securty issues from 1999

1 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

IP Telephony Security Issues

NIPT/Ithaca - November 1999

Tom Parker (NVO/Ithaca)

2 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

NOTE: Help stamp out busted PowerPoint presentations. This presentation requires the Nokia font: Rotis Sans Serif for Nokia. Please run NokiaFonts_v3.EXE. It’s on the Nokia VPN and only takes a few seconds!

3 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

NIPT: Our Market

• We are targeting what we’ve determined to be a sustainable IP telephony market: IP Centrex.

• Specifically, we are focusing on IP oriented service providers who are already delivering IP services to business customers.

• We will help them leverage their existing network and customer base to create competitive differentiation and generate incremental revenue.

• We will provide them with the tools to offer high value voice and FAX services: voice VPNs, alternate long distance, desktop solutions, and telephony enabled applications.

• Of course our products offer superior performance, but we believe that the products that will prevail in the coming market will be the ones that offer comprehensive security solutions too.

4 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Tom

Park

er

Simplified PSTN Network Diagram

The Ideal

5 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Simplified PSTN Network Diagram

The Ideal ( )The Ideal

Tom

Park

er

6 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Simplified PSTN Network Diagram

Infrastructure dedicated to delivering voice

100 years of experiencecatching crooks

Common ChannelSignaling

Hardwired connections

The REAL Tom

Park

er

7 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Simplified VoIP Network Diagram

Packet based

Multiple, emerging (and submerging)

protocols

All sorts of traffic HACKER

INFESTED

Tom

Park

er

8 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

The security requirements cloud

Firewalls/NATStandards complianceEncrypted signaling

Regulatory complianceProtected databasesIntrusion detection

Non-repudiationManagement framework

TransparencyMulti-tenanting

Toll fraud AAA

Tom

Park

er

9 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Firewalls and NAT

• Firewalls, by nature, disrupt the end-to-end model of IP telephony (That’s their job).

• Firewalls are pesky; deployment is not standardized...and they’re often installed in troublesome places in a network.

• Telephony’s complex signaling scenarios and latency-sensitive media streams are particularly susceptible to disruption.

• Calls initiated from outside a firewall can be much more difficult to pass, particularly if the firewall is also doing network address translation (NAT).

• H.323 compounds these problems.

10 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

The trouble with H.323

• The complex ASN.1 PER encoding scheme used for control information means that embedded addresses are not at fixed offsets within signaling streams.

• Each call represents multiple connections: at least two TCP connections for Q.931 and H.245, and up to 4 UDP connections.

• Dynamic port assignments: dynamic TCP ports for H.245 are negotiated within the Q.931 data stream; commands for dynamic UDP connections for RTP and RTCP are contained within the H.245 data stream.

• Firewalls that perform network address translation (NAT) have particular problems because the addresses and port information in the data streams need to be modified on the fly.

11 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Firewall solutions

• Firewall vendors are beginning to wake up to the opportunities in IP telephony, but slowly.

• We believe the ultimate firewall solution will be some sort of generalized firewall control interface.

• SOCKS is a protocol approved by the IETF for providing authenticated traversal of firewalls and is currently the only standards-based control interface to firewalls.

• ETSI’s Project TIPHON has only just begun to specify a standard interface between TIPHON-compliant systems and firewalls.

• RSIP (Realm-Specific IP): a possible NAT solution, but this requires router support.

12 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Standards Compliance

• Our customers are demanding standards compliance.

• They want demonstrated interoperability.

• They want to avoid single sources of supply.

• They want all the appropriate boxes checked.

• Lacking better criteria, the product with the most checkboxes wins because it appears less risky.

• But standards compliance is a moving target. IP telephony protocols are evolving more quickly than the security solutions that go with them.

• H.235, the security framework for H.323, covers authentication, H.225/H.245 security, media stream privacy, trust relationships, but is still a work in progress.

“Checkbox Checkers”

13 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Working within the standards bodies

• We think the most valuable security solutions will come from within the IETF.

• We’re working to promote the acceptance of IETF security standards within the IP telephony standards bodies (ETSI Project TIPHON, ITU-T SG16).

• We’re taking IP telephony security requirements to the IETF.

• This work gives us: leverage, visibility, a heads-up on emerging issues, and an opportunity to seize the high ground on the important topic of security.

• Ref: Melinda Shore, (NVO/Ithaca) melinda.shore@nokia.com

14 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Toll Fraud

• Toll fraud represents a $5 billion industry (in the US alone).

• CPE fraud, cellular fraud, calling card fraud, pay phone fraud, subscription fraud, call forwarding fraud, hits to carrier switches and networks…..IP telephony represents a whole new market…... for criminals too!

