3. sip security
TRANSCRIPT
-
7/25/2019 3. SIP Security
1/40
24/10/2014
1
1
SIP Security
2
Roadmap
Basics
Terms, concepts, and so on
o Threats, security attributes, vulnerabilities
Network defenseso Cryptogrpahic primitives
o Protocols: SSL/TLS, IPsec, PGP, S/MIME, etc.
VoIP Security
VoIP Risks, Threats, and Attacks
Best Practices for VoIP Security
Open Issues
-
7/25/2019 3. SIP Security
2/40
24/10/2014
2
Proliferation of VoIP
People are moving from PSTN to VoIP service
VoIP is cheaper, more convenientand flexible, with diverse features
The number of residential VoIP subscribers worldwide is expected to grow
significantly
4.8million in 2004
~288million by 2013
Types of VoIP
Managed: Vonage, AT&T, Verizon, etc.
Unmanaged: PC-to-PC VoIP or Softphone (e.g., Skype)
3
Expectations on VoIP
Confidentiality Securitythe No.1concern
Emergency calls: 15, 17,18 in France
Lawful surveillance
Quality of Service (OoS) Latency
Jitter
Packet loss
4
-
7/25/2019 3. SIP Security
3/40
24/10/2014
3
Key Functional Components of VoIP
VoIP signaling Responsible for establishing, managing, tearing downVoIP sessions
H.3231996 ITU
MGCP (Media Gateway Control Protocol)1999 IETF RFC
SIP (Session Initiation Protocol)1999, 2002 IEFT RFC
o The dominant VoIP signaling protocol
VoIP voice stream
RTP (Real-time Transport Protocol)
SRTP (Secure RTP)
VoIP billing
Indispensable for VoIP service providers (e.g., Vonage, AT&T)
5
VoIP Protocol Stack
SIP Stack DiagramH.323 Stack Diagram6
-
7/25/2019 3. SIP Security
4/40
24/10/2014
4
Infrastructure Attacks
7
Physical
Data Link
Network
Transport
Application7
2
3
4
1
Eavesdropping/Sniffing
For subnets using broadcast technologies such as WiFi, each attachedsystems NIC can capture any communication on the subnet by using tools like
Wireshark, tcpdump/windump
Routers and internal switches can look at/export traffic they forward
Tap a link is possible: insert a device to mirror physical signal
Disruption
With physical access to a subnetwork, attacker can overwhelm its signaling(e.g., jamWiFisRF)
Or send messages that violate the Layer-2 protocols rules, e.g., send messages> maximum allowed size, sever timing synchronization, ignore fairness rules
Routers & switches can simply droptraffic Spoofing
With physical access to a subnetwork, attacker can create their own msg.
Root/administrator privileges may gain full control
Spoofing + eavesdropping is more powerful: attacker can understand exactstate of victims communication and craft their spoofed traffic to match it
SIP Overview
SIP is an IETF standard
RFC 2543 of 1999 (obsolete)
RFC 3261 of 2002an application-layer control (signaling) protocol for creating,modifying, and terminating sessions with one or more participants
Text-based, very similar to HTTP SIP sessions include
Internet telephone call
Multimedia conferences
Instant messaging
and so on
8
-
7/25/2019 3. SIP Security
5/40
24/10/2014
5
SIP Functionalities
Learn, determine the location, availability of remote communicating party Registration
Call routing
Call redirection
Establish a session between end-points
Call setup, transfer, termination
Negotiate the media capability
Use SDP (Session Description Protocol) to specify the media parameters(e.g.,IP address, port number, codec)
9
SIP Components
User Agentsowned/used by subscribers
User Agent Client (UAC)who initiatesa call
User Agent Server (UAS)who receivesa call
SIP Serversmaintained by service providers
Proxy server: relays the signaling messages (and potential voice streams) betweenthe caller and callee
Location server: keeps where a subscribers UA is currently at (the IP address)
Registrar server: accept registration from subscribers about their current locations,
and keeps track subscribers whereabouts at location server
Redirect server: provides information about next hop to a subscriber
10
-
7/25/2019 3. SIP Security
6/40
24/10/2014
6
SIP Messages
Requestidentified by a method name REGISTERtell where the UAC is currently at
INVITEInitiate a call to someone
BYEterminate an established call
ACKacknowledge the receipt of some message
CANCELquit from an ongoing call setup
OPTIONto query the capability of a server
Responseidentified by a number similar to HTTP
1Provisional100 Trying, 180 Ringing
2Successful200 OK
3Redirection301 Moved permanently, 302 Moved Temporarily
4Failure403 Not Found, 410 Gone, 403 Forbidden
5Server Failure503 Service Unavailable
6Global Failure600 Busy Everywhere11
SIP Network Architecture
12
-
7/25/2019 3. SIP Security
7/40
24/10/2014
7
SIP Registration
13
SIP Message Flow of Normal Call Setup & Down
14
-
7/25/2019 3. SIP Security
8/40
24/10/2014
8
Questions ?
