1 / 19

SIP Security & the Future of VoIP

SIP Security & the Future of VoIP. Nate Klingenstein APAN 26 Queenstown August 5, 2008. http://people.internet2.edu / ~ndk/apanSIP.pdf. Securing SIP. The threats The existing protocol’s problems Attempted solutions Skype for comparison Next steps. The Threat Model.

oleg-burch
Download Presentation

SIP Security & the Future of VoIP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIP Security & the Future of VoIP • Nate Klingenstein • APAN 26 Queenstown • August 5, 2008 http://people.internet2.edu/ ~ndk/apanSIP.pdf

  2. Securing SIP • The threats • The existing protocol’s problems • Attempted solutions • Skype for comparison • Next steps

  3. The Threat Model • A lot like any other network application’s problems • Denial-of-Service (DoS) attacks • Eavesdropping / Man in the Middle • Spoofing, replay, spam (SPIT) • Poor authentication, authorization • Demonstrated attacks

  4. Are these threats hypothetical? • Security must always be pragmatic and proportional • http://www.loria.fr/~nassar/readme.html • http://www.voipsa.org/Resources/tools.php • Human faces and voice recognition do provide limited authentication & protection

  5. Enterprise Middleware • Many universities and companies manage information about their members • Directories, databases • Applications use these data for better security, auditing, user services • Large benefits for enterprise webapps

  6. Specific Problems • Authentication: HTTP digest, basic • Realm-specific • Traffic unencrypted • Trust between realms and proxies poor • Disconnected from identity management infrastructure

  7. Possible Solutions • Look a lot like the solutions for other old protocols: • Hack security into an old protocol • Firewall everything • Accept that SIP is too difficult to secure

  8. Security Attempts • Many tries with varying success • New RFC’s, internet-drafts • Integration with RADIUS, TLS authentication • Integration with directories • Improved deployment practices

  9. Inter-Realm SIP SIP Proxy Bob on a desktop With a SIP VC-UA Alice on a desktop With a SIP VC-UA SIP Proxy INVITE If Bob is valid, Forward INVITE Realm CGU.EDU Can I trust you? Realm: Microsoft.com Sure, I belong to the same club Invite from Bob 180 Ringing 180 Ringing 180 Ringing 200 OK SURA/ViDe 4th Annual Workshop

  10. SAML + SIP • Attempt to fix three major problems • Authentication methods • Realm trust • Connection to infrastructure • internet-drafts were written to make a SAML MIME on the invite, but failed

  11. Firewall Everything • Private networks • VPN • IDS/IPS • TLS/IPSec • Dedicated hardware devices • STUN & TURN

  12. Issues with Firewall Everything • Cross-realm trust not addressed • Possibly multiple interfaces and/or devices with private network • One more step towards Internet quarantine...

  13. Securing SIP • A combination of approaches is necessary • Network-level protection • Federated trust • Middleware integration • Phones and other hardware make modification more difficult

  14. VoIP Higher Ed Security Survey Which VoIP Securitymechanisms do[n’t] you use? • Use of IPS between VoIP network and data IP network. • Use of IDS between VoIP network and data IP network. • Use NAC (network access control) such as 802.1X and RADIUS to authenticate hard phones. • Softphones require the use of the separate VoIP network (physical LAN, VLAN, subnet address, etc.) from the data IP network. • Softphones are allowed with IPSEC transport mode. • Softphones are allowed with IPSEC VPNs. • Use NAC (network access control) such as 802.1X and RADIUS to authenticate hard phones. • Allow NAT traversal via STUN or TURN Internet proxies. • Provide separate dedicated bandwidth for VoIP traffic to the Internet.

  15. VoIP Higher Ed Security Survey

  16. The Skype Model • Proprietary, decentralized protocol • RC4 encryption • Firewall and NAT detection, agility • Central login server, hashed • SIP used by SkypeOut/SkypeIn with PSTN interconnections; gateways to SIP phones

  17. Can SIP Learn from Skype? • TLS/IPSec offer good encryption • Authentication over TLS (digest/PKI/SAML) is good • Bandwidth, centralization not big problems • The world has no central login server • Cross-domain trust not solved

  18. Conclusions • SIP needs a lot of attention to be secure • Existing ideas can address some shortcomings • Some efforts stopped • No central work combining all efforts • Some attacks don’t have cost-effective solutions

  19. Questions? • http://www.internet2.edu/sip.edu/ • ndk@internet2.edu

More Related