number of cases where an employee of a company accidentally or intentionally forwarded a confidential voicemail outside the company. • Preventing that from occurring is a key feature for many large companies, particularly in the financial sector.

  7. Design of Secure Messaging How does the feature meet these goals? • Unity encrypts the audio data in a voicemail message in such a way that access to a private key stored on the Unity server is required before the message can be decrypted and played. • If a subscriber forwards a voicemail message outside the Unity organization, it will not be decryptable, so the recipient will not be able to play it back. • The only methods that a subscriber can use to decrypt and play back secure messages are the Unity TUI, VMO, and Unity Inbox. • Other clients will not know how to decrypt the audio and will instead play back a decoy message which explains that it’s a secure message and will not be decrypted. • Secure Messaging is configured for the sending subscriber (not the receiving subscriber), and for messages from outside callers; if a site wants all secure, they can configure that via Bulk Edit

  8. Message Aging What is it and why is it needed? • Message Aging refers to putting a time-bomb on a message, so that after a configurable period has passed, the message contents cannot be retrieved • Many companies have a message retention policy, and must comply with regulations such as Sarbanes-Oxley (SOX) • Messages can be downloaded to a client such as Outlook and it’s very hard to control deletion of such messages • Also, even messages in Exchange may not actually get deleted when an admin expects

  9. Message Aging & Secure Messaging What is the link between these two features? • Unity implements Message Aging on top of the Secure Messaging infrastructure • When Message Aging is enabled, the Unity server will create a new public/private key every day, and also delete the oldest private key from the system • This deletion of the private key is what renders a message undecryptable, and thus unable to be played back • Please note the following: • Message Aging will only apply to secure messages • Message Aging is disabled by default • Message Aging is granular to the nearest day, which means all messages recorded on a given day will expire at the same time

  10. Introduced in Unity 4.0(5) Only private messages can be encrypted Messages can only be encrypted and decrypted using the Unity TUI Limited support for secure messages with VM Interop and remote locations Public/Private Keys must be managed manually, which makes Message Aging difficult to manage Introduced in Unity 5.0(1) Encryption for each user is All, Private-Only, or None Messages can also be encrypted and decrypted using VMO and Unity Inbox Enhancements to secure messaging for VM Interop and remote locations A new Unity service creates and deletes Public/Private Keys and thus enables Message Aging. Confidential vs. Secure Messaging Confidential Messaging Secure Messaging

  11. Interoperability with earlier versions • Secure messages recorded in Unity 5.0 store the session keys in a different format than do confidential messages in Unity 4.x • This change was made to greatly speed-up the decryption of the session key during playback • By default, secure messages from Unity 5.0 save the session keys in both the Unity 5.0 & 4.x formats, so that if a site has a mix of versions, Unity 4.x can play messages from Unity 5.0 (TUI only) • Similarly, Unity 5.0 can handle messages from a Unity 4.x server, and can play them back over the TUI or a PC Client • If a Unity 4.x sub installs VMO from Unity 5.0 on their Client PC, they will not be able to play secure messages, since VMO asks Unity to decrypt the session key and Unity 4.x can’t do that • If a site has only Unity 5.0, then for efficiency they can disable the function to save session keys in both 4.x & 5.0 formats via the Advanced Settings Tool (AST)

  12. Limitations of Secure Messaging • Secure Messaging works only with Unity integrated with Microsoft Exchange, not with Lotus Domino • Secure messages can only be recorded and played back using the Unity TUI, VMO, and Unity Inbox • Support for CUPC and other Cisco clients is on the roadmap for the 2008 Unity release, but we have not yet EC-ed • Secure messages sent to and received from remote locations (such as 3rd party VM systems) have several configuration options • Secure Messaging enforces that messages can only be played back by someone within the Unity organization, but it does not check whether the user is an intended recipient, just that the user is authenticated

  13. Limitations of Message Aging • Message Aging is configured system-wide • Sites with multiple Unity servers must set it on each server • Cannot be configured differently for messages sent from different subscribers or on individual messages • Key pairs are deleted based on count of active keys, not number of days (usually the same, but not always); Example: • A site has Secure Messaging, but not Message Aging • After 10 days, sets Message Aging to 30 days • No keys are deleted until 30 days pass, so the oldest messages will have been around for ~40 days • If a subscriber is out of the office for an extended period, a message may expire while it is still unread • System behavior can be odd with Message Aging of 1-2 days

