voip information security issues in voice over internet protocol

1

VoIPVoIPInformation Security Issues in Voice Over

Internet Protocol

Satya Bhan, Jonathan Clark, Joshua Cuneo, Jorge Mejia

2

Road Map of Road Map of PresentationPresentation

Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of VoIPResearch and development of VoIP ConclusionsConclusions

3

What is VOIP?What is VOIP?

Voice Over Internet ProtocolVoice Over Internet ProtocolARPANET - 1973ARPANET - 1973Dramatic rise in popularityDramatic rise in popularity

MobileMobileCheapCheapAccessibleAccessibleFull of security holesFull of security holes

4

How VOIP WorksHow VOIP Works

1.1. Resolution of IP Address Resolution of IP Address

2.2. Analog-digital conversionAnalog-digital conversion

3.3. Parsed into RTP packetsParsed into RTP packets

4.4. Sent via UDP protocolSent via UDP protocol

5.5. Extraction of dataExtraction of data

6.6. Analog-digital conversionAnalog-digital conversion

(8)

5


H.323 ProtocolH.323 Protocol

Umbrella standardUmbrella standard

Terminals, gateways, gatekeepers, and multipoint Terminals, gateways, gatekeepers, and multipoint control units (MCUs) control units (MCUs)

(8)

6


SIP ProtocolSIP Protocol

Location stored in a location serverLocation stored in a location server

Proxy server resolves locationProxy server resolves location

Session Description Protocol (SDP) for logisticsSession Description Protocol (SDP) for logistics

(8)

7



8

VoIP Security MythVoIP Security Myth““Security administrators assume that Security administrators assume that

because digitized voice travels in because digitized voice travels in packets, they can simply plug VoIP packets, they can simply plug VoIP components into their already components into their already secured networks and get a stable secured networks and get a stable and secure voice network”and secure voice network”

- - Walsh, T.J.; Kuhn, D.R Walsh, T.J.; Kuhn, D.R

9

Why are existing Why are existing protections unusable?protections unusable?

Most firewalls, Intrusion Detection Most firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IDS), Intrusion Prevention Systems (IPS) rely on deep packet Systems (IPS) rely on deep packet inspectioninspection

Encryption adds overheadsEncryption adds overheads Max tolerable packet delay is set to Max tolerable packet delay is set to

150 ms 150 ms

10

Denial of Service (DOS)Denial of Service (DOS)

Most harmful attack – effects Most harmful attack – effects customers, Quality of Service customers, Quality of Service (QoS), profits etc.(QoS), profits etc.

““Latency turns traditional security Latency turns traditional security measures into double-edged measures into double-edged swords for VoIP”swords for VoIP”

Walsh, T.J.; Kuhn, D.RWalsh, T.J.; Kuhn, D.R

11

Denial of Service – Denial of Service – Packet LossPacket Loss

User Datagram Protocol (UDP)User Datagram Protocol (UDP) Fast, LightweightFast, Lightweight Transmission/Order not guaranteedTransmission/Order not guaranteed

Small payloads – 10 to 50 bytesSmall payloads – 10 to 50 bytes 1% loss – 1% loss – unintelligibleunintelligible 5% loss - 5% loss - catastrophic, no matter how catastrophic, no matter how

good the codecgood the codec

12

EavesdroppingEavesdropping Public Switch Telephone Networks Public Switch Telephone Networks

(PSTN)(PSTN) Physical access harder & more Physical access harder & more

detectabledetectable Proprietary protocolsProprietary protocols

VoIPVoIP Standardized protocolsStandardized protocols Readily available tools to monitor Readily available tools to monitor

networknetwork Ethereal analyzerEthereal analyzer Voice over misconfigured Internet Voice over misconfigured Internet

telephones (VOMIT)telephones (VOMIT)

13

EavesdroppingEavesdropping User software available freely for User software available freely for

downloaddownload Using Cache-poisoning distribute Using Cache-poisoning distribute

hacked upgradeshacked upgrades Man-in-the-middle attacksMan-in-the-middle attacks

