Secure Videoconferencing Today

Jill GemmillUniversity of Alabama at Birminghamjgemmill@uab.edu

Why is security for videoconferencing needed today? Some applications require privacy:

Telemedicine: for patient comfort and HIPAA requirements

Sensitive meetings: grant reviews; counter-terrorism planning

The Internet is no longer a friendly place: any network connected system is a target for attacks.

What is meant by “videoconference security”?

At a “gut level”, we might think of:No eavesdroppingNo denial of service or break-insNo “spamming” (video/voice from

unwanted visitors)Making sure resources like MCU’s are

used only by those authorized

Standards for Security: ITU X.800 and IETF RFC 2828

Authentication Access Control Data Confidentiality Data Integrity Nonrepudiation Availability Service

Standard Security MechanismsITU X.800

Encryption Digital Signature Access Control Data Integrity Authentication

Exchange Traffic Padding Routing Control Notarization

Trusted Functionality

Security Label Event Detection Security Audit Trail Security Recovery

Non-trivial

“Legacy” Videoconference Security (H.320)

Used leased telephone line (ISDN) lines – you were buying your own private circuit

No IP connection used Expensive “Nailed Down”, not reconfigurable.

Basic Security Concerns (H.323 and SIP) Remote management interfaces:

use strong password for remote logins (Tandberg alone in offering SSL)

Turn off streaming Disable FTP, HTML, Telnet and

SNMP functions Disable Viavideo web interface by

clearing password Watch for security patches and update

systems immediately.

Downside of basic security….

Usually breaks ability for video support organization to monitor/manage your systems

Makes it harder to update software (no FTP)

Solution: put systems behind a firewall

Firewalls and NATs

Found especially in medical centersFirewall: Blocks incoming network

trafficNetwork Address Translator (NAT):

Hides your network addresses so they can’t be reached from outside

For videoconferencing, these protections become OBSTACLES to overcome (securely, of course!)

Encryption

For total privacy, encryption is needed. All encryption methods are designed to

protect data in transit, so that it is readable only at the source and destination

Some encryption methods are tied to user authentication, so that you are assured of who the data came from and that it can be read only by the intended recipient

Encrypt End-to-End or per Link/Hop? End-to-End approach encrypts at source and

decrypts at destination Good news: can’t be read in the middle Issue: routers need to read addresses. Data

is secure, destination address is not. Per Link/Hop Encryption: decrypt/encrypt at

router More time consuming (increases latency) Unencrypted data at router is vulnerable

It is possible to use both approaches simultaneously Overhead includes increased bandwidth and

latency

*

Where to encrypt?

Encryption managed by the application

Encryption managed near transport layer

Encryption managed in the network layer

By design, each layer is unaware of what occurs at other layers

Physical Layer (wires)

Data Link (hardware address)

NETWORK (IP)

TRANSPORT (TCP/UDP)

APPLICATIONS

Virtual Private Network (VPN)

IPSec Capable of

encrypting/authenticating ALL data at the IP layer

Transparent to applications (no changes needed)

Physical Layer (wires)

Data Link (hardware address)

NETWORK (IP)

TRANSPORT (TCP/UDP)

APPLICATIONS

Secure Socket Layer (SSL)

Created and torn down on a per-session basis

Frequently used on web servers – https://

Transparent to the application

Note: over TCP only

Physical Layer (wires)

NETWORK (IP)

TRANSPORT

APPLICATIONS

TCPUDP

SSL / TLS

Application Specific Encryption

Examples E-Mail

S/MIME PGP

Kerberos

Video / Voice ????Physical Layer (wires)

NETWORK (IP)

TRANSPORT (TCP/UDP)

APPLICATIONS

Does the videoconferencing application do encryption?

Not reallyStandards exist (next speakers)Not implemented in the marketCertain vendors offer proprietary use

of standard encryption algorithms and claim to have a “standards-based solution” BUT no inter-operability (Tandberg, VCON)

Encryption political issues

Encryption software is slow; Encryption hardware is expensive and increases the cost of the product

Encryption algorithms may be covered by patents and use requires licensing (eg: RSA)

Encryption algorithms may be subject to export control (eg: DES)

Let’s Consider the videoconferencing application

Hop to HopCommunication

End-to-EndCommunication

Model for both H.323 and SIP architectures

Things to notice in the model SIP Call Control is over

TCP H.323 Call control is

UDP at ends and TCP in the middle

Media streamS – separate voice, video, data, etc. Perhaps two video streams (one in each direction)

UDP precludes use of SSL

Review:

Encryption can be done with IPSec, SSL or by Application

No application-layer encryption for VC No SSL for VC due to UDP Guess that leaves IPSec and “clever

hacks”

Let’s place the model in a university medical center

Videoconferencing uses dynamic ports – BLOCKED

Outside calls coming in – BLOCKED

Willingness to reconfigure firewall - NONE

One approach to secure videoconferencing today

“Secure Telemedicine Utilizing State-Wide Internet” NIH-SBIR Phase 1. Jim Chamberlain, AZ Technology. Julie Harper, Jill Gemmill UAB.

Unencrypted here

Pros and ConsPRO

Very inexpensive if you already own the firewall

Relatively simple to install and operate

Requires cooperation of firewall management

CON Requires remote VC

station that can load VPN client software

Suitable for fixed point to point only

Requires cooperation of firewall management

VC station must be able to send VPN IP address, not its own

Another approach: a pair of departmentally managed VPN’s

Pros and ConsPRO

Can be installed at departmental level

Works with “appliance” VC units like Polycoms

CON VC units must be

able to send VPN IP address as reply address rather than their own

Added expense of firewall/VPN units

Fixed locations only

IP Freedom SolutionEncryption

Module Announced

& due in market shortly

Works with SIP and

H.323 Call Servers

Pros and ConsPRO

Extremely easy to install; no need to contact network staff

Flexible connectivity Available as an I2 Commons

service Transparent to end users Works for both SIP and

H.323 Client software is free Supports mobile users

CON Expensive Encryption module : more

expensive Licensing is based on

number of concurrent users; number shrinks with bandwidth used, and encryption

Proprietary technology (but only need one!) “Clever hack”

Other gotcha’s

If your campus has a bandwidth manager (Packeteer-type device) your VC multimedia may be mistaken for annoying video/music and have its bandwidth limited

Result – can degrade or terminate VC session

Action Items ?

Collect “Best Practices” for Secure Videoconferencing?

Feedback to I2/federal agencies on importance of Application-layer security for video/voice applications

Other ?

Acknowledgments

“ViDe.Net: Middleware for Scalable Video Services for Research and Higher Education” NSF ANI-022710 (Gemmill, Chatterjee, Johnson)

“Alabama Internet2 Middleware Initiative”, NSF EPSCoR, EPS-0091853 via UA-01-016) (Shealy, Gemmill)

“Secure Telemedicine Utilizing State-Wide Internet” NIH-SBIR Phase 1. Jim Chamberlain, AZ Technology. Julie Harper, Jill Gemmill UAB.

Any opinions, findings or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.