  14. Secure Messaging & Unity Connection • Unity Connection 2.0 supports Secure Messaging, but it’s quite different from (and simpler than) Unity 5.0’s feature: • Unity Connection has its own on-box message store, rather than an external message store like MS Exchange • Unity Connection doesn’t support secure messages to 3rd party clients and only to Cisco clients that do not keep local copies • Unity Connection employs an Appliance Model, which means that system access is very restricted • Because of these differences, Unity Connection is a Closed Messaging System, and it does not need to Encrypt messages in order to Secure them or impose Message Aging • A thorough discussion of Unity Connection’s Secure Messaging feature is beyond the scope of this presentation

  15. Unity Secure Messaging Components • New Components • CuMessageAgingSvr – New service to manage keys and certificates, including expiration of old certificates • CuSessionKey – Runs inside AvMMProxySvr service, and handles encryption/decryption of Session Key for TUI & Clients • Modified Components • Miu / AvWav – Does decryption-on-a-stream during playback (previously, TUI decrypted entire message before playing) • VMO & Unity Inbox – Plays & records secure messages • Voice Connector – Handles encryption of incoming messages and decryption of outgoing messages • WavCrypt – Provides encryption/decryption services to other components, enhanced for Client/Server functionality

  16. Details of Design (CuMessageAgingSvr) • A new Unity service (CuMessageAgingSvr) manages the keys • It will create a Public/Private Key pair. If Message Aging is enabled, this happens once per day at 12 AM GMT, at which time it also deletes the oldest Private Key • It will store the new Public Key in a local MS Access database (\Commserver\CertData\CERTData.mdb). If Message Aging is enabled, the Public Key corresponding to the Private Key that was deleted will be marked as deleted • It will also publish the Public Key to AD, where other Unity servers in the forest will sync it down and store it in their SQL Servers table; only the most recent Public Key from each server will be stored in SQL – the older one will be overwritten • Replaces & supercedes the old AssignConfCert utility from previous versions of Unity, and also migrates older 4.x keys from the registry to the Access database.

  17. Details of Design (TUI Encryption) • Here’s how a secure message is encrypted from the TUI: • A new Session Key is created for each secure message • The Session Key is used to encrypt the audio data, which is then stored in the message’s wave file • A new Unity component called CuSessionKey is called to encrypt the Session Key • The Session Key is encrypted using the Public Key of each Unity server, which is stored in SQL • This list of Encrypted Session Keys is also stored in the wave file. • The decoy message is also stored in the wave file in such a way that 3rd party media players will play it rather than the encrypted audio

  18. Details of Design (TUI Decryption) • Here’s how a secure message is decrypted from the TUI: • The list of Encrypted Session Keys is extracted from the message’s wave file and passed to CuSessionKey • It determines which Encrypted Session Key in the list was encrypted using its Public Key on the sending Unity server • It then checks if that Public/Private Key has been deleted • If so, it returns an error to the TUI, which plays a prompt notifying the subscriber that the message is expired • If not, it uses the Private Key to decrypt the Session Key, passing this Decrypted Session Key back to the TUI • The TUI uses the Decrypted Session Key to decrypt the audio and play back the message • The Miu & AvWav can decrypt & playback one chunk at a time, rather than decrypt all chunks before playback can start

  19. Details of Design (Client Encryption) • Here’s how a secure message is encrypted in VMO / Unity Inbox: • On the Client PC, a new Session Key is created • Still on the Client PC, this Session Key is used to encrypt the audio data, which is then stored in the message’s wave file • The Client PC makes a secure RPC connection to the Unity server’s CuSessionKey component to encrypt the Session Key • On the Unity server, the Session Key is encrypted using the Public Key of each Unity server, which is stored in SQL • This list of Encrypted Session Keys is passed back to the Client PC via secure RPC, which stores it in the wave file. • The decoy message is also stored in the wave file in such a way that 3rd party media players will play it rather than the encrypted audio

  20. Details of Design (Client Decryption) • Here’s how a secure message is decrypted in VMO / Unity Inbox: • On the Client PC, the list of Encrypted Session Keys is extracted from the message’s wave file and passed via secure RPC to the Unity server’s CuSessionKey component • It determines which Encrypted Session Key in the list was encrypted using its Public Key on the sending Unity server • It then checks if that Public/Private Key has been deleted • If so, it returns an error to the Client PC, which tells the subscriber that the message is expired • If not, it uses the Private Key to decrypt the Session Key, passing this Decrypted Session Key back to the Client PC via Secure RPC • The Client PC uses the Decrypted Session Key to decrypt the audio and play back the message