Rogue server with modified Rogue server with modified configuration files containing the IP configuration files containing the IP addresses of call managersaddresses of call managers

Victims’ calls are then routed Victims’ calls are then routed through the attacker’s call manager through the attacker’s call manager

14

SpoofingSpoofing Identity management complicatedIdentity management complicated

No physical deviceNo physical device Universal Reference Identification Universal Reference Identification

(URI)(URI) Spoofing available on multiple layers Spoofing available on multiple layers

(ip, mac)(ip, mac) Spoof caller’s identificationSpoof caller’s identification

Attacker calls regular phone lineAttacker calls regular phone line Flash over using 3 way calling, dial Flash over using 3 way calling, dial

next partynext party First callee’s id or unknown First callee’s id or unknown

displayeddisplayed

15

Theft of ServiceTheft of Service

Edwin Pena and Robert Moore Edwin Pena and Robert Moore VoIP fraudVoIP fraud Routed more than ten million calls Routed more than ten million calls

through unsuspecting companiesthrough unsuspecting companies Orchestrated a "brute force" attack Orchestrated a "brute force" attack

to identify the prefixes needed to to identify the prefixes needed to gain access to VoIP networksgain access to VoIP networks

Sold VoIP services cheapSold VoIP services cheap

16

Theft of ServiceTheft of Service Attackers gain access to VoIP Attackers gain access to VoIP

networksnetworks Security vulnerabilities in user’s Security vulnerabilities in user’s

softwaresoftware Sniffing user accounts and passwordsSniffing user accounts and passwords

Profitable attacksProfitable attacks Toll frauds, identity thefts etc.Toll frauds, identity thefts etc.

17

Spam over Internet Spam over Internet Telephony (SPIT)Telephony (SPIT)

““where there's a channel, there's a where there's a channel, there's a pitchman”pitchman”

Pierce Reid, Qovia VP marketing Pierce Reid, Qovia VP marketing

Mass advertisements over PSTN Mass advertisements over PSTN complex & costlycomplex & costly

18

Spam over Internet Spam over Internet Telephony (SPIT)Telephony (SPIT)

VoIP merges IT & PSTNVoIP merges IT & PSTN Easily accessible & cheapEasily accessible & cheap unwanted voice messages will clog unwanted voice messages will clog

voice mailvoice mail Spam tools such as blacklists etc Spam tools such as blacklists etc

useless against SPITuseless against SPIT Session hijackingSession hijacking

Video conferences can be hijacked Video conferences can be hijacked and advertisements shown insteadand advertisements shown instead

Similarly voice conversations Similarly voice conversations disrupted by advertisementsdisrupted by advertisements

19



20

PGPfone HistoryPGPfone History Released in 1995Released in 1995 Never gained popularity due to lack Never gained popularity due to lack

of interestof interest Broadband was not widespreadBroadband was not widespread Voice over IP was not popularVoice over IP was not popular

Intended more for point-to-point Intended more for point-to-point modem connectionsmodem connections

21

PGPfone MotivationsPGPfone Motivations Zimmermann believes in a right Zimmermann believes in a right

to privacy provided by the to privacy provided by the ConstitutionConstitution

Released in response to 1994 Released in response to 1994 Digital Telephony lawDigital Telephony law ““mandated that phone companies mandated that phone companies

install remote wiretapping ports in install remote wiretapping ports in their central office digital switches”their central office digital switches”

Says that while warrants were still Says that while warrants were still necessary, a shift in policy could necessary, a shift in policy could lead to privacy violationslead to privacy violations

NSA program to monitor without NSA program to monitor without warrantswarrants

22

PGPfone DetailsPGPfone Details Uses Diffie-Hellman for key Uses Diffie-Hellman for key

generationgeneration Keys generated from random prime Keys generated from random prime

numbersnumbers Uses TripleDES, Blowfish, or Uses TripleDES, Blowfish, or

CAST as ciphersCAST as ciphers Symmetric for speedSymmetric for speed Run in counter modeRun in counter mode

Diffie-Hellman has vulnerability to Diffie-Hellman has vulnerability to man-in-the-middle attacksman-in-the-middle attacks Solved by using Short Authentication Solved by using Short Authentication

