Académique Documents
Professionnel Documents
Culture Documents
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 2
SIP Security:
Status Quo and Future Issues
(5) Conclusion
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 3
Introduction to SIP
What is Voice-over-IP (VoIP)?
What is Voice-over-IP?
real-time
The transmission of
(digitised) voice over
an IP-based network
Separation of signalling
and media transfer
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 5
SIP: Session Initiation Protocol
SIP supports
Mobility of users
Media parameter negotiation
Session Management
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 6
SIP Protocol: Example of operation
6. Location Service
checks that the 2. Store location
destination IP address (binding between
represents a valid SIP-URI and IP-
DNS Server registered device address)
4. Query for Location
IP Address of Service
SIP
the Registrar
Destination 5. Forward
Domain’s SIP INVITE
Proxy
3. Send SIP SIP
INVITE to Proxy
establish session 1. REGISTER
7. Forwarded Request
SIP IP-address &
to the End-Device
Proxy SIP-URI
SIP:bob@biloxy.com
Media Transport
8. Destination device returns its IP
Address and a media connection is
SIP:alice@atlanta.com opened
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 7
Differences between SIP-based
VoIP and PSTN
(PSTN) (SIP)
Differences between VoIP with SIP and PSTN
Signalling
Public Switched Telephone Network
PSTN
Signalling in a closed network (SS7)
SIP
Signalling in an open network
Signalling network is highly insecure (Internet)
Terminals
Traditional Telephones:
Simple devices
not much functionality
SIP-phones:
Complex devices
Have their own TCP/IP stack
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 9
Differences between VoIP with SIP and PSTN
Mobility
PSTN
No mobility
SIP
Users can change their location and still use the same
identity in the network
Only access to IP-network is required
Authentication
PSTN
No authentication necessary (no mobility)
SIP
Due to mobility on IP-layer, authentication on the
application layer is necessary
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 10
Differences between VoIP with SIP and PSTN
Mobility / Authentication
A network with similar properties: GSM
GSM uses smartcards
Limited number of providers that trust each other
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 11
Current Research Problems
SIP Security Intro
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 13
Current Work on SIP Security
Authentication
Lawful Interception
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 14
Authentication
Authentication
The Problem
SIP users are mobile, i.e.
change their location
The location cannot be used to
authenticate users
No worldwide PKI in place
that can be used by all users
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 16
Authentication
ZRTP
Developed by Phil Zimmermann (PGP)
Diffie-Hellman key exchange within an RTP stream
Key exchange is protected against man-in-the-
middle attacks by an authentication string
Authentication string is „read“ by communication
partners and transmitted over RTP
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 17
Man-in-the-middle attack on Diffie-Hellman Key
Exchange
5.b) Assume Alice and Bob use the Diffie-Hellman protocol to derive a
secret key. Further, assume an attacker is in the path between Alice and
Bob and able to read the messages being exchanged between them.
ii. Could an attacker manage to read encrypted messages that are
encrypted with a key established between Alice and Bob, when the
attacker is able to read the messages and control the message flow
(i.e. intercept and modify messages) between Alice and Bob?
B
A
X1=g1x1 mod n1 M
X2=g2x2 mod n2
Y1 = g1y1 mod n1
Y2 = g2y2 mod n2
Key between A&M
Key between B&M
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 18
ZRTP
SIP
Proxy
SIP
Proxy
SIP:beyonce@biloxy.com
RTP Stream
SIP:alicia@atlanta.com
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 19
ZRTP
SIP:beyonce@biloxy.com
RTP Stream
SIP:alicia@atlanta.com
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 20
ZRTP
3
1
4 SIP:beyonce@biloxy.com
RTP Stream
SIP:alicia@atlanta.com
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 21
ZRTP
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 22
Authentication
Identity Assertion
Domains assert the identities of their SIP users
This assertion can be digitally signed by the domain to be
verified by other domains / users
End-to-end authentication
TLS is insufficient, because
Intermediary hops may not be trustworthy
All application layer hops need keys from each other
Establish end-to-end authentication directly
between user agents
V. Gurbani, F. Audet, D. Willis, “The SIPSEC Uniform Resource Identifier (URI)”, internet draft
(work in progress), June 2006
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 24
Spam over IP Telephony
“Hello,…“
SPIT – Spam over Internet Telephony
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 26
SPIT - Possible Solutions
Payments at risk
A Micropayment System that charges for every
call
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 27
SPIT - Possible Solutions
Sender authentication
… would help to fight SPIT
Not in place yet
Would not fully solve the problem
Computational puzzles
For each Call, the initiator first has to solve a
computationally complex challenge
Not a problem for regular call behaviour
Spammers would need much computation power
Makes spamming costly
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 28
SPIT – Spam over Internet Telephony
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 29
SPIT – Spam over Internet Telephony
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 30
Lawful Interception
Lawful Interception
Lawful Interception
legalised eavesdropping of communications by
government agencies, e.g. when a criminal is under
surveillance
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 32
Lawful Interception
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 33
Lawful Interception
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 34
Testing SIP Devices
SIP
Proxy
SIP:test_1@local_IP_1
SIP:test@local_IP_1
SIP:test_2@local_IP_1
SIP Implementations
Have a TCP/IP Stack plus SIP functionality
Are complex, thus susceptible to vulnerabilities
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 36
Security of SIP Devices
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 37
Security of SIP Devices
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 38
Testing SIP Implementations
SIP
Proxy
SIP:test@local_IP
SIP testing tool
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 39
Testing SIP Implementations
SIP:test@local_IP_2 SIP:test@local_IP_1
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 40
Testing SIP Implementations
SIP
Proxy
SIP:test_1@local_IP_1
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 41
SISU Test Tool
Test Cases
Implementation of RFC 4475 (May 2006)
Torture test messages
13 valid messages, 19 invalid messages
Denial of Service Tests on Session
Send BYE or CANCEL message to phone under test
while a session is being established
Denial of Service Tests on Phone
Invite Message with different Tag and CallId
1000 and 10000 Invite Messages
Buffer Overflow Search
Inserting a long string in different headers
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 42
SISU Test Tool
© Univ.