  21. Details of Design (VM Interop) • Secure Messaging separates private and secure message flags • For secure messages sent to VPIM, Bridge, or AMIS locations: • Decrypt All – All secure messages are decrypted and sent • Decrypt Non-private – All non-private secure messages are decrypted and sent, while private messages are NDR-ed • Decrypt None – All secure messages are NDR-ed • For messages received from VPIM or Bridge locations: • Encrypt All – Accept all messages & encrypt them all • Encrypt Private – Accept all messages & encrypt private only • Encrypt None – Accept all messages & leave all unencrypted • Note: Messages received from AMIS locations are not encrypted (Due to limitations in the AMIS protocol, the time to implement this was not worth our investment)

  22. Details of Design (VM Interop, cont.) • IVC now includes its own CuMessageAgingSvr and an Access database for storing certificates • New Trusted Internet Subscribers and Trusted Internet Locations: • Problem: Messages sent to Internet Subscribers go directly through Exchange, so IVC can’t decrypt secure messages, so Internet Subs will always hear the decoy message • Solution: Messages sent to Trusted Internet Subscribers go through IVC, so messages are decrypted before sent • Trusted Internet Locations have same settings as VPIM – Decrypt & Send All, Non-private, or None • Note that Blind Addressing to Trusted Internet Subscribers is not supported

  23. AD Schema Extensions • Unity 5.0 extends the Active Directory Schema in several ways • We made an effort to extend it in such a way that future Unity versions can add new data items to AD without another schema extension (hopefully) • There are several new AD attributes that are not yet used, but are intended to provide a framework for future changes • One of these new AD attributes stores a subscriber’s message encryption setting for messages sent from that subscriber – whether Unity encrypts all, private only, or none.

  24. AD Schema Extensions – Details • There are 3 new AD Attributes that are intended be lists of name:value pairs, which will allow new data items to be added in the format name1:value1; name2:value2; etc… • cisco-Ecsbu-Unity-Attributes: for non-indexed name:value pairs; Encryption:[0|1|2] is the subscriber encryption setting, with 0=None, 1=Private Only, and 2=All • cisco-Ecsbu-Unity-Attributes-Indexed: for indexed name:value pairs; not currently used • cisco-Ecsbu-Unity-Attributes-Encoded: for name:value pairs that will be stored encoded; not currently used • There is a new aux class called ciscoEcsbu-UM-Attributes for these attributes, which is now supported by the User, Group, Contact, and Location objects

  25. AD Schema Extensions – Site Object • Unity 5.0 also introduces the concept of a Site Object, which will be used to store site-wide data, called ciscoEcsbu-UM-Site, and it has the ciscoEcsbu-UM-Attributes aux class • Currently do not store any data site-wide, but might in the future • Contains the new cisco-Ecsbu-UM-Schema-Version attribute, which designates the minimum Unity version for any server in the site, so a Unity can decide if it needs to be backwards-compatible • The intent is for any settings that should be the same for all Unity servers in an organization to be stored in one place • Some examples are Message Aging policy, Outside Caller Encryption settings, and lots of the AST settings • This implies that there would also be a site-wide SA/Config tool • Work to move settings to Site Object is not yet committed, but at least the AD Schema won’t need to be extended if we do it

  26. Tools Updates for Secure Messaging • Several Unity Tools have been updated for Secure Messaging: • Bulk Edit, CUBI, DiRT, DBWalker, GUSI, and others support the new subscriber encryption setting (encrypt all, private, or none), and also Trusted Internet Subscribers and Locations • DiRT also supports exporting and importing the public and private keys from/to the Access database and OS store • These keys can also be imported to a different Unity server, which means that if a site adds a new Unity later (perhaps a Failover server), then subs moved to that server can still listen to secure messages sent to them on the old server • Sites must be careful to delete old backups, since if they restore the keys, then previously expired messages will again be decryptable and thus can be played again!

