1
VoIPVoIPInformation Security Issues in Voice Over
Internet Protocol
Satya Bhan, Jonathan Clark, Joshua Cuneo, Jorge Mejia
2
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of VoIPResearch and development of VoIP ConclusionsConclusions
3
What is VOIP?What is VOIP?
Voice Over Internet ProtocolVoice Over Internet Protocol
ARPANET - 1973ARPANET - 1973
Dramatic rise in popularityDramatic rise in popularity
MobileMobile
CheapCheap
AccessibleAccessible
Full of security holesFull of security holes
4
How VOIP WorksHow VOIP Works
1.1. Resolution of IP Address Resolution of IP Address
2.2. Analog-digital conversionAnalog-digital conversion
3.3. Parsed into RTP packetsParsed into RTP packets
4.4. Sent via UDP protocolSent via UDP protocol
5.5. Extraction of dataExtraction of data
6.6. Analog-digital conversionAnalog-digital conversion
(8)
5
How VOIP WorksHow VOIP Works
H.323 ProtocolH.323 Protocol
Umbrella standardUmbrella standard
Terminals, gateways, gatekeepers, and multipoint Terminals, gateways, gatekeepers, and multipoint control units (MCUs) control units (MCUs)
(8)
6
How VOIP WorksHow VOIP Works
SIP ProtocolSIP Protocol
Location stored in a location serverLocation stored in a location server
Proxy server resolves locationProxy server resolves location
Session Description Protocol (SDP) for logisticsSession Description Protocol (SDP) for logistics
(8)
7
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of VoIPResearch and development of VoIP ConclusionsConclusions
8
VoIP Security MythVoIP Security Myth
““Security administrators assume that Security administrators assume that because digitized voice travels in because digitized voice travels in packets, they can simply plug VoIP packets, they can simply plug VoIP components into their already components into their already secured networks and get a stable secured networks and get a stable and secure voice network”and secure voice network”
- - Walsh, T.J.; Kuhn, D.R Walsh, T.J.; Kuhn, D.R
9
Why are existing Why are existing protections unusable?protections unusable?
Most firewalls, Intrusion Detection Most firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IDS), Intrusion Prevention Systems (IPS) rely on deep packet Systems (IPS) rely on deep packet inspectioninspection
Encryption adds overheadsEncryption adds overheads Max tolerable packet delay is set to Max tolerable packet delay is set to
150 ms 150 ms
10
Denial of Service (DOS)Denial of Service (DOS)
Most harmful attack – effects Most harmful attack – effects customers, Quality of Service customers, Quality of Service (QoS), profits etc.(QoS), profits etc.
““Latency turns traditional security Latency turns traditional security measures into double-edged measures into double-edged swords for VoIP”swords for VoIP”
Walsh, T.J.; Kuhn, D.RWalsh, T.J.; Kuhn, D.R
11
Denial of Service – Denial of Service – Packet LossPacket Loss
User Datagram Protocol (UDP)User Datagram Protocol (UDP) Fast, LightweightFast, Lightweight Transmission/Order not guaranteedTransmission/Order not guaranteed
Small payloads – 10 to 50 bytesSmall payloads – 10 to 50 bytes 1% loss – 1% loss – unintelligibleunintelligible 5% loss - 5% loss - catastrophic, no matter how catastrophic, no matter how
good the codecgood the codec
12
EavesdroppingEavesdropping
Public Switch Telephone Networks Public Switch Telephone Networks (PSTN)(PSTN) Physical access harder & more Physical access harder & more
detectabledetectable Proprietary protocolsProprietary protocols
VoIPVoIP Standardized protocolsStandardized protocols Readily available tools to monitor Readily available tools to monitor
networknetwork Ethereal analyzerEthereal analyzer Voice over misconfigured Internet Voice over misconfigured Internet
telephones (VOMIT)telephones (VOMIT)
13
EavesdroppingEavesdropping
User software available freely for User software available freely for downloaddownload Using Cache-poisoning distribute Using Cache-poisoning distribute
hacked upgradeshacked upgrades Man-in-the-middle attacksMan-in-the-middle attacks
Rogue server with modified Rogue server with modified configuration files containing the IP configuration files containing the IP addresses of call managersaddresses of call managers