• Average cost per incident of customer premise equipment (CPE) fraud is $17,000US.

• $95 million of toll fraud a year is committed by people who are already locked in prison!

• IP Telephony needs to have protection from toll fraud built in from the ground up. A typical PSTN solution: the National Retail Federation suggests shutting down voice mail systems on weekend and holidays. We should be able to improve on that.

15 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Non-repudiation

• Or, How do I know you really made that call?

• Requires digital signatures/public key encryption...

• Time stamps...

• Third-party arbitrator...

• Can represent considerable overhead in the processing of messages...

• Can represent considerable overhead in the maintenance of a public key infrastructure…

• See the IETF working groups for AAA, RADIUS: http://www.ietf.org/html.charters/aaa-charter.html http://www.ietf.org/html.charters/radius-charter.html

• Smart cards!

GEMPLUS Public Key Card

16 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Signaling privacy

• It’s vital that we protect signaling and call control against connection hijacking and other bad stuff.

• Account and billing information is frequently carried in signaling streams.

• But encrypted signaling breaks firewalls.

• ...and potentially adds to computational expense (thereby, adding to latency)

• …and causes other management headaches

• See also: legal implications

17 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Transparency

• Customers are demanding complex security solutions but they don’t want to get tangled in the details.

• The most successful security solutions will be seamless, comprehensive, robust, low-overhead, easy to manage - and all but invisible.

• Prime differentiators in the firewall market, for instance, are ease of installation and administration, and level of overall hardware/software integration.

• In surveys, firewall customers consistently rank convenience and manageability over cost.

S I D E B A R

Interesting PSTN Security Metaphor:In the early days of telephony, a number of large cattle ranches in thewestern United States were reputed to have used their many miles of barbed-wire fencing (three strands per post) to deliver telephone signals from ranch to ranch.

18 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Regulatory compliance

• Lawful interception is a requirement for public voice networks.

• Telecom regulations vary by jurisdiction; IP voice traffic that crosses international boundaries raises some sticky issues.

• Technical bodies within ETSI (and others) are working on this to ensure that standards for lawful interception exist. Their goal is to develop generic LI frameworks, and work with government and law enforcement agencies.

• See: www.etsi.org/technicalactiv/li.htm

• Ref: Session 1, Legal Interception, Terri Brooks, (Nokia/Dallas) terri.brooks@nokia.com

• Ditto: Crypto policy

19 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

• Service providers need to share resources between customers...

• ...keeping information within customer sites as much as possible

• Transactions within customer site should not be visible to others.

• Calls should be possible between Customer 1 and Customer 2.

• Core elements must be fully protected.

Multi-tenanting

CallProcessing

Server

Gateway

BES

IPPSTN

Customer 1

Customer 2

Customer 3

Customer 4

Customer 5

50-500 clients

. . . .

Service Provider

20 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Intrusion detection

• How do you know if you’ve been hacked?

• Insider attacks still outweigh outsiders.

• Intrusion detection is still an immature field.

• Profile-based intrusion detection systems (IDS) look for patterns of known attacks.

• Anomaly-based intrusion detection can detect novel attacks.

• Computer immune systems are under development.

• Standards are needed. See: http://www.ietf.org/html.charters/idwg-charter.html

• Ref: Session 3, Intrusion Detection, Maureen Stillman, (NVO/Ithaca) maureen.stillman@nokia.com

The infamous Trojan horse

21 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Protected databases-backend services

We must protect, for instance:

• Billing records

• Customer data

• Authorization tables

• Routing information

• Encryption keys

22 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Integrated management framework

• Manageability is a key requirement.

• We need a management framework that is:

1) Fully integrated into the network

2) User friendly

3) Secure

4) Robust

5) Policy based

23 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Issues at-a-glance

Design Implications Performance Issues Standards Issues Regulatory Issues Just Plain Messy

Firewalls and NAT x x x xToll Fraud xNonrepudiation x xEncrypted Signaling x x x x xInteroperability x x xRegulatory Comp. x x xIntrusion Detection x xTransparency xManagement x xMultitenanting xDatabase protection x x

Security is a complex topic with many open issues. Customers will partner with vendors who can offer them both comprehensive solutions and peace-of-mind.

24 © NOKIA NIPTsecurityissues.PPT/ Nov 03 1999 / tom.parker@nokia.com

Lots of Issues = Lots of Opportunities

Secure

High performance

Robust

Easy to use

Easy to maintain

Interoperable

Cost effective

Tom

Park

er