  27. Secure Messaging Setup & Config • Please consult the Securing Subscriber Messages chapter in the Security Guide for Cisco Unity for detailed instructions • Here are a few possible setup/config mistakes to look for: • Active Directory and Account permission problems – would prevent public keys from getting to other Unity servers • IP Port 5050 blocked – default port on Unity server for Client PCs to ask it to encrypt/decrypt session keys • Inconsistent message aging policy – make sure that all Unity servers & IVCs have the same policy; it must be configured on each server, there isn’t a site-wide parameter • Problems with secure messages to/from remote subscribers – make sure IVC is configured for Secure Messaging, and that the delivery location is properly configured in Unity SA

  28. Secure Messaging Troubleshooting • Please consult the Secure Messaging section of the Troubleshooting Guide for Cisco Unity 5.0 • Make sure that unsecured messages are working correctly, so that you’re troubleshooting the right issue! • Make sure that the certificates for the Unity/IVC server are in CertData.mdb (and if Message Aging is enabled, make sure the count is correct) and in the OS store • Make sure that the public keys for all Unity servers are in the SQL Servers table, and for IVC, make sure that the public keys are in Active Directory (it goes directly to AD rather than SQL) • Make sure that CuMessageAgingSvr is running (should be by default) – if it crashed, won’t create new keys and age/delete older ones

  29. Viewing Certs in the OS Store • To view the Certificates in the OS Store, use the Certificates MMC snap-in for the Local Computer (aka Computer Account) • To get details on a Certificate, right-click it and select Open

  30. Viewing Certs in the Access DB • To view the Certificates in the Access DB, copy \Commserver\CertData\CertData.mdb to a computer with Microsoft Access and open it. • Sort the list by the Index column – you’ll see the Serial Number, the encoded Certificate (Access may truncate it since it’s a large data item), and whether it’s been deleted (expired)

  31. Viewing Certs in Active Directory • To view the Certificates in AD, run ldp.exe • Run File\Bind with an admin account & then run View\Tree • Expand the root node, the Domain Controllers node, and then select the Unity system • The encoded Certificate is in ciscoEcsbuUMLocationObjectId

  32. Viewing Certs in SQL Servers table • To view the Certificates in SQL, run SQL Query Analyzer • Using the UnityDb, run “select * from servers” • A list of all Unity & IVC servers should be the result • For each server, you’ll see the encoded Certificate in the EncryptionPublicKey column (SQL Query Analyzer might truncate it since it’s a large data item)

  33. Troubleshooting for VMO & Unity Inbox • Make sure account credentials can access CuSessionKey • VMO – Configurable via Tools\Viewmail Options\SM Tab • Unity Inbox – Local account’s credentials • Unity Inbox with IE 6 or 7 – first time CPCA is loaded on Unity 5.0, set “Download unsigned ActiveX Controls” to Prompt, so that you can install the MediaMaster Control (can disable afterwards) • VMO 5.0 does not support offline playback of secure messages! • By design – must access Unity server to decrypt session key • VMO 5.0 has a setting to support offline composition of messages • “Force Messages Secure”, customized in ViewMail.msi • 0 (Default) = Don’t ask Unity to encrypt, send unsecure • 1 = If can’t reach Unity, require to save & send secure later • 2 = If can’t reach Unity, give user the choice

  34. Throttle for VMO Connections • Unity puts a throttle on the number of VMO Clients that may ask for session key encryption and decryption simultaneously, so a large number of connections doesn’t use too many CPU cycles • Only throttles requests to encrypt/decrypt session keys, not the encryption/decryption of the audio on the PC Client itself • If VMO gets a server-busy, it retries for up to 3 seconds • The throttle is set at 15 simultaneous connections, which was based on testing on a 7815 server – a sustained load of 15 connections added ~25% CPU load • Sites might want to allow more simultaneous VMO connections if subs get server-busy messages when Unity CPU% is low • The BU does not yet have hard data on how many should be allowed for more powerful servers, so if a site needs to increase this, TAC will need to escalate for assistance. • CPCA & Unity Inbox are already throttled via an AST setting

  35. Secure Messaging Diagnostic Traces • In Unity Diagnostic Tool, there are new macro traces for Secure Messaging, in 3 different categories: • Message Aging Service – traces for CuMessageAgingSvr, which will appear in diag_CuMessageAgingSvr_*.txt • Encryption & Decryption (High Level) – traces for the Conversation & Miu portions of the feature, which will appear in diag_AvCsMgr_*.txt • Encryption & Decryption (Low Level) – traces for WavCrypt and CuSessionKey, which will appear in diag_AvCsMgr_*.txt and diag_AvMMProxySvr_*.txt, respectively • There are additional micro traces for CuSessionKey, which can be enabled separately in UDT if needed

