Impact of SIP on Network Integrity

Adrian

Outline• Introduction• Who are CPNI?• What is SIP and why is it a problem?• What can we do about it?

• Adrian – worked in CPNI for 2 ½ years as a telecommunications security advisor

• Prior to that 29 years with FCO and MOD advising on use of telecommunications

• Technical background, definitely no tact for a diplomatic career!

Introduction

• Centre for the Protection of National Infrastructure

• Government Department• Advice on “Keeping the lights on” for the UK• Concentrate on Critical Infrastructure– Lot of advice valid for all infrastructure

Who are CPNI?

• SIP– Session Initiation Protocol– Used to start (and end) Voice over IP

• SIP is not the whole problem– IP (Internet Protocol) is another part– So is the general “freedom of information”

What is SIP and why is it a problem?

Internet• In the good old

telecommunication days…– Physical Separation– Bespoke and little known

protocols– First (and 2nd) Line of

Defence

• Now…– Internet Protocol– Shared physical path– First lines of defence gone

• “May you have a choice of many standards…”• In good old TDM / SS7 there were two fields

(both numeric)– “Dialled Number” (you), “CLI” (me)

• In SIP there are many, many fields to choose– “From”, “To”, “Contact”, “Allow”, “ID”, “Privacy” …

• In many formats…– SIP URI (User@host), Tel URI (+44 7717 …)

SIP

• Massive amount of Open Source information– SS7; running short of experts.– SIP

And…

• On the one hand– Security reduced by common network protocol

• On the other– Much more complicated signalling– Those of ill intent know as much as the good guys

So – Treble whammy

• SIP Overload Control– DoS – Send spoof control messages

• Telemarketing / Hoax Calls– Spoof CLI, call priority, call divert status…

• Denial of Service (general)– All sorts of options [packet complexity]

• Denial of Service (specific)– Flatten handset battery with spoof invites

Potential Problems

• Can’t do a lot about information sharing– And it’s not all a bad thing

• IP layer– Good housekeeping– Make sure messages come from who you think

they do• SIP Layer– Keep messages “tight”– Validate

What can we do about it?

Questions?