Univ.ofofHamburg,
Hamburg,Dept.
Dept.Informatik,
Informatik,Security
SecurityininDistributed
DistributedSystems,
Systems,December
December29th,
29th,2006
2006(JFS)
(JFS) 43
SISU Test Tool
© Univ.
Univ.ofofHamburg,
Hamburg,Dept.
Dept.Informatik,
Informatik,Security
SecurityininDistributed
DistributedSystems,
Systems,December
December29th,
29th,2006
2006(JFS)
(JFS) 44
Some Testing Results
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 45
Some Testing Results
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 46
Other Problems…
Other Problems…
Emergency Calls
How to prioritize emergency calls in a network with
no quality of service (IP-networks)?
See further „Emergency Context Resolution with
Internet Technologies (ecrit)”
(http://www.ietf.org/html.charters/ecrit-charter.html)
Usability
How shall users cope with certificates or other
credentials in SIP-Phones? (does not work with
https-webpages)
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 48
Future Security Issues:
P2P-SIP
P2P-SIP
What is P2P-SIP?
Using a peer-to-peer network as a substrate for
SIP user registration and location lookup
Benefits
Cost reduction
Ability to deploy without modifying controlled
infrastructure (DNS)
Robustness against failure
Scalability
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 50
P2P-SIP: Basic Overview
26
SIP Components for Registration 6. Location Service24
and Location Lookup checks that the 2. Store location
27 IP address
destination (binding between
215 represents a valid SIP-URI and IP-
DNS Server registered device address)
4. Query for Location
IP Address of Service
SIP
the
212 210
Destination DHT
5. Forward
31 Registrar
Domain’s SIP(Distributed
INVITE
Proxy Hash Table) 55
3. Send SIP SIP
Lookup Location
INVITE to Proxy
for Bob’s SIP URI 65 1. REGISTER
establish session 7. Forwarded Request
SIP IP-address &
to the End-Device
Proxy 89 88 SIP-URI
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 51
P2P-SIP: Registration and Location
Distributed Hash
Hash of the node‘s 26 Table (DHT) offers:
24 Store(key)
IP-address = nodeID
Lookup(key)
27 (1) Bob‘s node joins the
215 231 7
DHT
212 6
Store(206) (2) Alice‘s node joins the
?
210 DHT
(3) Bob registers his URI
206 200 Lookup(206) 33 with the DHT
5. Forward
Hash of INVITE (4) Alice wants to call Bob
Bob‘s SIP- 55 (5) DHT delivers the node
URI = key (+IP-address)
responsible for Bob‘s
65 URI to Alice (node
Content stored: 215)
Current location
89 88 (6) Alice contacts node
(IP-address) for 159 215 to get Bob‘s IP-
SIP-URI address (without using
the overlay)
(7) Alice and Bob
h(SIP:bob@biloxy.com) negotiate parameters
SIP:alice@atlanta.com = 206 SIP:bob@biloxy.com and set up their
How to trust node 215? session directly
(without using the
overlay)
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 52
Security in P2P-SIP
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 53
P2P SIP: Threats
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 54
Man-in-the-middle attack on P2P SIP
(recursive routing)
24
26
0
27
215
(3) (1)
200 (4)
212 210
(2)
196 64
How can I
attack the
content for (5) (1) I need the content for „212“
keyID „212“? (2) I need the content for „212“
(6) (3) I need the content for „212“
159
(4) The content for „212“ is IP-
address „X“
(5) The content for „212“ is IP-
156 128
128 address „X“
(6) The content for „212“ is IP-
address „Y“
Authentication in P2P-SIP
Self-certifying approaches
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 56
Conclusion
© Univ. of Hamburg, Dept. Informatik, Security in Distributed Systems, December 29th, 2006 (JFS) 58
Thank you for your
attention
Jan Seedorf
seedorf@informatik.uni-hamburg.de
University of Hamburg