  36. Secure Messaging Diagnostics (cont.) • To enable traces for the Voice Connector (IVC), set the Voice Connector logging level to 5 (Function) on the IVC, and the Secure Messaging traces will appear in the standard diag file • To enable traces on a Client PC for Secure Messaging issues with VMO or Unity Inbox: • Create the following registry keys at HKEY_CURRENT_USER\ Software\Cisco Systems\Cisco Unity\Media Master: Trace, TraceRPCAPI, and TraceWavCrypto, and set all 3 keys to 1 • Run a tool like DbgView.exe (from sysinternals.com) on the Client PC to capture the traces • Set the above keys to 0 (or delete them) to disable traces

  37. Log of TUI Encryption (AvCsMgr) Encryption begins 15:00:33:734 Starting to encrypt the message on line 1488 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp ... 15:00:33:765 Encryption Engine Initialized on line 1516 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp 15:00:33:796 WavCryptoCreateSessionKey(...) ... 15:00:33:796 WavCryptoCreateSessionKey(...) - 00000000 15:00:33:797 WavCryptoEncryptWithSessionKey(...) ... 15:00:33:906 WavCryptoEncryptWithSessionKey(...) - 00000000 // - This is when CuSessionKey code is executing -- see diag_AvMMProxySvr! 15:00:34:218 WavCryptoSetKeyHeaders(...) ... 15:00:34:218 WavCryptoSetKeyHeaders(...) - 00000000 15:00:34:219 Encryption Process Complete on line 1942 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp 15:00:34:312 Encrypted Stream was copied into the message on line 1950 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp ... 15:00:34:313 Message property AVP_IS_ENCRYPTED set to TRUE on line 1308 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp ... 15:00:34:468 Message data comitted on line 1429 of file E:\Views\CU5.0.0.294\un_Core2\ConversationEng\AvStateSvr\AvSMsgSend.cpp Succeeded CreatingSession Key Succeeded EncryptingAudio Data See next slide Succeeded SavingEncrypted Session Keys Committed Messageto Exchange

  38. Log of TUI Encryption (AvMMProxySvr) RPC Binding & Authorization 15:00:33:938 RpcServerIfCallback - BindString[ncalrpc:LT-2708[CuSessionKeySvr]] SecurityContext[EVONNORM\UnityMsgSvc] ... 15:00:33:937 RpcServerIfCallback - Authorized context: EVONNORM\UnityMsgSvc - Allowing access 15:00:33:938 EncryptSessionKeys received incoming RPC call ... 15:00:34:015 GetUnityServerInfo - Executing query select Alias DirectoryId EncryptionPublicKey from vw_servers where EncryptionPublicKey is not NULL 15:00:34:016 GetUnityServerInfo - Query complete ... 15:00:34:015 GetUnityServerInfo - Server 1 - Name LT-2708 15:00:34:016 GetUnityServerInfo - Server 1 - DirectoryId 2a592d28cd7ee94b81baea9dc7a46899 15:00:34:031 GetUnityServerInfo - Retrieved 1 servers ... 15:00:34:031 WavCryptoEncryptSessionKey(...) ... 15:00:34:110 WavCryptoEncryptSessionKey(...) - 00000000 15:00:34:109 EncryptSessionKeys - WavCryptoEncryptSessionKey(eENCRYPTED_CIPHER_KEY_V1) returned: 0 15:00:34:110 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.szServerDirId to: 2a592d28cd7ee94b81baea9dc7a46899 15:00:34:125 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.SerialNum to: lwvr9yw/70GFEG3gy2I/wQ== 15:00:34:126 WavCryptoEncryptSessionKey(...) ... 15:00:34:203 WavCryptoEncryptSessionKey(...) - 00000000 15:00:34:204 EncryptSessionKeys - WavCryptoEncryptSessionKey(eENCRYPTED_CIPHER_KEY_DOWNLEVEL) returned: 0 EncryptSessionKeys begins Query SQL Servers Table Server Name & DirectoryID Succeeded Encrypting Session Key in V1 Format Writing ServerID andSerialNum to Output Param Succeeded Encrypting Session Key in DL Format