15
Security Requirements on VoIP
Authenticity
When A dials Bs number, the call with reach B
The incoming call is really fromwho it claims to becaller ID is authentic
Confidentiality, privacy and anonymity
No one other than the caller(s) and callee(s) should do the following
o Have access to the conversation content
o Even know that Alice and Bob have talked over VoIP
Integrity
The call signaling and content have not been tempered with
16
-
7/25/2019 3. SIP Security
9/40
24/10/2014
9
Security Requirements on VoIP, cont
Temper resistant billing
Service providerno service stealing, toll fraud
Subscriberno overcharge
Availability
Be resilient to denial-of-service (DoS) attack
17
VoIP Security: System-Centric Perspective
VoIP signaling security
Protect the authenticity, integrityof the signaling message
VoIP voice stream security
Protect the authenticity, integrityand confidentialityof thevoicecontent(including any keys pressed)
VoIP billing security
Prevent service theft, toll fraud, undercharge, overcharge
18
-
7/25/2019 3. SIP Security
10/40
24/10/2014
10
VoIP Security Threats Taxonomy (Incomplete)
Threats
Confidentiality & privacy Integrity Availability and DoS
Switch Default Password Vulnerability
Classical Wiretap Vulnerability
ARP Cache Poisoning & Floods
Web Server Interfaces
IP Phone Netmask Vulnerability
Extension to IP Address Mapping Vulnerability
DHCP Server Insertion
TFTP Server Insertion Attack
CPU Resource Consumption
Default Password
Exploitable Software Flaws
Account Lockout Vulnerability
Threats to VoIP Security
Identity and service theft
Steal minutesfrom VoIP service provider
Call at other subscribers expense
Service disruption against the following The VoIP infrastructure
Individual subscriber
Terminate established calls
Prevent certain calls from being established
Call tampering
Tampering a phone call in progress: spoil the quality of the call by
injecting noise packetsin the communication stream
20
-
7/25/2019 3. SIP Security
11/40
24/10/2014
11
Threats to VoIP Security, cont
Call hijacking (Man-in-the-Middleattacks) Registration spoofing
Unauthorized call redirection
Taking over established VoIP call via re-INVITE
Interception and modification
Conversation alterationmix, change the RTP voice stream
Eavesdropping
Wiretap and traffic analysis
Obtain names, password and phone numbers (service and information theft)
VoIP fraud
Voice phishing (aka vishing): faking as trustworthy organization (e.g., bank)
21
Threats to VoIP Security, cont
Annoyance
SPIT (Spam over Internet Telephony)
Nuisance call
Attack against others
Divert VoIP traffic to flood someone
Denial of Service (DoS): consuming bandwidth or overloading resource
VoIP based botnet
Worms, viruses, and malware
What if attacker compromises the softphone running in the laptop or
handheld ?
22
-
7/25/2019 3. SIP Security
12/40
24/10/2014
12
Attack#1: VoIP Service Stealing Case
According to court records, Pena
sold more than 10 million
minutes of VoIP service that had
been stolen from 15
telecommunications providers.
Prosecutors valued the lost
minutes at $1.4 million.
