1 / 29

VOIP Security in IC (TLS/SRTP)

VOIP Security in IC (TLS/SRTP). Amjed Syed. Agenda. Part1: VOIP Security in IC 3.0 Need for VOIP Security Securing SIP, RTP (Understanding TLS/SRTP) Implementing TLS/SRTP in IC Part 2: Demonstration on Implementing VOIP Security Implementing TLS/SRTP on below devices Polycom Phones

hyacinth-robertson
Download Presentation

VOIP Security in IC (TLS/SRTP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VOIP Security in IC (TLS/SRTP) Amjed Syed

  2. Agenda • Part1: VOIP Security in IC 3.0 • Need for VOIP Security • Securing SIP, RTP (Understanding TLS/SRTP) • Implementing TLS/SRTP in IC • Part 2: Demonstration on Implementing VOIP Security • Implementing TLS/SRTP on below devices • Polycom Phones • SIPLines • Mediant 1000 Gateway • SIP Proxy 4.0 • Using wireshark to Troubleshoot TLS/SRTP

  3. Security Issues in Data Transmission Privacy Anyone can read the content Integrity Someone can alter the content Authentication Not clear whom you are communicating to

  4. Securing Communication through SSL Security Feature enhancements in IC 3.0 Subsystem and Client Connection Security Network(IP) and User connection security SIP Messages and Audio(RTP) Security

  5. What is SSL/TLS SSL is cryptographic protocol that provides Security and Data Integrity for communication of TCP/IP Networks using Public/Private keys and Signed certificates. SSL Encrypts the segments of transport layer protocols in use for an end to end connection across network.

  6. SSL/TLS Implemented SSL/TLS Protocol Versions • SSL – Secure Sockets Layer Version 2.0 • Initially developed by Netscape • SSL 2.0 is sensitive to man-in-the-middle attacks leading to the negotiation of weak 40-bit encryption keys • SSL 2.0 should not be used any more • SSL – Secure Sockets Layer Version 3.0 • Internet Draft authored by Netscape, November 1996 • TLS – Transport Layer Security Version 1.0 • Successor to SSL 3.0 • IETF RFC 2246, January 1999 • TLS 1.0 is not backwards compatible to SSL 3.0 (differences in MAC computation, PRF function for master_secret and key material)

  7. SIP Messages and Audio(RTP) Security • Encrypting SIP messages via Transport Layer Security (TLS) provides an inexpensive layer of security with little overhead that prevents call control from being intercepted and attacks on audio devices. • If additional security is desired to ensure that audio cannot be intercepted or listened to, SRTP (Secure RTP) audio protocol can be used, so that even the audio transmissions will be encrypted.

  8. Understand Different SSL Components • Certificates • Public Key (Asymmetric Key) Encrytion • Symmetric Key Encryption • Hash Algorithms • PKI (Public key Infrastructure)

  9. PKI (Public Key Infrastructure) A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in a Network Communication.

  10. SSL—Using Symmetric and Asymmetric Encryption

  11. Different Encryption Algorithms that can be used in SSL • For key exchange(Public-Key): RSA, Diffie-Hellman, ECDH, SRP, PSK • For authentication(Certificates): RSA, DSA, ECDSA • Symmetric ciphers(Encryption): RC4, Triple DES, AES, IDEA, DES, or Camellia. • For cryptographic hash function(Message Hash): HMAC-MD5 or HMAC-SHA are used for TLS, MD5 and SHA for SSL.

  12. Available list of TLS Cipher suites in ICSIP-TLS Line configuration Modes of operation http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

  13. Handling threats in IC 3.0

  14. Encryption prevents eavesdroppers from understanding messages

  15. Authentication prevents eavesdroppers from impersonating IC users.

  16. SIP device establishes an SRTP session

  17. Encrypted RTP Payload

  18. Configuring TLS/SRTP : License Required

  19. Configuring Polycom Stations for TLS/SRTP

  20. Security on SIP Line Configuration • Transport Protocol • Audio Protocol • Security – TLS Security

  21. Configuring Line Certificates: Importing

  22. Configuring Line Certificates:Port-To-Certificate Mapping

  23. Signing Third Party Certificates Note: If using your own third-party CA and line certificates, you must use your own certificate signing utility to sign the third-party device.

  24. Generating Certificates Manually with GenSSLCertsU • GenSSLCertsU -s :: Generates all local server subsystems certificates. • GenSSLCertsU -c <Notifier> :: Generate client connection certificates. • GenSSLCertsU -l <CN Name or Domain Name> [-d] ::Generates a new lines certificate [-d] parameter makes it default. • GenSSLCertsU -d <Notifier> [<IC User Name>] [<IC User Password>] ] ::Request a certificate for a SIP device connection • GenSSLCertsU -r <Notifier> [<IC User Name>] [<IC User Password>] ::Requests a remote IC Server for subsystems connection certificate

  25. Question?

  26. Demonstration Part2: Demonstration • Implementing TLS/SRTP on below devices • Provisioning Polycom Phones • SIPLines • Mediant 1000 Gateway • SIP Proxy 4.0 • Using wireshark to Troubleshoot TLS/SRTP

  27. Demo Setup

  28. Typical SIP Call setup scenario

  29. Thank You

More Related