  39. Log of TUI Decryption (AvCsMgr Part 1) Finds if Unencrypted,Encrypted, or Expired 15:00:49:968 COM CAvMiuCall::GetMediaCharacteristics(...) entered. ... 15:00:49:968 Added to StreamListCache: StreamList for StreamID {C3A401E0-03E2-4892-BF22-0FE51FA302DB} (Size 1) ... 15:00:49:968 CAvMiuWave::DecryptSessionKey(...) entered. 15:00:49:969 WavCryptoFileIsEncrypted(...) ... 15:00:49:969 WavCryptoFileIsEncrypted(...) - 00000001 15:00:49:968 WavCryptoGetKeyHeaders(...) ... 15:00:49:969 WavCryptoGetKeyHeaders(...) - 00000000 // - This is when CuSessionKey code is executing -- see diag_AvMMProxySvr! 15:00:50:109 Stream 0x07187880 has MediaCharacteristics 0x00000002 (Encrypted) 15:00:50:110 CAvMiuWave::DecryptSessionKey(...) exited with success (0x00000000). ... 15:00:50:109 COM CAvMiuCall::GetMediaCharacteristics(...) exited with HRESULT 0x00000000 (S_OK). ... // - Conversation plays appropriate prompts here... Message Playback –GUID to ID StreamList File is Encrypted Extracted EncryptedSession Keys from File CuSessionKey was able to Decrypt Session Key Message Expired, Error, or Message Headers

  40. Log of TUI Decryption (AvMMProxySvr) RPC Binding & Authorization 15:00:50:032 RpcServerIfCallback - BindString[ncalrpc:LT-2708[CuSessionKeySvr]] SecurityContext[EVONNORM\UnityMsgSvc] ... 15:00:50:031 RpcServerIfCallback - Authorized context: EVONNORM\UnityMsgSvc - Allowing access 15:00:50:032 DecryptSessionKeys received incoming RPC call ... 15:00:50:031 DecryptSessionKeys - Received list of 1 keys 15:00:50:032 DecryptSessionKeys - Processing Key#1 Key DirID: 2a592d28cd7ee94b81baea9dc7a46899 Computer DirID: 2a592d28cd7ee94b81baea9dc7a46899 15:00:50:031 DecryptSessionKeys - Found key#1 as local server key 15:00:50:032 CDecryptCertCache::FindCertInCache - SerialNum —ë÷ ?ïA….màËb?Á was Found ... 15:00:50:032 WavCryptoDecryptSessionKey(...) ... 15:00:50:109 WavCryptoDecryptSessionKey(...) - 00000000 15:00:50:110 DecryptSessionKeys - WavCryptoDecryptSessionKey returned: 0 15:00:50:109 DecryptSessionKeys returned 0x00000000 DecryptSessionKeys begins Found Matching ComputerID Found Cert in Cache from Access DB Succeeded Decrypting Session Key

  41. Log of TUI Decryption (AvCsMgr Part 2) Notice that severalseconds have passed // - After Conversation plays appropriate prompts ... 15:00:55:593 COM CAvMiuCall::Play(...) entered. ... 15:00:55:593 Found in StreamListCache: StreamList for StreamID {C3A401E0-03E2-4892-BF22-0FE51FA302DB} (Size 1) ... 15:00:55:593 CAvMiuWave::Play(...) entered. 15:00:55:594 WavCryptoStoreSessionKey(...) ... 15:00:55:641 WavCryptoStoreSessionKey(...) - 00000000 ... 15:00:55:656 WavCryptoIORead (47648) ... 15:00:55:656 CryptoDecryptDataWithSessionKey(...) ... 15:00:55:656 CryptoDecryptDataWithSessionKey(...) - 00000000 ... 15:00:55:656 WavCryptoIOProc(uMessage=0) exited (47648) 15:00:55:657 MiuWave (Device 95): Play succeeded on operation WavPlay (0x00000000). 15:00:55:656 CAvMiuWave::Play() beginning WaitFor(WavStopped or StopRequested). Same StreamList ID Pass Decrypted Session Key to WavCrypt Read Data from File Succeeded Decrypting Data with Session Key Wait for Play toComplete as normal