23
Attack#2: SIP Phone Registration Spoofing
Before a SIP UA (i.e., phone) can be used to make or receiver a call, itmust register itself so that SIP proxy server know its current IP
address
What if some attacker send spoofedREGISTERmessage to the
registrar to trick the registrar into believing that the victim SIP phone isat an IP address chosen by the attacker
All the calls to the victim will reach attackers phone !
What about SIP digest authentication ?
The SIP registrar does require authenticationfor registration
Assuming the attacker does not know the secret password shared
between the victim SIP phone and the registrar, can attacker still spoofregistration ?YES !
24
-
7/25/2019 3. SIP Security
13/40
24/10/2014
13
Attack#2: SIP Phone Registration Spoofing, cont
The SIP digest does NOT cover the IP address of the SIP phoneThe registrar actually uses the source IP address of the packet
containing the REGISTRER message
The attacker could simply replaythe legitimate REGISTER messagefrom different IP address
25
Attack#3: SIP Phone Registration Hijacking
With a MITM, attacker could completely hijack calls to the victim
26
1
2
3
4
5
-
7/25/2019 3. SIP Security
14/40
24/10/2014
14
Attack#4: Fake BYE to Terminate Established SIP Call
Attacker could terminateany established SIP call by sending fake BYEmessageto the SIP phone(s) and/or SIP proxy
SIP proxy requires digest authentication, so it could detectfake
BYEand ignore it
Existing SIP phones however will honor anyBYE messagewith
correct Call-ID
27
Attack#5: VoIP CallerID Spoofing
Caller ID of SIP call is NOTtrustworthy, and it is easy to spoof
Just modify the Fromfield of INVITE message
There are companies that offer caller ID spoofing service to the public:http://www.calleridspoofing.info/
28
-
7/25/2019 3. SIP Security
15/40
24/10/2014
15
Billing of Managed VoIP
Billing is fundamental to VoIP service providers (e.g., Vonage, AT&T) Certain VoIP calls are charged on aper minute basis: International call,
Service providers rely on accounting and billingfor charging theircustomers for the serve they provided
Billing has direct impact on each individual VoIP subscriber
Charges for the VoIP services they have chosen and used
NO Charges on the calls they have NOTmade
NO Overcharge on the calls they have made
29
Requirements of VoIP Billing
Billing needs to be reliable
Resilient to billing fraud
Provides consistent view on what the service providers has providedandwhat the subscriber has received
Billing needs to be trustworthy
It will determine
o (a) how much money the service provider will make;
o (b) how much money the subscriber will pay
Inaccurateor corruptedbill will create disputes between the service
provider and its customers
30
-
7/25/2019 3. SIP Security
16/40
24/10/2014
16
Billing and Signaling of VoIP
Existing VoIP billing is based on VoIP signaling, which determines The callerand callee of the call ---- communication parties
When the call startsand ends ---- call duration
Where the call will be routed ---- call path
Any vulnerability inVoIP signalingcould be a potential vulnerability
of VoIP billing
Manipulation of SIP messages
Fake SIP messages
VoIP signaling protocols
SIPthe dominant VoIP signaling protocol
MGCP
H323
31
VoIP Billing Vulnerabilities
The use public Internet for signaling and billing opens many doors for
attacks
MITM at any router or gateway along with VoIP signaling path
How vulnerable are those deployed commercial SIP-based VoIPservices ?
Vonage, AT&T, Verizon, Broadvoice
ReferenceR. Zhang, et al., Billing Attacks on SIP-Based VoIP Systems, inProceedings of the first USENIX workshop on Offensive Technologies
(WOOT '07).
-
7/25/2019 3. SIP Security
17/40
24/10/2014
17
VoIP Billing Attack #1: INVITE Replay billing attack
Callers SIP phone initiates a call by sending an INVITEmessage to its SIPserver, which tracks the INVITEmessage for billingand accounting
Attack: an attacker can replaysome captured INVITEmessage and make calls
at others expense
33
VoIP Billing Attack #2: FakeBusy Billing
BUSY message is not protected by SIP authentication
The MITM between a SIP phone and SIP server could do the following
Hijackthe VoIP calls of targeted SIP phone
Establish the calls with bogus content
When both the caller side and callee side have MITM, the MITMs could control thehijacked call durationwhile keeping the caller and callee unaware of the call
This could result in overchargeon calls the VoIP subscriber has actually made
34
-
7/25/2019 3. SIP Security
18/40
24/10/2014
18
VoIP Billing Attack #3: ByeDelayandByeDrop
Established SIP calls are terminated by BYEmessage
Can an MITM delayor simply dropthe BYEmessage of established SIP call ?