Victims’ calls are then routed Victims’ calls are then routed through the attacker’s call manager through the attacker’s call manager
14
SpoofingSpoofing
Identity management complicatedIdentity management complicated No physical deviceNo physical device Universal Reference Identification Universal Reference Identification
(URI)(URI) Spoofing available on multiple layers Spoofing available on multiple layers
(ip, mac)(ip, mac) Spoof caller’s identificationSpoof caller’s identification
Attacker calls regular phone lineAttacker calls regular phone line Flash over using 3 way calling, dial Flash over using 3 way calling, dial
next partynext party First callee’s id or unknown First callee’s id or unknown
displayeddisplayed
15
Theft of ServiceTheft of Service
Edwin Pena and Robert Moore Edwin Pena and Robert Moore VoIP fraudVoIP fraud Routed more than ten million calls Routed more than ten million calls
through unsuspecting companiesthrough unsuspecting companies Orchestrated a "brute force" attack Orchestrated a "brute force" attack
to identify the prefixes needed to to identify the prefixes needed to gain access to VoIP networksgain access to VoIP networks
Sold VoIP services cheapSold VoIP services cheap
16
Theft of ServiceTheft of Service
Attackers gain access to VoIP Attackers gain access to VoIP networksnetworks Security vulnerabilities in user’s Security vulnerabilities in user’s
softwaresoftware Sniffing user accounts and passwordsSniffing user accounts and passwords
Profitable attacksProfitable attacks Toll frauds, identity thefts etc.Toll frauds, identity thefts etc.
17
Spam over Internet Spam over Internet Telephony (SPIT)Telephony (SPIT)
““where there's a channel, there's a where there's a channel, there's a pitchman”pitchman”
Pierce Reid, Qovia VP marketing Pierce Reid, Qovia VP marketing
Mass advertisements over PSTN Mass advertisements over PSTN complex & costlycomplex & costly
18
Spam over Internet Spam over Internet Telephony (SPIT)Telephony (SPIT)
VoIP merges IT & PSTNVoIP merges IT & PSTN Easily accessible & cheapEasily accessible & cheap unwanted voice messages will clog unwanted voice messages will clog
voice mailvoice mail Spam tools such as blacklists etc Spam tools such as blacklists etc
useless against SPITuseless against SPIT Session hijackingSession hijacking
Video conferences can be hijacked Video conferences can be hijacked and advertisements shown insteadand advertisements shown instead
Similarly voice conversations Similarly voice conversations disrupted by advertisementsdisrupted by advertisements
19
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of VoIPResearch and development of VoIP ConclusionsConclusions
20
PGPfone HistoryPGPfone History
Released in 1995Released in 1995 Never gained popularity due to lack Never gained popularity due to lack
of interestof interest Broadband was not widespreadBroadband was not widespread Voice over IP was not popularVoice over IP was not popular
Intended more for point-to-point Intended more for point-to-point modem connectionsmodem connections
21
PGPfone MotivationsPGPfone Motivations Zimmermann believes in a right Zimmermann believes in a right
to privacy provided by the to privacy provided by the ConstitutionConstitution
Released in response to 1994 Released in response to 1994 Digital Telephony lawDigital Telephony law ““mandated that phone companies mandated that phone companies
install remote wiretapping ports in install remote wiretapping ports in their central office digital switches”their central office digital switches”
Says that while warrants were still Says that while warrants were still necessary, a shift in policy could necessary, a shift in policy could lead to privacy violationslead to privacy violations
NSA program to monitor without NSA program to monitor without warrantswarrants
22
PGPfone DetailsPGPfone Details
Uses Diffie-Hellman for key Uses Diffie-Hellman for key generationgeneration Keys generated from random prime Keys generated from random prime
numbersnumbers Uses TripleDES, Blowfish, or Uses TripleDES, Blowfish, or
CAST as ciphersCAST as ciphers Symmetric for speedSymmetric for speed Run in counter modeRun in counter mode