  42. Log of IVC Message Encryption (Part 1) 14:06:10 This voice attachment will be encrypted 14:06:10 "EncryptVoiceMsg()": Enter ... 14:06:10 Refreshing the cached Public key for all the Servers. ... 14:06:10 Search String: (&(objectCategory=Computer)(ciscoEcsbuObjectType=14)(ciscoEcsbuUMLocationObjectId=*)) ... 14:06:10 Current message attachment will be encrypted with the public keys of Unity and Voice Connector server(s): EXCHINTCUTY EXCHINTPUTY1 EXCHINTPUTY2 EXCHINTSDC EXCHINTSUTY UNITY (...) ... 14:06:10 "EncryptVoiceMsg()":Found public key for 6 Unity and Voice Connector server(s). ... 14:06:10 "CAvEncrypt::EncryptWavFile(...)": Enter ... 14:06:10 WavCryptoCreateSessionKey(...) ... 14:06:10 WavCryptoCreateSessionKey(...) - 00000000 ... 14:06:10 WavCryptoEncryptWithSessionKey(...) ... 14:06:10 WavCryptoEncryptWithSessionKey(...) - 00000000 14:06:10 "CAvEncrypt::EncryptWavFile(...)": WavCryptoEncryptWithSessionKey Succeeded Message Encryption begins Retrieving Servers from AD 6 Servers in this Environment Created New Session Key Succeeded EncryptingAudio Data

  43. Log of IVC Message Encryption (Part 2) 14:06:11 GetUnityServerInfoIvc - Retrieved 6 servers ... 14:06:11 EncryptSessionKeys - allocating Key Package size of 2270 bytes 14:06:11 WavCryptoEncryptSessionKey(...) ... 14:06:11 WavCryptoEncryptSessionKey(...) - 00000000 14:06:11 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.szServerDirId to: FB2127FB07B91C47A517E04471710C7A 14:06:11 EncryptSessionKeys - Setting ENCRYPTED_KEY_V1.SerialNum to: J+7a1Hn/2ESdqJxEyGH/xg== // Repeats for other 5 servers. ... 14:06:11 WavCryptoEncryptSessionKey(...) ... 14:06:11 WavCryptoEncryptSessionKey(...) - 00000000 // Repeats for other 5 servers. ... 14:06:11 "CAvEncrypt::EncryptWavFile(...)": EncryptSessionKeys Succeeded 14:06:11 WavCryptoSetKeyHeaders(...) ... 14:06:11 WavCryptoSetKeyHeaders(...) - 00000000 ... 14:06:11 "CAvEncrypt::EncryptWavFile(...)": Exit ... 14:06:11 "EncryptVoiceMsg()": Exit Succeeded Encrypting Session Key in V1 Format Writing ServerID andSerialNum to Output Param Succeeded Encrypting Session Key in DL Format Succeeded SavingEncrypted Session Keys Message Encryption is done

  44. Log of IVC Message Decryption (Part 1) This Location allows OutgoingSecure Message Decryption 14:05:53 Current Message attachment is : Encrypted . ... 14:05:53 The Voice message is Encrypted, SENSITIVITY is NOT PRIVATE, Option Flags =0X00400444. message Decryption is allowed. ... 14:05:53 Current Message attachment =VoiceMessage.wav is Encrypted, it will be decrypted 14:05:53 "DecryptVoiceMsg()": Enter Function ... 14:05:54 WavCryptoFileIsEncrypted(...) ... 14:05:54 WavCryptoFileIsEncrypted(...) - 00000001 ... 14:05:54 "CAvEncrypt::DecryptWavFile(...)": Enter Function ... 14:05:54 WavCryptoGetKeyHeaders(...) ... 14:05:54 WavCryptoGetKeyHeaders(...) - 00000000 ... 14:05:54 GetUnityServerInfoIvc - ExecutingSearch (&(objectCategory=computer)(ciscoEcsbuObjectType=14)(ciscoEcsbuUMLocationObjectId=*)) ... 14:05:54 GetUnityServerInfoIvc - Retrieved 2 servers ... 14:05:54 GetComputerDirecoryId() - f228ef4b3d159945b88e6717404629b1 ... Message Decryption begins File is Encrypted Extracted EncryptedSession Keys from File Retrieving Servers from AD Local ComputerID

  45. Log of IVC Message Decryption (Part 2) Found Matching ComputerID 14:05:54 DecryptSessionKeys - Received list of 2 keys ... 14:05:54 DecryptSessionKeys - Found key#2 as local server key ... 14:05:54 GetAccessCertData - Searching for SerialNum: eNgEMWr+gkeWGQkTi9QG7w== .. 14:05:55 FindAccessCertData - Found data for SerialNum: eNgEMWr+gkeWGQkTi9QG7w== 14:05:55 GetAccessCertData returned 0x00000000 ... 14:05:55 GetDecryptedV1Data entered ... 14:05:55 WavCryptoDecryptSessionKey(...) ... 14:05:55 WavCryptoDecryptSessionKey(...) - 00000000 14:05:55 DecryptSessionKeys - WavCryptoDecryptSessionKey returned: 0 14:05:55 DecryptSessionKeys returned 0x00000000 ... 14:05:55 WavCryptoDecryptWithSessionKey(...) ... 14:05:55 WavCryptoDecryptWithSessionKey(...) - 00000000 14:05:55 "CAvEncrypt::DecryptWavFile(...)": WavCryptoDecryptWithSessionKey Succeeded ... 14:05:55 "CAvEncrypt::DecryptWavFile(...)": Exit Function ... 14:05:55 "DecryptVoiceMsg()": Exit Function Found Cert in Cache from Access DB Succeeded DecryptingSession Key Succeeded DecryptingAudio Data Message Decryption is done