The SIP server will think the call is still alive and just count on the time, thereby
prolonging the durationof established calls
This could lead to overchargeon calls the VoIP subscriber has made
Such a delay or drop of the BYE message does not involve any modification of
the BYE message: SIP authentication would not help here
35
Root Causes Analysis of Billing Attacks
SIP security is largely relied on existing security mechanisms forHTTP and SMTP
TLS or IPsec protect the SIP signaling path
S/MIME protects the integrity and confidentiality of SIP messages
No end-to-endprotection
Weakness of SIP authentication
Only applies to a few SIP messages, e.g., INVITE, BYE, REGISTER,
while others likeTRYING, RINGING, 200 OK,ACKand BUSY are
unprotected
Only a few SIP fields are protected, e.g., request-URI, username, realm,
while other important SIP fields (e.g., SDP, From,To) are unprotected
One-way protection: only applies to UAC so SIP servers
36
-
7/25/2019 3. SIP Security
19/40
24/10/2014
19
Potential Mitigations Against VoIP Billing Attacks
INVITE replay
Just need to implement the SIP authentication correctly
Implementation errors may lead to this attack
FakeBusy
Simply correlating the SIP and RTP message wont help (Bogus RTP
streams with correct IP addresses, port numbers, and sequence numbers)
Full integrity protection of SIP, RTP could defeat FakeBusy
ByeDelay, ByeDrop Hard to defend even with full SIP, RTP integrity protection
o No modification of any SIP or RTP
o Delay and drop could happen naturally (accidental anomalies)
Some heuristics might help
37
Questions ?
38
-
7/25/2019 3. SIP Security
20/40
24/10/2014
20
39
Roadmap
Basics
Terms, concepts, and so on
o Threats, security attributes, vulnerabilities
Network defenses
o Cryptogrpahic primitives
o Protocols: SSL/TLS, IPsec, PGP, S/MIME, etc.
VoIP Security
VoIP Risks, Threats, and Attacks
Best Practices for VoIP Security
Open Issues
SIP Security Mechanisms
SIP does NOT define its own security mechanism, it reusesexistingsecurity mechanisms for HTTP, SMTP whenever possible
Two building blocks of SIP security mechanisms
Authentication: HTTP digest authentication
Encryption: IPsec, TLS, S/MIME
SIP authentication and encryption can NOT be applied to thewhole SIP messages from end-to-end
Intermediate SIP proxies need to modify and insert SIP message fields:
o Add viafield
o Change request URIdue to call-redirection
SIP Security is hop-by-hop
40
-
7/25/2019 3. SIP Security
21/40
24/10/2014
21
HTTP Digest Authentication
Provides one-way authentication: identify UAC to a UAS or SIP
proxy (but does not identify UAS or SIP proxy !)
Anti-replay protection
Assumesthe two parties involved share a secret password
Usually hard-coded in the UAC (SIP phone adaptor)
Uses challenge/response
A valid response contains a Checksum (by default MD5RFC 2617, extended in
RFC 3310) Response=F(nonce, username, password, realm, SIP-method, request-URI)
Must be supported by all SIP compliant UA and SIP servers
41
Message Flow of SIP Authentication
42
-
7/25/2019 3. SIP Security
22/40
24/10/2014
22
Unauthenticated INVITE Message
43
407 Authenticated Required Message
44
-
7/25/2019 3. SIP Security
23/40
24/10/2014
23
Authenticated INVITE Message
45
SIP Security Mechanism: IPsec
Can provide authentication, integrity and confidentialityfor thetransmitted data
Suited to securing SIP hosts in a SIP VPN scenario (SIP user agents/proxies) or
between administrative SIP domains
Works for all UDP, TCP and SCTP based SIP signaling
Supports end-to-endas well ashop-by-hop scenarios
No SIP component is required to support IPsec
Key management issues
No default cipher suite for IPsec defined in SIP (RFC 3261 does not describe that)
One accepted protocol: Internet Key Exchange (IKE), which provides automatedcryptographic key exchange and management mechanisms and is used to negotiate
security associations (SA) (particularly used in the establishment of VPNs)
Setting up security association with every UA is too expensive!