Diffie-Hellman has vulnerability to Diffie-Hellman has vulnerability to man-in-the-middle attacksman-in-the-middle attacks Solved by using Short Authentication Solved by using Short Authentication
StringsStrings
23
Secure Real-Time Secure Real-Time Transfer ProtocolTransfer Protocol
Published in RFC 3711 in March Published in RFC 3711 in March 20042004
Goal to create secure version of Goal to create secure version of Real-Time Transfer ProtocolReal-Time Transfer Protocol Ensure confidentiality and integrity Ensure confidentiality and integrity
of RTP packetsof RTP packets Provides “a framework that Provides “a framework that
permits upgrading”permits upgrading” Allows protocol to upgrade to more Allows protocol to upgrade to more
secure ciphers in the futuresecure ciphers in the future
24
Secure Real-Time Secure Real-Time Transfer ProtocolTransfer Protocol
Key exchange is entirely defined in the Key exchange is entirely defined in the RFCRFC Uses master key to generate keysUses master key to generate keys Number of keys generated by one master Number of keys generated by one master
key is up to the userkey is up to the user Number of packets encrypted by one key Number of packets encrypted by one key
can be setcan be set Default cipher is Advanced Encryption Default cipher is Advanced Encryption
Standard (AES)Standard (AES) Runs in counter mode by defaultRuns in counter mode by default
Keyed-Hashing for Message Keyed-Hashing for Message Authentication-Secure Hash Algorithm Authentication-Secure Hash Algorithm (HMAC-SHA1) used to ensure (HMAC-SHA1) used to ensure message authenticitymessage authenticity
25
ZRTPZRTP Created by Phil ZimmermannCreated by Phil Zimmermann Title of RFC is “Extensions to RTP for Title of RFC is “Extensions to RTP for
Diffie-Hellman Key Agreement for Diffie-Hellman Key Agreement for SRTP”SRTP”
Features:Features: Similar to PGPfone, but updated to run Similar to PGPfone, but updated to run
on top of new standards (RTP, SIP)on top of new standards (RTP, SIP) Backwards compatible with standard Backwards compatible with standard
RTPRTP Does not rely on public key Does not rely on public key
infrastructure (PKI)infrastructure (PKI) Foils man-in-the-middle attacks in Foils man-in-the-middle attacks in
similar fashion to PGPfonesimilar fashion to PGPfone Adds “shared secret” for added Adds “shared secret” for added
protectionprotection
26
ZfoneZfone Also written by Phil ZimmermannAlso written by Phil Zimmermann Implementation of ZRTPImplementation of ZRTP ““Lets you turn your existing VoIP Lets you turn your existing VoIP
client into a secure phone”client into a secure phone” Simply intercepts and filters RTP Simply intercepts and filters RTP
packetspackets If Zfone is not running on both sides it If Zfone is not running on both sides it
will simply revert to standard RTPwill simply revert to standard RTP GUI to let you know if current call is GUI to let you know if current call is
securesecure SDK to license for developers to SDK to license for developers to
integrate ZRTP into their applicationsintegrate ZRTP into their applications
27
SkypeSkype Closed source and closed Closed source and closed
specificationspecification Tom Berson's security analysisTom Berson's security analysis
Was allowed uninhibited access to the Was allowed uninhibited access to the code and the engineerscode and the engineers
Findings:Findings: Skype uses only standard encryption Skype uses only standard encryption
techniquestechniques All techniques are properly implementedAll techniques are properly implemented Uses a central server as public key Uses a central server as public key
infrastructure to authenticate messagesinfrastructure to authenticate messages No backdoors or malwareNo backdoors or malware
28
Skype ConcernsSkype Concerns Closed does not always mean safeClosed does not always mean safe
Have to trust Skype when they say their Have to trust Skype when they say their software is securesoftware is secure
Single person, company sponsored Single person, company sponsored analysisanalysis Closed protocol makes it difficult to Closed protocol makes it difficult to
verifyverify Small Chinese company claims to Small Chinese company claims to
have broken protocolhave broken protocol Will release software that connects to Will release software that connects to