  46. Log of PC Client Decryption Audio is Encrypted 3:18:31.764 PM IN IsWavStreamEncrypted() 3:18:31.795 PM OUT IsWavStreamEncrypted() Yes 3:18:31.795 PM IN CAvEncrypt::Init() 3:18:31.795 PM IN CAvEncrypt::InitTrace() 3:18:31.795 PM OUT CAvEncrypt::InitTrace() (S_OK) 3:18:31.795 PM OUT CAvEncrypt::Init() (S_OK) 3:18:31.795 PM IN GetUserPasswordReg() 3:18:31.795 PM OUT GetUserPasswordReg() (S_OK) 3:18:31.795 PM IN CAvEncrypt::OpenRPCConnection() 3:18:31.795 PM Enter OpenSessionKeyManager(HUJOHN-UNITY1:5050,AlexGates,hujohn-dom1) 3:18:31.795 PM TraceWriteStringW: GetBindingHandle - Created bind string(ncacn_ip_tcp:HUJOHN-UNITY1[5050]) 3:18:32.170 PM TraceWriteStringW: OpenSessionKeyManager(HUJOHN-UNITY1:5050) - Bind returned: 0x00000000 3:18:32.170 PM OUT CAvEncrypt::OpenRPCConnection() (0x00000000) 3:18:32.170 PM IN CAvEncrypt::DecryptVoiceMsg() 3:18:32.170 PM IN CAvEncrypt::DecryptWavFile() 3:18:32.170 PM IN IsWavStreamEncrypted() 3:18:32.170 PM OUT IsWavStreamEncrypted() Yes 3:18:32.233 PM WavCryptoGetKeyHeaders Succeeded 3:18:32.686 PM TraceWriteStringW: DecryptSessionKeys returned: 0x00000000 3:18:32.686 PM DecryptSessionKeys() done. (0x00000000) 3:18:32.686 PM DecryptSessionKeys Succeeded 3:18:32.842 PM WavCryptoDecryptWithSessionKey Succeeded 3:18:32.842 PM OUT CAvEncrypt::DecryptWavFile() (0x00000000) 3:18:32.842 PM OUT CAvEncrypt::DecryptVoiceMsg() (0x00000000) 3:18:32.858 PM Stream is decrypted successfully. Tries to Reach UnityServer’s CuSessionKey, Includes Credentials Succeeded OpeningCuSessionKey Succeeded GettingEncrypted Session Keys from File Succeeded DecryptingSession Key Succeeded on Audio Decryption Decryption complete,Playback begins

  47. Log of CuMessageAgingSvr Message Aging checks If it’s run yet today 08:55:25:859 Message Aging Service first run of the day. ... 08:55:25:860 Checking if key pair was already created today 08:55:26:015 No key pair created today. Creating one. ... 08:55:26:062 At max key pair of: 30 will proceed to age messages 08:55:26:140 Removing Key pair from MyStore ... 08:55:26:296 Creating a new key pair. 08:55:26:297 Creating new Key Pair. ... 08:55:26:578 Updating Active Directory with new key pair ... 09:00:25:859 Message Aging Service has already today. 09:05:25:859 Message Aging Service has already today. No key pair has been created yet today We have 30 key pairs, so must age/delete one New key pair created Publish it to AD Every 5 mins & at start-up, checks if it’s run today

  48. Reference Documents • “Securing Subscriber Messages” chapter of the Security Guide for Cisco Unity 5.0: http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html • Secure Messaging portion of the Cisco Unity Troubleshooting Guide: http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_troubleshooting_guides_list.html • Other portions of the Cisco Unity Troubleshooting Guide for AD Permissions, VMO, Unity Inbox, and VM Interop/Networking • FFS for Secure Messaging: EDCS-513331

More Related