46
-
7/25/2019 3. SIP Security
24/40
24/10/2014
24
SIP Security Mechanism: TLS
RFC 3261 mandatesthe use of TLS for all SIP compliant servers
E.g., proxies, redirect servers, registrars
UAs are strongly recommended to support TLS
Protects SIP signaling messages against loss of integrity,confidentiality, and anti-replay
Provides integrated key-management with authentication(serveronly) and secure key distribution
Applied hop-by-hopbetween UAS/proxies or between proxies
Requires reliabletransport stack (TCP-based signaling)
Not applicable to UDP-based SIP signaling
Universal Resource Indicator (URI) -- sips:
47
SIP Security Mechanism: S/MIME
Can provide some degree of end-to-endauthentication, integrity andconfidentiality for mostSIP header fields
Excluding Request-URI, Record-Route, Route, Max-Forwards, and Proxy-Authorization
Specifies triple-DES as the required minimum encryption algorithm
Require PKI (Public-Key Infrastructure) to be effective
PKI includes services and protocols for managing public keys, often through the use of
Certification Authority (CA) and Registration Authority (RA) components (e.g., key
registration, certificate revocation, key selection, trust evaluation)
Incurring additional overhead
RFC 3261 recommendsS/MIME to be used for UAS
If S/MIME is used to tunnel messages,TCP connection is recommended (larger
messages)
Authentication, integrity, and confidentiality protection of signaling data can be realized
48
-
7/25/2019 3. SIP Security
25/40
24/10/2014
25
Security Enhancements for SIP (IETF Drafts)
SIP authenticated identity body (AIB) Defines a generic SIP authentication token by adding an S/MIME body to a SIP message
SIP authenticated identity management For authenticating end users and to distribute authenticated identities with an AIB
S/MIME AES Requirement for SIP Upgrades that of RFC 3261(3DES); higher throughput, lower computational complexity,
and lower memory requirement, thus more suitable for mobile or embedded devices
Security mechanism agreement for SIP
TLS, HTTP Digest, IPsec with IKE, manually keyed IPSec without IKE, S/MIME
End-to-Middle, Middle-to-Middle, Middle-to-end Security Enables intermediaries to use some of the SIP message header and body when end-to-end
security is applied: logging services for enterprises, firewall traversal, transcoding (tailoringweb pages for varying devices like PDAs, cell phones)
Secure information inserted by intermediaries (proxies sometimes need to modify a message)49
Secure RTP (from IETF Proceedings)
Security Parameter Index
(recommended for frequent re-
keying in large groups), 32-bit
50
-
7/25/2019 3. SIP Security
26/40
24/10/2014
26
Preventative Solutions to VoIP Security: Firewall
What is firewall ?