Skype network soonSkype network soon
29
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of Research and development of
VoIPVoIP ConclusionsConclusions
30
Research and Research and Development in VoIP Development in VoIP
SecuritySecurity VoIP security is still a big question in VoIP security is still a big question in
the servicethe service Many improvements are still Many improvements are still
possiblepossible Collective effort needed by Collective effort needed by
government, academia, and private government, academia, and private companiescompanies
31
The 1The 1stst IEEE Workshop IEEE Workshop on VoIP Management on VoIP Management and Security (2006)and Security (2006)
Open workshop for researchers from Open workshop for researchers from any sector to improve state of any sector to improve state of security of VoIPsecurity of VoIP
Projects to cover:Projects to cover: Locating SIP usersLocating SIP users Monitoring VoIP networksMonitoring VoIP networks Intrusion Detection for VoIPIntrusion Detection for VoIP
32
Lightweight Scheme for Lightweight Scheme for Locating Users: Locating Users: Goal/MotivationGoal/Motivation
Group of Georgia Tech Researchers (CoC)Group of Georgia Tech Researchers (CoC) Most important challenge in VoIP:Most important challenge in VoIP:
Locate communicating parties via internet Locate communicating parties via internet in secure and reliable wayin secure and reliable way
Session Initialization Protocol (SIP) users Session Initialization Protocol (SIP) users are at risk because this technology is are at risk because this technology is weak to attacksweak to attacks
Mainly, the Integrity of the mapping from Mainly, the Integrity of the mapping from SIP to contact address is criticalSIP to contact address is critical
33
Is Session Initialization Is Session Initialization Protocol (SIP) Safe?Protocol (SIP) Safe?
1) Terminal registers its contact address
2) Address stored in location services
3) During call initialization, caller finds server in DNS table
4) Callee’s server query location services for Address
(1)
34
Lightweight Scheme for Lightweight Scheme for Locating Users: Proposed Locating Users: Proposed
SolutionSolution Don’t use registrar servicesDon’t use registrar services Let SIP phone sign their own contact Let SIP phone sign their own contact
address bindings on behalf of their address bindings on behalf of their usersusers
Verify identity through public keysVerify identity through public keys Have modified SIP infrastructure to Have modified SIP infrastructure to
distribute public keysdistribute public keys
35
Solution Scheme to Solution Scheme to Interchange Public Interchange Public
KeysKeys•Initial Key exchange between 2 users
•After the key exchange, communication follows through secure channel
•This is only needed once
(1)
36
Monitoring VoIP Monitoring VoIP Networks: Networks:
Goal/MotivationGoal/Motivation Researchers from NEC JapanResearchers from NEC Japan Goal: VoIP carriers should identify Goal: VoIP carriers should identify
and separate legal from illegal trafficand separate legal from illegal traffic Motivation: Stop SPAM over Internet Motivation: Stop SPAM over Internet
Telephony (SPIT) from using Telephony (SPIT) from using network resourcesnetwork resources
Result: Prototype implemented to Result: Prototype implemented to monitor traffic from Skype, SIP monitor traffic from Skype, SIP phones, Netmeetingphones, Netmeeting
37
Monitoring VoIP Monitoring VoIP Networks: Proposed Networks: Proposed Scheme/PrototypeScheme/Prototype
1.1. Add time stamp to packets Add time stamp to packets and measure sizeand measure size
2.2. Extract statistical data Extract statistical data from the flow (I.e. payload)from the flow (I.e. payload)
3.3. Verification to check Verification to check eavesdroppingeavesdropping
4.4. Compare packet against Compare packet against known threatsknown threats
5.5. Repeat the process and Repeat the process and control the flowcontrol the flow
(2)
38
Intrusion Detection and Intrusion Detection and Prevention on SIP: Prevention on SIP:
Goal/motivationGoal/motivation Researchers from University of Pisa Researchers from University of Pisa and and Switzerland.Switzerland.
