Tulsa talk

Document Sample
Tulsa talk Powered By Docstoc
					                         A look at security
                     of Voice over IP protocols

                          Irene Gassko
                      Lucent Technologies
                        Bell Laboratories
                 Secure Technologies Department
            gassko@lucent.com           (978)960-5767



                                                    Lucent Technologies - Proprietary
27 September, 2000               1
                  Initial incentives

•   Features that customer demands
•   Money-making services
•   Market penetration
•   Cost savings

• Security is NOT on the list


                                       Lucent Technologies - Proprietary
    27 September, 2000         2
                         Lucent Technologies - Proprietary
27 September, 2000   3
Security and Reliability of
PSTN
          Old days                    Nowadays
•   Party lines                •   Privacy
•   Unreliable                 •   Reliability
•   Low quality                •   Quality of Service
•   In-band signaling          •   Out-of-band signaling
•   Vulnerable to attack       •   Hardened
•   Service theft              •   Multiple services

                                               Lucent Technologies - Proprietary
    27 September, 2000     4
                         1990
 1890




                                Lucent Technologies - Proprietary
27 September, 2000   5
                         Voice over IP

    back to Old            days               Nowadays

•   Party lines                        •   Privacy
•   Unreliable                         •   Reliability
•   Low quality                        •   Quality of Service
•   In-band signaling                  •   Out-of-band signaling
•   Add network                        •   Hardened
    vulnerabilities                    •   Multiple services

                                                       Lucent Technologies - Proprietary
    27 September, 2000             6
                  Considerations

• Whom or what do we want to protect?
• What are the threats we want to protect
  against?
• What vulnerabilities are known and what are
  suggested fixes?
• Cost of security versus cost of vulnerability.
• System is as secure as its weakest link.
• Adding new applications or upgrading
  existing ones can break existing security.
                                      Lucent Technologies - Proprietary
  27 September, 2000        7
                 Breaking points

• Algorithms
• Protocols
   Impersonation, chosen protocol attack, connection
     hijacking, ...
• Implementations
   Buffer overflows, race conditions, power and timing
     analysis, ...
• Interactions of several products
   Example: Excel, IE and E-mail reader vulnerability
• How to ensure that all implementations are broken?
                                                 Lucent Technologies - Proprietary
  27 September, 2000          8
                  VoIP Standards

• ITU-T H.323 suite
• ETSI TIPHON
• IETF SIP
    also
•   MEGACO
•   IPSec
•   TLS
•   etc
                                   Lucent Technologies - Proprietary
    27 September, 2000      9
              H.323

• H.235 Security and encryption for H-Series
  (H.323 and other H.245-based) multimedia
  terminals:
• No privacy for control traffic
• No integrity protection for data streams
• Vulnerabilities in the protocols: Flooding,
  Man-in-the-Middle, session highjacking, etc.
• No cryptographic algorithms mandated
  or recommended therefore compliant non-
  interoperable implementations are possible.
  27 September, 2000     10
                                      Lucent Technologies - Proprietary
           TIPHON

• No privacy for control traffic
• No integrity and authentication protection for
    data streams
• For signature and key encryption only one
    algorithm is required (RSA), nothing else is
    even recommended
• Unsafe adaptation of ISO 9798-3
    authentication mechanism.
• Patch-up approach to security instead of
                                    Lucent Technologies - Proprietary
    built-in
27 September, 2000      11
             Denial of Service

• Bandwidth hogging
  – QoS mechanisms
  – Feedback by backchannel
• Useless computation
  – Karn-Simpson method
  – Puzzle methodology
• Memory depletion
  – Policies
                                 Lucent Technologies - Proprietary
 27 September, 2000      12
                      SIP

• HTTP-like protocol
• Text based
• Easier to program
                   However
• Control signaling only
• Less capabilities
• Needs to interoperate with H.323

                                     Lucent Technologies - Proprietary
 27 September, 2000         13
                  Security of SIP

• An attempt to incorporate security from
  scratch
• Privacy protection of control messages
• Some protection against traffic analysis
• Many vulnerabilities in the first versions
• Denial of service
• Weak and inefficient authentication
• Too many applications
                                      Lucent Technologies - Proprietary
  27 September, 2000         14
               SIP applications

• Instant messaging
• Common Gateway Interface
• Java applets
• Java Mobile Agents
• Simple Object Access Protocol (SOAP)
• Network-capable appliances
• Other

                                  Lucent Technologies - Proprietary
 27 September, 2000       15
          Appliance networking
                protocols
•   Bluetooth
•   Jini
•   WAP
•   CAL
•   HAVi
•   UPnP
•   OSGi

                                 Lucent Technologies - Proprietary
    27 September, 2000   16
 Initial Deployment of the Telephone Network
Overhead Wires at Broadway and John Street,
                New York, 1890




                                               Lucent Technologies - Proprietary
   27 September, 2000           17
                      Conclusions

• Use time-tested public algorithms and
  protocols
• Follow established secure design
  guidelines
• Involve security experts from day one
• Limit functionality
• Audit for vulnerability at each level
• Divide and conquer
                                    Lucent Technologies - Proprietary
 27 September, 2000           18
Password derivation
vulnerability
• H.235, section 10.3.2 authentication
  exchange
• Based on ISO/IEC 9798-2 standard
• Password derivation:
   – size(Password)=N, Key=password
   – size(Password)<N, Key is padded by zeroes
   – size(Password)>N, all “extra” password octets are
     repeatedly folded into Key by XORing
• If N=7 and password is AmericaAmerica
  then we get an all-zero key.                 Lucent Technologies - Proprietary
  27 September, 2000         19

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:9/13/2012
language:English
pages:19