To block unauthorizedaccesswhile permitting authorized communications, e.g.,blockall FTP traffic (port 21), allowall HTTP traffic (port 80)
Packet filter (header=, 5-tuple), application
layer firewall, stateful firewall (maintainsconnection records and investigateapplication data: NOT for a static port)
Needs: a logical segmentation of the network (Voice/Data)
A crucial functionality for a network containing PC-based phones
RTP makes use of dynamic UDP ports (1024-65534): prevent UDP DoS attack
51
Collision between Voice and Data Traffic
PC-Based IP phones (data) require access to the (voice) segment to
place calls, leave messages, etc.,
IP Phones and call managers (voice) accessing voice mail (data)
Users (data) accessing the proxy server (voice)
The proxy server (voice) accessing network resources (data)
Traffic from IP Phones (voice) to the call processing manager (voice)or proxy server (voice) must pass through the firewall because such
contacts use the data segment as an intermediary
52ReferenceJ. Halpern, IP Telephony Security in Depth, White Paper, Cysco Systems, 2002
-
7/25/2019 3. SIP Security
27/40
24/10/2014
27
SIP-Aware Firewall
Thanks to the texting encoding of SIP, standard parsing tools (Perl,
lexand yacc) can be used
Must parse the SIP exchanges in order to discover which packets
contain the media, i.e., understand the SIP exchangesand extracttherelevant information
Must be statefuland monitor SIP traffic to determine which RTPportsare to be opened and made available to which addresses (similar
case to H.323 but simpler call setup and header parsing)
53
Case Study: Mitigations Against Flooding Type of DoS
Measure the difference between the numbers of attemptedconnections and completed handshakes
By B. Reynolds and D. Ghosal, Proc. of NDSS 2003
Hellinger distance based anomaly detection
by Sengar et al (Proc. of IWQoS 2006)
SIP-aware firewall (SAFW), proposed by Columbia U. & Verizon
RTP pinhole/port filtering
Return routability check based on null-authentication
o Could filter out those SIP messages with spoofed source
State machine sequencing
o Filter out-of-state SIP messages
Maintain dialogue state (source, contact)
o Only accept BYE with legitimate address
54
-
7/25/2019 3. SIP Security
28/40
24/10/2014
28
Sipd: SIP redirect, forking proxyand registration server that provides
name mapping, user locationand
scriptingservices
ASM-- Application Server Module
DPPMDeep Packet Processing
Module
FCP-- Firewall Control Protocol
CAMContent Addressable
Memory
ReferenceE. Yardeni, H. Schulzrinne, and G. Ormazabal , Large Scale SIP-aware Application Layer Firewall, Technical Report.
Columbia Univ.
Case Study: SIP-aware Application Layer Firewall
55
56
Case Study: SIP-aware Application Layer Firewall, cont
-
7/25/2019 3. SIP Security
29/40
24/10/2014
29
57
Case Study: SIP-aware Application Layer Firewall, cont
NAT: Network Address Translation
What is NAT ?
Can hide internalnetwork address and enable several endpoints within a LANto share the same global IP address
Reduce theprotected points of access and simplifies network management
Full cone NAT, restricted cone NAT, port restricted cone, symmetric NAT
Widely used, the needwill notbe alleviated by IPv6
58
-
7/25/2019 3. SIP Security
30/40
24/10/2014
30
VPN: Virtual Private Networks Tunnels between two endpoints that allow for data to be securely transmitted
between the nodes
IPsec ESP tunnelhelps to traverse a public domain (the Internet) in a private manner,
although local VPN tunnel (within an intranet) is more secure and faster
VoIPsec: VoIP using IPsec
Reduces the threat of MIMA, packet sniffers, various voice traffic analysis, but
Brings negative effect on QoS (encryption at the end points)
Causes encryption/decryption latency (Secure Real Time Protocol, MIKEY via AES)
Bottleneck:scheduling and the lack of QoS in the crypto-engine
o Better scheduling schemes: e.g., give OoS packets higher priority and prior to theencryption phase
Expanded packet size (compression of packet size)
IPsec and NAT incompatibility (UDP encapsulation, RSIP, IPv6 tunnel broker)
Preventative Solutions to VoIP Security: VPN
59
What is IDSIntrusion Detection Systems ?
The system designed for identifying and responding to intrusive events or incidents
Two types: misuse-based IDS (signature-based) and anomaly-based IDS
Example Systems
SCIDIVE(Reported atDSN 2004, by Wu et al.)o Sending fake BYE message to only one end-point will leave an orphan RTP stream from
the other end-point
o Stateful, cross protocol correlation could detect this
o What if attacker sendsbogus BYEto both end-points ?
o No orphan RTP stream (Happen naturally if both sides hang up at about the same time)
Interactive protocol state machine based IDS (Reported at DSN 2006, By Sengar et al.)o Could detect those attacks that do not follow the SIP state machine
o What if some attack do follow the SIP state machine ?o CallerID spoofing, Registration hijacking
IDS for VoIP Network
60
-
7/25/2019 3. SIP Security
31/40
24/10/2014
31
Questions ?