StringsStrings

23

Secure Real-Time Secure Real-Time Transfer ProtocolTransfer Protocol

Published in RFC 3711 in March Published in RFC 3711 in March 20042004

Goal to create secure version of Goal to create secure version of Real-Time Transfer ProtocolReal-Time Transfer Protocol Ensure confidentiality and integrity Ensure confidentiality and integrity

of RTP packetsof RTP packets Provides “a framework that Provides “a framework that

permits upgrading”permits upgrading” Allows protocol to upgrade to more Allows protocol to upgrade to more

secure ciphers in the futuresecure ciphers in the future

24

Secure Real-Time Secure Real-Time Transfer ProtocolTransfer Protocol

Key exchange is entirely defined in the Key exchange is entirely defined in the RFCRFC Uses master key to generate keysUses master key to generate keys Number of keys generated by one master Number of keys generated by one master

key is up to the userkey is up to the user Number of packets encrypted by one key Number of packets encrypted by one key

can be setcan be set Default cipher is Advanced Encryption Default cipher is Advanced Encryption

Standard (AES)Standard (AES) Runs in counter mode by defaultRuns in counter mode by default

Keyed-Hashing for Message Keyed-Hashing for Message Authentication-Secure Hash Algorithm Authentication-Secure Hash Algorithm (HMAC-SHA1) used to ensure (HMAC-SHA1) used to ensure message authenticitymessage authenticity

25

ZRTPZRTP Created by Phil ZimmermannCreated by Phil Zimmermann Title of RFC is “Extensions to RTP for Title of RFC is “Extensions to RTP for

Diffie-Hellman Key Agreement for Diffie-Hellman Key Agreement for SRTP”SRTP”

Features:Features: Similar to PGPfone, but updated to run Similar to PGPfone, but updated to run

on top of new standards (RTP, SIP)on top of new standards (RTP, SIP) Backwards compatible with standard Backwards compatible with standard

RTPRTP Does not rely on public key Does not rely on public key

infrastructure (PKI)infrastructure (PKI) Foils man-in-the-middle attacks in Foils man-in-the-middle attacks in

similar fashion to PGPfonesimilar fashion to PGPfone Adds “shared secret” for added Adds “shared secret” for added

protectionprotection

26

ZfoneZfone Also written by Phil ZimmermannAlso written by Phil Zimmermann Implementation of ZRTPImplementation of ZRTP ““Lets you turn your existing VoIP Lets you turn your existing VoIP

client into a secure phone”client into a secure phone” Simply intercepts and filters RTP Simply intercepts and filters RTP

packetspackets If Zfone is not running on both sides it If Zfone is not running on both sides it

will simply revert to standard RTPwill simply revert to standard RTP GUI to let you know if current call is GUI to let you know if current call is

securesecure SDK to license for developers to SDK to license for developers to

integrate ZRTP into their applicationsintegrate ZRTP into their applications

27

SkypeSkype Closed source and closed Closed source and closed

specificationspecification Tom Berson's security analysisTom Berson's security analysis

Was allowed uninhibited access to the Was allowed uninhibited access to the code and the engineerscode and the engineers

Findings:Findings: Skype uses only standard encryption Skype uses only standard encryption

techniquestechniques All techniques are properly implementedAll techniques are properly implemented Uses a central server as public key Uses a central server as public key

infrastructure to authenticate messagesinfrastructure to authenticate messages No backdoors or malwareNo backdoors or malware

28

Skype ConcernsSkype Concerns Closed does not always mean safeClosed does not always mean safe

Have to trust Skype when they say their Have to trust Skype when they say their software is securesoftware is secure

Single person, company sponsored Single person, company sponsored analysisanalysis Closed protocol makes it difficult to Closed protocol makes it difficult to

verifyverify Small Chinese company claims to Small Chinese company claims to

have broken protocolhave broken protocol Will release software that connects to Will release software that connects to

Skype network soonSkype network soon

29


Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of Research and development of

