Date post: | 13-Dec-2014 |
Category: |
Technology |
Upload: | waqas-daar |
View: | 2,733 times |
Download: | 3 times |
Security Issues in VOIPPractical VOIP (IK2554)
Waqas Daar ([email protected])
KTH, Royal Institute of Technology
Stockholm, Sweden
23/05/2008 2
Presentation Outline
� Introduction
� VOIP Architecture
• H.323
• SIP
� VOIP Threats
� VOIP Attacks
� Security Solutions
� Conclusion
23/05/2008 3
Introduction
� Voice over IP is a technology that is used to transmitt voicefrom Packet switched network to Circuit swtiched network and vice versa.
� VOIP popularity is growing day by day.
• Cost Reduction
• Mobility
• Offering services like audio video conferencing, Instantmessaging etc.
23/05/2008 4
VOIP Architecture
� VOIP technology is used to establish and managingcommunication sessions for transmission of audio or video over IP network.
� VOIP signaling protocols are used to setup, tear down calls, carry information required to locate users, and negotiatecapabilities.
• H.323
• Session Initiation Protocol (SIP)
23/05/2008 5
H.323
� H.323 is the ITU-T standard for audio and video transmission over packet base network. H.323 was initially targetedmultimedia conferencing over LAN.
� H.323 is an umbrella protocol, which contains several otherprotocols.
• H.225
• H.245
� H.323 uses Real Time Protocol (RTP) for media transmission.
23/05/2008 6
H.323 (cont.)
� H.323 network elemets
• H.323 terminal end points (TE)
• H.323 Gatekeeper (GK)
• H.323 Gateway (GW)
• H.323 Multi Control Unit (MCU)
� H.323 network consist of a number of zones and each zone
must contain a H.323 Gatekeeper(GK).
23/05/2008 7
H.323 Network
23/05/2008 8
H.323 Call Model
Figure 2 H.323 Call Model [1]
23/05/2008 9
Session Initiation Protocol (SIP)
� SIP is an application layer protocol, which is used to establish, maintain and terminate multimedia session.
� SIP is a text base protocol.
� SIP uses Session Description Protocol (SDP) for setting up parameters for actual media transmission.
� RTP is used for actual media transmission.
23/05/2008 10
SIP Components
� Two general categories of SIP are
• User Agent (UA)
• SIP User Agent Client
• SIP User Agent Server
• SIP Servers
• Proxy Server
• Redirect Server
• Registrar Server
23/05/2008 11
SIP Basic Call Setup
23/05/2008 12
VOIP Threats
� Denial of Service
� Evasdropping
� Call Fraud
� Call Redirection
� SPAM
23/05/2008 13
VOIP Threats (cont,)
� Denial of Service
• Suffers availability of VOIP system.
� Eavesdropping
• In VOIP eavesdropping is a type of an attack, if an attacker able to eavesdropp a communication. Then he can launch different type of an attack like Man in the Middle attack etc.
� Call Fraud
� Call Redirection
� SPAM
23/05/2008 14
VOIP Attacks
� Signaling Layer Attacks
• SIP Registration Hijacking
• Impersonating a Server
• SIP Message Modification
• SIP Cancel / SIP BYE attack
• SIP DOS attack
� Media Layer Attacks
• Eavesdropping
• RTP insertion attack
• SSRC collision attacks
23/05/2008 15
Signaling Layer Attacks
� SIP Registration attack
• Attacker impersonates a valid UA to a registrar himself as a valid user
agent. so attacker can recieve calls for a legitmate user.
� Impersonating a Server
• When an attacker impersonates a remote server and user agent request
are served by the attacker machine.
� SIP Message Modification
• If an attacker launches a man in the middle attack and modify a message.
Then attacker could lead the caller to connect to malicious system.
� SIP CANCEL / SIP BYE
� SIP Denial of Service
• In SIP attacker creates a bogus request that contained a fake IP address
and Via field in the SIP header contains the identity of the target host.
23/05/2008 16
Media Layer Attaks
� Eavesdropping
� SSRC collision
• If an attacker eavesdropp the conversation and uses one’s peer SSRC to
send RTP packet to other peer, it causes to terminate a session.
23/05/2008 17
Security Solutions
� Two types of security solutions
• End-toEnd security
• In SIP end points can ensure end-to-end security to those messages
which proxy does not read, like SDP messages could be protected
using S/MIME.
• Media is transferred directly, so end-to-end security is achieved by
SRTP.
• Hop-by-hop security• TLS, IPSec.
23/05/2008 18
Authentication
� Authentication means to identify a person.
� If we take SIP as signaling protocol in VOIP, it defines twomechanisim for authentication
• HTTP digest authentication
• S/MIME
� HTTP Digest Authentication
• HTTP digest mechanisim used between users to proxies, users to
users but not between proxies to proxies.
� S/MIME
• S/MIME uses X.509 certificates to authenitcate end users in the
same way that web browsers uses them.
23/05/2008 19
HTTP Digest Authentication
23/05/2008 20
Confidentiality
� Confidentiality is a term defined to make communicationsession private. Confidentiality is achieved by encryption.
� Two ways of achieving
• Tranport Layer Security (TLS)
• IPSec
� IPSec uses to protect SIP messages at network layer. IPSecEncapsulation Protocol (ESP) or Authentication Header (AH) must provide confidentiality on hop-by-hop basis.
� TLS provide transport layer security over TCP. Normally SIP URI is in the form of sip:[email protected], but if we are usingTLS then SIP URI will be sips:[email protected] and signalingmust be send encrypted.
23/05/2008 21
Media Encryption
� In VOIP media is send directly between users using RTP.
� Encryption of media is achieved by
• IPSec
• Secure RTP (SRTP)
• It provides a framework for encryption and message authentication of RTP and RTCP.
• Cipher Algorithum: AES
• Authenitcation is an optional feature.
• SRTP uses Security Description for Media Streams (SDES) algorithum to negotiate session keys in SDP.
• MIKKEY
• Mikkey provides its own authentication and integrity mechanisim.
• Mikkey messages carried in a SDP with a=key-mgmt attritbute.
• ZRTP
• ZRTP also describes an extension header for RTP to establish a session key for SRTP.
23/05/2008 22
Conclusion……..
23/05/2008 23
Thanks.