61
62
Roadmap
Basics
Terms, concepts, and so on
o Threats, security attributes, vulnerabilities
Network defenseso Cryptogrpahic primitives
o Protocols: SSL/TLS, IPsec, PGP, S/MIME, etc.
VoIP Security
VoIP Risks, Threats, and Attacks
Best Practices for VoIP Security
Open Issues
-
7/25/2019 3. SIP Security
32/40
24/10/2014
32
Challenges in Securing VoIP
Open architecture
Real-time constraints
Multiple protocols
Key management issues
Emergency services
63
Challenge #1: Open Architecture
VoIP network is as open as the Internet
The end-points (SIP phone) of VoIP could be anywhere, and they can
freely change their locationlocation-independent
Its likely that we will interact with some end-point that has NO prior
established trust at all
We have to allow an unknownperson calls us from an unknownSIP
phone at an previously unknownIP address
We need to be able to call an unknownperson with a previously
unknownIP address
How do we authenticate a caller/callee we dont know at all ?
How do we secure VoIP in such a case
Trust is NOT transitive !
64
-
7/25/2019 3. SIP Security
33/40
24/10/2014
33
Challenge #2: Real-Time Constraints
Unlike other Internet applications such as Web, VoIP has stringent
real-time constraints
End-to-end delay should be no more than 150 ms
Each packets of voice stream should be delivered at constant (e.g.,
once every 20 ms or 30 ms): the processing of each RTP packet should
never be > 20 ms
The call setup time should not be too long: caller expect to hear ring
tone or voice within seconds after dialing
All these put an upper bound on the total time that all the securitymechanisms in all the SIP proxies, RTP servers and SIP phones can
use
More generally, QoS-critical
Packet loss, Jitter, and Latency
65
Challenge #3: Multiple Protocols
VoIP involves a number of different protocols
Signaling
o SIP, MGCP, H.323
Voice stream
o RTP, SRTP
Security
o HTTP digestincorporated in SIP, TLS, IPsec, Key management
In security, the whole system is as strong as its weakest point!
66
-
7/25/2019 3. SIP Security
34/40
24/10/2014
34
Challenge #4: Key Management
How could we establish session key with someone we dont know at
all
Can we expect every SIP phone to have its own private/publickeys?
How do we authenticate the public key of someone we dont know
Can we expect PKI for SIP phones ?
Scalability issue for the SIP servers
A SIP server may need to serve tens (or even hundreds) of thousands of
subscribers
Dynamically establishing and managing keys with many concurrent
callers/callees may overwhelm the SIP server
67
Challenge #5: Emergency Call
How to provide authenticated caller ID ?
Its easy to spoof caller ID
How to determine the real origin of the call ?
VoIP phones are highly mobile, they can be used from anywhere on theInternet
How to route an emergency call to the appropriate PSAP (Public
Safety Answering Point) ?
How to keep VoIP emergency call connection with PSAP ?
PSTN emergency call can only be terminated by PSAP
VoIP emergency call an be terminated by the caller through power cycle
the SIP phone
68
-
7/25/2019 3. SIP Security
35/40
24/10/2014
35
Challenge #6: Firewall Traversal
Firewall problem with VoIP
Firewall needs to block traffic based on source, destination, and
traffic type
VoIP needs to allow unsolicited incoming calls from unknown and un-
trusted sources
Conflicting requirements: effects on QoS by introducing latency and
jitter
SIP-aware firewall
Allows Sip signaling message and corresponding RTP comes in
69
Challenge #6: Firewall Traversal
Any exploits of SIP or RTP could compromise the security of SIP-
aware firewall
How to support such VoIP calls without compromising the firewall
filtering policy ? Solutions to call setup (excessive latency is not tolerated !): applies to
NAT too
Application level gateways (ALGs, embedded software): latency,
congestion, expensive
Middlebox solutions (independent in-path system): setup cost, single
point attack
Session Border Controllers(SBC): firewall/NAT traversal, call admission
control, Service Level Agreement monitor..