VoIPVoIP ConclusionsConclusions

30

Research and Research and Development in VoIP Development in VoIP

SecuritySecurity VoIP security is still a big question in VoIP security is still a big question in

the servicethe service Many improvements are still Many improvements are still

possiblepossible Collective effort needed by Collective effort needed by

government, academia, and private government, academia, and private companiescompanies

31

The 1The 1stst IEEE Workshop IEEE Workshop on VoIP Management on VoIP Management and Security (2006)and Security (2006)

Open workshop for researchers from Open workshop for researchers from any sector to improve state of any sector to improve state of security of VoIPsecurity of VoIP

Projects to cover:Projects to cover: Locating SIP usersLocating SIP users Monitoring VoIP networksMonitoring VoIP networks Intrusion Detection for VoIPIntrusion Detection for VoIP

32

Lightweight Scheme for Lightweight Scheme for Locating Users: Locating Users: Goal/MotivationGoal/Motivation

Group of Georgia Tech Researchers (CoC)Group of Georgia Tech Researchers (CoC) Most important challenge in VoIP:Most important challenge in VoIP:

Locate communicating parties via internet Locate communicating parties via internet in secure and reliable wayin secure and reliable way

Session Initialization Protocol (SIP) users Session Initialization Protocol (SIP) users are at risk because this technology is are at risk because this technology is weak to attacksweak to attacks

Mainly, the Integrity of the mapping from Mainly, the Integrity of the mapping from SIP to contact address is criticalSIP to contact address is critical

33

Is Session Initialization Is Session Initialization Protocol (SIP) Safe?Protocol (SIP) Safe?

1) Terminal registers its contact address

2) Address stored in location services

3) During call initialization, caller finds server in DNS table

4) Callee’s server query location services for Address (1)

34

Lightweight Scheme for Lightweight Scheme for Locating Users: Proposed Locating Users: Proposed

SolutionSolution Don’t use registrar servicesDon’t use registrar services Let SIP phone sign their own contact Let SIP phone sign their own contact

address bindings on behalf of their address bindings on behalf of their usersusers

Verify identity through public keysVerify identity through public keys Have modified SIP infrastructure to Have modified SIP infrastructure to

distribute public keysdistribute public keys

35

Solution Scheme to Solution Scheme to Interchange Public Interchange Public

KeysKeys•Initial Key exchange between 2 users

•After the key exchange, communication follows through secure channel

•This is only needed once

(1)

36

Monitoring VoIP Monitoring VoIP Networks: Networks:

Goal/MotivationGoal/Motivation Researchers from NEC JapanResearchers from NEC Japan Goal: VoIP carriers should identify Goal: VoIP carriers should identify

and separate legal from illegal trafficand separate legal from illegal traffic Motivation: Stop SPAM over Internet Motivation: Stop SPAM over Internet

Telephony (SPIT) from using Telephony (SPIT) from using network resourcesnetwork resources

Result: Prototype implemented to Result: Prototype implemented to monitor traffic from Skype, SIP monitor traffic from Skype, SIP phones, Netmeetingphones, Netmeeting

37

Monitoring VoIP Monitoring VoIP Networks: Proposed Networks: Proposed Scheme/PrototypeScheme/Prototype

1.1. Add time stamp to Add time stamp to packets and measure sizepackets and measure size

2.2. Extract statistical data Extract statistical data from the flow (I.e. from the flow (I.e. payload)payload)

3.3. Verification to check Verification to check eavesdroppingeavesdropping

4.4. Compare packet against Compare packet against known threatsknown threats

5.5. Repeat the process and Repeat the process and control the flowcontrol the flow(2)

38

Intrusion Detection and Intrusion Detection and Prevention on SIP: Prevention on SIP:

Goal/motivationGoal/motivation Researchers from University of Pisa Researchers from University of Pisa and and Switzerland.Switzerland.

