“securing ip multimedia subsystem (ims) infrastructures …,” m. tsagkaropoulos university of...
TRANSCRIPT
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
““Securing IP Multimedia Subsystem Securing IP Multimedia Subsystem (IMS) infrastructures: protection (IMS) infrastructures: protection
against attacksagainst attacks ””
M. TsagkaropoulosM. Tsagkaropoulos
Dept. Of Electrical and Computer EngineeringWireless Telecommunications Laboratory
University of PatrasPatras 26500
GreeceEmail: [email protected]
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Agenda
NGN Networks IMS Architecture IMS Security Framework Vulnerabilities in IMS Security Mechanisms & enhancements Conclusions
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
NGN Vision (1)
• Transition to an “All-IP” network infrastructure.
• Convergence among network and services.• Support of heterogeneous access
technologies (e.g. WLANs, WiMAX, xDSL, etc).• Unified control architecture to manage
application and services.
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
NGN Vision (2)
• Seamless handovers across both homogeneous and heterogeneous wireless technologies.
• Mobility, nomadicity and QoS support on or above IP layer.
• Provisioning of triple-play services creating a service bundle of unifying video,voice and Internet.
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Converged Network ConceptConverged Network Concept
IP Network
ManagementControl Signalling
APWiMAX
UMTS/WCDMA,HSDPA, LTE
AP
WLAN
AAA
Application
Policing
ServerFarm
Internet
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Convergence Realization
• Common service delivery platform on fixed, mobile/wireless, broadcast and IP-based networks
• IP Multimedia Subsystem (IMS)– Originally standardized by 3GPP and 3GPP2 in
the mobile world– Extended for fixed domain ETSI (TISPAN,
NGN), ITU-T
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IP Multimedia Subsystem (IMS)
• Goal– Access, Security, Mobility, QoS, Charging,
Service Platform Integration
• Extended Functionalities – IMS is the central point of control multiple
applications and services – Handling of different user profiles– Service Discovery
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Architecture• Signaling Plane
– Proxy Call/Session Control Function
– Interrogating (I-CSCF)
– Serving CSCF (S-CSCF)
– Media Gateway Function
• Application Plane– Application Servers
• Presence, Instant Messaging
– Home Subscriber Subsystems
• Media Server
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Security Architecture
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Vulnerabilities
• Denial of Service • SQL Injection• Eavesdropping• Tearing down sessions• Registration hijacking• Session hijacking• Impersonating a server• Man in the middle
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Existing Security Plane
• Authentication & Key Agreement between IM subscriber and home network
• Security Mechanism Agreement between IM client and visited network
• Integrity Protection and Confidentiality• Network Domain Security between different
Domains (?)• Existing GPRS/UMTS Access Security
IDS“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Security Mechanisms
• BYE&CANCEL attacks• Eavesdropping• Registration& Session
Hijacking• Man-In-the-Middle attacks• SIP Message flooding• SQL Injection
IPSec & TLS
IPSec & TLS
Authentication &AuthorizationAuthentication &AuthorizationNoneNone
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Proposed Security Architecture
P-CSCFS-CSCF
ISC
MwMwHSS
Cx
Gm
IMS Client (Alice)
Application Servers Farm IMS Core
I-CSCFIDSInternet
(IP connectivity)
User ListBlacklist
Attack Detectio
n
SERSIP Server Detection
Rules
IDS
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Security Target
• Handling Protocol Vulnerabilities
• Protection against Attacks
• SPAM Handling
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IDS Use Cases
Detection Register Flooding
Detection Invite
flooding
Detection SQL
injection
Detection Malformed
Msg
IDS
P-CSCF Detection
Attacks Detection
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Testing Tools• Traffic Generator
– SIPp: SIP Traffic generator
– Seagull: IMS Traffic Generator
• IMS Client– Ericsson Service Development Studio (SDS)
– UCT IMS Client
• Attacker– Developed C++ Tool for specific attacks
• IMS Core– FOKUS’s Open Source IP Multimedia Subsystem (IMS) Core
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IDS Process DelayNumber of SIP
messagesProcessing Delay
(ms)
10 0,2
50 3,8
100 4,2
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Future Work
• Extended Functionalities of IDS System• Optimize processing load• Interaction with deployed services• Stand alone implementation at Application
Servers• Definition of relationships/dependencies
among partners• ...
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Conclusions
• IMS Deployment towards NGN vision• Identification of IMS vulnerabilities• Enhanced IMS security framework • Integration of Intrusion Detection System• Experimental Testbed• Future steps
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Questions
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Thank you for your attentionThank you for your attention
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
WirelessWireless Telecommunication LaboratoryTelecommunication Laboratory
Michail TsagkaropoulosMichail Tsagkaropoulosmailto: [email protected]
http://www.wltl.ee.upatras.gr/cones