70
-
7/25/2019 3. SIP Security
36/40
24/10/2014
36
Challenge #7: NAT Traversal
NAT (Network Address Translation) Dynamically maps internal, private IP & port with external public IP &
port
Allows multiple hostsin a private network to share one public IP
address
Most residential IP phones are behind NAT
71
Challenge #7: NAT Traversal, cont
NAT problem with VoIP
NAT blocks unsolicitedincoming trafficit does not know how to
translate that into private IP & port
VoIP needs to support unsolicited incoming calls from previouslyunknownand un-trusted sources
SIP phones behind NAT will use its private IP for REGISTER, INVITE,
and 200 OK
SIP hones behind NAT will dynamically choose the port number for
receiving the incoming RTP stream and specify it in SDP part of
INVITEor 200 OK messages
72
-
7/25/2019 3. SIP Security
37/40
24/10/2014
37
Challenge #7: NAT Traversal, cont
Existing NAT traversal solutions
UPnP (Universal Plug and Play): queries the NAT device, does not work
with cascading NAT
STUN (simple Traversal of UDP through NAT)
o Uses TURN server on the public Internet
o Works with Full Cone, Restricted Cone, and Port Restricted Cone NAT
o Does NOT work with Symmetric (bidirectional) NAT
o Does not support TCP (SIP RFC 3261 mandates TCP support)
o Susceptible to port scan
TURN (Traversal Using Relay NAT)
o Relies on a TURN server in the middle of the signaling and media path
o Works with symmetric (bidirectional) NAT
o May open door for MITM attack
ICE (Interactive Connectivity Establishment): make use of STUN and
TURN73
Challenge #7: NAT Traversal, cont
Security implications of NAT in VoIP
Makes it hard to enforce the integrity from end-to-end
Makes it hard to validate/authenticate the IP address of SIP phone
Open door foro Registration hijacking
o Call hijacking
o MITM attack
74
-
7/25/2019 3. SIP Security
38/40
24/10/2014
38
Challenge #8: Challenge/Response with SIP Forking
Challenge/Responsewould prevent replay attack, but it is difficult to
work with SIP forking
75
Challenge #9: SPIT (Spam on Internet Telephony)
VoIP spam could be more disturbing than email spam
People are used to respond to a phone call immediately
What if some spammer keeps ringing your phone all day long ?
o Could make your phone virtually unusable
VoIP spam is harder to block than email spam
Caller ID is not trustworthy
Voice content based filtering is difficult
76
-
7/25/2019 3. SIP Security
39/40
24/10/2014
39
Challenge #9: SPIT, cont
Reverse Turing testagainst SPIT
Before accepts a call, the calleesSIP phone (or proxy) asks the caller
some questions that is easy for human to answer but difficult for machine
However, such a voice Turing test scheme could be abused to launch
DoS attacksimilar to Smurf attack
Attacker send INVITE to lots of VoIP subscribers with spoofed IP address
of the victim
The proxies of those VoIP subscribers will send RTP streams to the
victims The victim could be overwhelmed by those RTP streams
77
Challenge #10: Voice Phishing (aka Vishing)
Attackers started using VoIP in phishing
Voice phishing attack on PayPal
Voice phishing attack on Santa Barbara Bank & Trust
This is essentially exploits peoples trust in landline telephone How to make VoIP as trustworthy as landline telephone ?
78
-
7/25/2019 3. SIP Security
40/40
24/10/2014
New Challenge: VoIP in the Cloud
VoIP servers are migrated to the Clouds
New system architecture: in-houseto outsourcing(Virtual PBX)
Easier management, less upfront capital costs (e.g., Amazon EC2),
however,
0-dayvulnerabilities are introduced, leading to novel attacks
Operating/deployment environment is challenging
Virtual machinesmulti-tenant environments
(Multiple) Protocol-level protections are remained
Still, the trade-off between Quality of Service (QoS) and security
Service Oriented Architecture (SOA)Service Level Agreement (SLA)
79
Questions