Goal: Use the same principles of Goal: Use the same principles of network intrusion detection to network intrusion detection to provide security to VoIP networksprovide security to VoIP networks
Motivation: Threats will move to VoIPMotivation: Threats will move to VoIP Results: Working prototype using Results: Working prototype using
SnortSnort
39
Intrusion Detection and Intrusion Detection and Prevention on SIP: Prevention on SIP:
PrototypePrototype
Tested Tested successfully successfully against a against a brute force brute force generatorgenerator
(3)
40
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of VoIPResearch and development of VoIP ConclusionsConclusions
41
ConclusionConclusion
Great effort to secure VOIP networksGreat effort to secure VOIP networks Leadership efforts by companies and Leadership efforts by companies and
universitiesuniversities Ideas both old and revolutionaryIdeas both old and revolutionary
One solution: encryptionOne solution: encryption SpeedSpeed New, effective algorithms like ZRTPNew, effective algorithms like ZRTP
Technology caught everybody by surpriseTechnology caught everybody by surprise Encouraging future for VOIPEncouraging future for VOIP
42
ReferencesReferences(1) (1) Kong, L., Balasubramaniyan, V.B., and Ahamad, M. "A lightweight scheme for Kong, L., Balasubramaniyan, V.B., and Ahamad, M. "A lightweight scheme for
securely and reliably locating SIP users." IEEE Xplore. Georgia Tech Lib., Atlanta, securely and reliably locating SIP users." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.
(2) (2) Okabe, T., Kitamura, T., and Shizuno, T. "Statistical traffic identification method Okabe, T., Kitamura, T., and Shizuno, T. "Statistical traffic identification method based on flow-level behavior for fair VoIP service." IEEE Xplore. Georgia Tech Lib., based on flow-level behavior for fair VoIP service." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.
(3) (3) Niccolini, S. et al. "SIP intrusion detection and prevention: recommendations and Niccolini, S. et al. "SIP intrusion detection and prevention: recommendations and prototype implementation." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July prototype implementation." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.
(4) Zimmermann, Philip R. (4) Zimmermann, Philip R. PGPfone Owner’s ManualPGPfone Owner’s Manual. 8 July 1996. Phil’s Pretty Good . 8 July 1996. Phil’s Pretty Good Software. 13 July 2006. Software. 13 July 2006. <ftp://ftp.pgpi.org/pub/pgp/pgpfone/manual/pgpfone10b7.pdf>.<ftp://ftp.pgpi.org/pub/pgp/pgpfone/manual/pgpfone10b7.pdf>.
(5) Baugher, M., et al. (5) Baugher, M., et al. The Secure Real-time Protocol (SRTP)The Secure Real-time Protocol (SRTP). March 2004. The Internet . March 2004. The Internet Society. 13 July 2006. <http://tools.ietf.org/html/3711>.Society. 13 July 2006. <http://tools.ietf.org/html/3711>.
(6) ---, et al. (6) ---, et al. ZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTPZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTP. 5 . 5 March 2006. The Internet Society. 13 July 2006. <http://www.ietf.org/internet-March 2006. The Internet Society. 13 July 2006. <http://www.ietf.org/internet-drafts/draft-zimmermann-avt-zrtp-01.txt>.drafts/draft-zimmermann-avt-zrtp-01.txt>.
(7) (7) Zfone Home PageZfone Home Page. Phil Zimmermann & Associates. LLC 13 July 2006. . Phil Zimmermann & Associates. LLC 13 July 2006. <http://www.philzimmermann.com/EN/zfone/index.html>.<http://www.philzimmermann.com/EN/zfone/index.html>.
(8) Kuhn, D. Richard, Thomas J. Walsh, Steffen Fries. United States. National Institute of (8) Kuhn, D. Richard, Thomas J. Walsh, Steffen Fries. United States. National Institute of Standards and Technology, Technology Administration, Department of Commerce. Standards and Technology, Technology Administration, Department of Commerce. Security Considerations for Voice Over IP SystemsSecurity Considerations for Voice Over IP Systems. Gaithersburg, MD: NIST, 2005. . Gaithersburg, MD: NIST, 2005.
43
Questions?Questions?