secure videoconferencing today jill gemmill university of alabama at birmingham [email protected]
TRANSCRIPT
Secure Videoconferencing Today
Jill GemmillUniversity of Alabama at [email protected]
Why is security for videoconferencing needed today? Some applications require privacy:
Telemedicine: for patient comfort and HIPAA requirements
Sensitive meetings: grant reviews; counter-terrorism planning
The Internet is no longer a friendly place: any network connected system is a target for attacks.
What is meant by “videoconference security”?
At a “gut level”, we might think of:No eavesdroppingNo denial of service or break-insNo “spamming” (video/voice from
unwanted visitors)Making sure resources like MCU’s are
used only by those authorized
Standards for Security: ITU X.800 and IETF RFC 2828
Authentication Access Control Data Confidentiality Data Integrity Nonrepudiation Availability Service
Standard Security MechanismsITU X.800
Encryption Digital Signature Access Control Data Integrity Authentication
Exchange Traffic Padding Routing Control Notarization
Trusted Functionality
Security Label Event Detection Security Audit Trail Security Recovery
Non-trivial
“Legacy” Videoconference Security (H.320)
Used leased telephone line (ISDN) lines – you were buying your own private circuit
No IP connection used Expensive “Nailed Down”, not reconfigurable.
Basic Security Concerns (H.323 and SIP) Remote management interfaces:
use strong password for remote logins (Tandberg alone in offering SSL)
Turn off streaming Disable FTP, HTML, Telnet and
SNMP functions Disable Viavideo web interface by
clearing password Watch for security patches and update
systems immediately.
Downside of basic security….
Usually breaks ability for video support organization to monitor/manage your systems
Makes it harder to update software (no FTP)
Solution: put systems behind a firewall
Firewalls and NATs
Found especially in medical centersFirewall: Blocks incoming network
trafficNetwork Address Translator (NAT):
Hides your network addresses so they can’t be reached from outside
For videoconferencing, these protections become OBSTACLES to overcome (securely, of course!)
Encryption
For total privacy, encryption is needed. All encryption methods are designed to
protect data in transit, so that it is readable only at the source and destination
Some encryption methods are tied to user authentication, so that you are assured of who the data came from and that it can be read only by the intended recipient
Encrypt End-to-End or per Link/Hop? End-to-End approach encrypts at source and
decrypts at destination Good news: can’t be read in the middle Issue: routers need to read addresses. Data
is secure, destination address is not. Per Link/Hop Encryption: decrypt/encrypt at
router More time consuming (increases latency) Unencrypted data at router is vulnerable
It is possible to use both approaches simultaneously Overhead includes increased bandwidth and
latency
*
Where to encrypt?
Encryption managed by the application
Encryption managed near transport layer
Encryption managed in the network layer
By design, each layer is unaware of what occurs at other layers
Physical Layer (wires)
Data Link (hardware address)
NETWORK (IP)
TRANSPORT (TCP/UDP)
APPLICATIONS
Virtual Private Network (VPN)
IPSec Capable of
encrypting/authenticating ALL data at the IP layer
Transparent to applications (no changes needed)
Physical Layer (wires)
Data Link (hardware address)
NETWORK (IP)
TRANSPORT (TCP/UDP)
APPLICATIONS
Secure Socket Layer (SSL)
Created and torn down on a per-session basis
Frequently used on web servers – https://
Transparent to the application
Note: over TCP only
Physical Layer (wires)
NETWORK (IP)
TRANSPORT
APPLICATIONS
TCPUDP
SSL / TLS
Application Specific Encryption
Examples E-Mail
S/MIME PGP
Kerberos
Video / Voice ????Physical Layer (wires)
NETWORK (IP)
TRANSPORT (TCP/UDP)
APPLICATIONS
Does the videoconferencing application do encryption?
Not reallyStandards exist (next speakers)Not implemented in the marketCertain vendors offer proprietary use
of standard encryption algorithms and claim to have a “standards-based solution” BUT no inter-operability (Tandberg, VCON)
Encryption political issues
Encryption software is slow; Encryption hardware is expensive and increases the cost of the product
Encryption algorithms may be covered by patents and use requires licensing (eg: RSA)
Encryption algorithms may be subject to export control (eg: DES)
Let’s Consider the videoconferencing application
Hop to HopCommunication
End-to-EndCommunication
Model for both H.323 and SIP architectures
Things to notice in the model SIP Call Control is over
TCP H.323 Call control is
UDP at ends and TCP in the middle
Media streamS – separate voice, video, data, etc. Perhaps two video streams (one in each direction)
UDP precludes use of SSL
Review:
Encryption can be done with IPSec, SSL or by Application
No application-layer encryption for VC No SSL for VC due to UDP Guess that leaves IPSec and “clever
hacks”
Let’s place the model in a university medical center
Videoconferencing uses dynamic ports – BLOCKED
Outside calls coming in – BLOCKED
Willingness to reconfigure firewall - NONE
One approach to secure videoconferencing today
“Secure Telemedicine Utilizing State-Wide Internet” NIH-SBIR Phase 1. Jim Chamberlain, AZ Technology. Julie Harper, Jill Gemmill UAB.
Unencrypted here
Pros and ConsPRO
Very inexpensive if you already own the firewall
Relatively simple to install and operate
Requires cooperation of firewall management
CON Requires remote VC
station that can load VPN client software
Suitable for fixed point to point only
Requires cooperation of firewall management
VC station must be able to send VPN IP address, not its own
Another approach: a pair of departmentally managed VPN’s
Pros and ConsPRO
Can be installed at departmental level
Works with “appliance” VC units like Polycoms
CON VC units must be
able to send VPN IP address as reply address rather than their own
Added expense of firewall/VPN units
Fixed locations only
IP Freedom SolutionEncryption
Module Announced
& due in market shortly
Works with SIP and
H.323 Call Servers
Pros and ConsPRO
Extremely easy to install; no need to contact network staff
Flexible connectivity Available as an I2 Commons
service Transparent to end users Works for both SIP and
H.323 Client software is free Supports mobile users
CON Expensive Encryption module : more
expensive Licensing is based on
number of concurrent users; number shrinks with bandwidth used, and encryption
Proprietary technology (but only need one!) “Clever hack”
Other gotcha’s
If your campus has a bandwidth manager (Packeteer-type device) your VC multimedia may be mistaken for annoying video/music and have its bandwidth limited
Result – can degrade or terminate VC session
Action Items ?
Collect “Best Practices” for Secure Videoconferencing?
Feedback to I2/federal agencies on importance of Application-layer security for video/voice applications
Other ?
Acknowledgments
“ViDe.Net: Middleware for Scalable Video Services for Research and Higher Education” NSF ANI-022710 (Gemmill, Chatterjee, Johnson)
“Alabama Internet2 Middleware Initiative”, NSF EPSCoR, EPS-0091853 via UA-01-016) (Shealy, Gemmill)
“Secure Telemedicine Utilizing State-Wide Internet” NIH-SBIR Phase 1. Jim Chamberlain, AZ Technology. Julie Harper, Jill Gemmill UAB.
Any opinions, findings or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.