140 likes | 320 Views
The study and demonstration on SIP security vulnerabilities. Mahidhar Penigi Vamsi Krishna Karnati. Introduction. Session Initiation Protocol, is a text based protocol S ignaling protocol to initiate, manage and terminate voice sessions BICC, H.323, MGCP and MEGACO
E N D
The study and demonstration on SIP security vulnerabilities MahidharPenigi Vamsi Krishna Karnati
Introduction • Session Initiation Protocol, is a text based protocol • Signaling protocol to initiate, manage and terminate voice sessions • BICC, H.323, MGCP and MEGACO • SIP is very similar to HTTP • For secure SIP transmissions SIP secure (SIPS) is used • SIP establishes and terminates a session in a series of handshakes (Illustrated in the next slide)
The three way handshake http://www.packetizer.com/ipmc/sip/papers/understanding_sip_voip/sip_call_flow.png
Major drawbacks of SIP • SIP does not have inbuilt security Elements like: • Encryption Authentication, and Confidentiality have to deployed a another layer for additional security in SIP • Encryption: Malicious users and hackers are easily able to intercept and decode SIP messages retrieved using the simple networking tools/softwares. • Authentication: • It is not very simple for an unauthorized user to be traced down without additional layers of security. • Due to this IP spoofing could be performed to enter the network and by replacing another device with the same IP and kicking it out of the network. • This user is then authenticated within the SIP network since authentication schemes come as a part of an external solution and is not inbuilt
SIP message protection is also required • Protecting content exchanged between two user or end devices during any kind of exchange over an IP network is called message protection • Very important for end to end voice delivery to be reliable and secure to avoid a major section of attacks that are classified by the attacker being able to recognize and understand an ongoing target session
Attacks due to lack of encryption • Malformed message attacks • Message Tampering http://blogs.ixiacom.com/default/assets/Image/SIP_fuzzing_attack.gif
Attacks due to lack of authentication • Denial of service attacks • IP spoofing • IP address of an authenticated device is borrowed temporarily to utilize the services of the network, this is not authorized Computer.howstuffworks.com
Attacks due to lack of authentication • Man in middle attacks, Eavesdropping and Registration Hacking
Other Attacks • Proxy Impersonation is where the attacker claims the identity of the proxy server taking temporary control over all ongoing sessions (voice) and devices interacting with it http://www.asteriskdocs.org/en/2nd_Edition/asterisk-book-html-chunk/figs/web/ast2_0801.png
The solution for better security • A Telephony Solution that is need based is often deployed over SIP to take care of the general security issues mentioned earlier • TCP/IP rather than UDP for SIP • Even though most SIP deployments are a compromise in infrastructure when additional security is required • SIP is going to be accompanied with some kind of a TLS as well • Raw UDP transport method with ZRTP could also keep most hackers and attacks away
PACKET TRACER 5 • Network simulation Program provided by CISCO. • It helps to learn complex Technology concepts. • Unlimited Devices can be added into a network for demonstration. • Cisco certified tool for learning complex networks.
Demonstration of Attacks: Packet Tracer 5.0 • IP spoofing • Registration Hacking • Denial of Service due to Packet flooding
Conclusion • Now specially with the advent of VoLTE, that provisions for a higher level integration between the PSTN, IMS and VoIP networks is higher, and a small loophole in one segment of one of the voice based networks could eventually lead to a bigger threat for the larger VoLTEsystem in place. SIP is one such loophole and it is very necessary to recognize, understand and prevent the issues pertaining to Session Initiation Protocol (SIP) and hence deploy a better network with better security standards.
References • www.voip-info.org/wiki/view/SIP+security • download.securelogix.com/library/SIP_Security030105.pdf • http://backtrack-linux.org