Goal: Use the same principles of Goal: Use the same principles of network intrusion detection to network intrusion detection to provide security to VoIP networksprovide security to VoIP networks

Motivation: Threats will move to VoIPMotivation: Threats will move to VoIP Results: Working prototype using Results: Working prototype using

SnortSnort

39

Intrusion Detection and Intrusion Detection and Prevention on SIP: Prevention on SIP:

PrototypePrototype

Tested Tested successfully successfully against a against a brute force brute force generatorgenerator

(3)

40



41

ConclusionConclusion Great effort to secure VOIP networksGreat effort to secure VOIP networks

Leadership efforts by companies and Leadership efforts by companies and universitiesuniversities

Ideas both old and revolutionaryIdeas both old and revolutionary One solution: encryptionOne solution: encryption

SpeedSpeed New, effective algorithms like ZRTPNew, effective algorithms like ZRTP

Technology caught everybody by surpriseTechnology caught everybody by surprise Encouraging future for VOIPEncouraging future for VOIP

42

ReferencesReferences(1) (1) Kong, L., Balasubramaniyan, V.B., and Ahamad, M. "A lightweight scheme for Kong, L., Balasubramaniyan, V.B., and Ahamad, M. "A lightweight scheme for

securely and reliably locating SIP users." IEEE Xplore. Georgia Tech Lib., Atlanta, securely and reliably locating SIP users." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.

(2) (2) Okabe, T., Kitamura, T., and Shizuno, T. "Statistical traffic identification method Okabe, T., Kitamura, T., and Shizuno, T. "Statistical traffic identification method based on flow-level behavior for fair VoIP service." IEEE Xplore. Georgia Tech Lib., based on flow-level behavior for fair VoIP service." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.

(3) (3) Niccolini, S. et al. "SIP intrusion detection and prevention: recommendations and Niccolini, S. et al. "SIP intrusion detection and prevention: recommendations and prototype implementation." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July prototype implementation." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.

(4) Zimmermann, Philip R. (4) Zimmermann, Philip R. PGPfone Owner’s ManualPGPfone Owner’s Manual. 8 July 1996. Phil’s Pretty Good . 8 July 1996. Phil’s Pretty Good Software. 13 July 2006. Software. 13 July 2006. <ftp://ftp.pgpi.org/pub/pgp/pgpfone/manual/pgpfone10b7.pdf>.<ftp://ftp.pgpi.org/pub/pgp/pgpfone/manual/pgpfone10b7.pdf>.

(5) Baugher, M., et al. (5) Baugher, M., et al. The Secure Real-time Protocol (SRTP)The Secure Real-time Protocol (SRTP). March 2004. The Internet . March 2004. The Internet Society. 13 July 2006. <http://tools.ietf.org/html/3711>.Society. 13 July 2006. <http://tools.ietf.org/html/3711>.

(6) ---, et al. (6) ---, et al. ZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTPZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTP. 5 . 5 March 2006. The Internet Society. 13 July 2006. <http://www.ietf.org/internet-March 2006. The Internet Society. 13 July 2006. <http://www.ietf.org/internet-drafts/draft-zimmermann-avt-zrtp-01.txt>.drafts/draft-zimmermann-avt-zrtp-01.txt>.

(7) (7) Zfone Home PageZfone Home Page. Phil Zimmermann & Associates. LLC 13 July 2006. . Phil Zimmermann & Associates. LLC 13 July 2006. <http://www.philzimmermann.com/EN/zfone/index.html>.<http://www.philzimmermann.com/EN/zfone/index.html>.

(8) Kuhn, D. Richard, Thomas J. Walsh, Steffen Fries. United States. National Institute of (8) Kuhn, D. Richard, Thomas J. Walsh, Steffen Fries. United States. National Institute of Standards and Technology, Technology Administration, Department of Commerce. Standards and Technology, Technology Administration, Department of Commerce. Security Considerations for Voice Over IP SystemsSecurity Considerations for Voice Over IP Systems. Gaithersburg, MD: NIST, 2005. . Gaithersburg, MD: NIST, 2005.

43

Questions?Questions?

voip information security issues in voice over internet protocol

Documents

voip components

voip workssip protocollocation

robert moore voip fraudrouted

internet protocolarpanet

internet protocolsatya

ip addresses

basicssecurity threats

traditional security