A look at security of Voice over IP protocols

27 September, 2000 1Lucent Technologies - Proprietary

A look at security

of Voice over IP protocols

Irene GasskoLucent Technologies

Bell LaboratoriesSecure Technologies Department

[email protected] (978)960-5767


Initial incentives

• Features that customer demands• Money-making services• Market penetration• Cost savings

• Security is NOT on the list


Security and Reliability of PSTN

Old days

• Party lines• Unreliable• Low quality• In-band signaling• Vulnerable to

attack• Service theft

Nowadays

• Privacy• Reliability• Quality of Service• Out-of-band

signaling• Hardened• Multiple services


1890

1990


Voice over IP

back to Old days

• Party lines• Unreliable• Low quality• In-band signaling• Add network

vulnerabilities

Nowadays

• Privacy• Reliability• Quality of Service• Out-of-band

signaling• Hardened• Multiple services


Considerations

• Whom or what do we want to protect?• What are the threats we want to protect

against?• What vulnerabilities are known and what

are suggested fixes?• Cost of security versus cost of vulnerability.• System is as secure as its weakest link.• Adding new applications or upgrading

existing ones can break existing security.


Breaking points

• Algorithms• Protocols

Impersonation, chosen protocol attack, connection hijacking, ...

• ImplementationsBuffer overflows, race conditions, power and timing

analysis, ...

• Interactions of several productsExample: Excel, IE and E-mail reader vulnerability

• How to ensure that all implementations are broken?


VoIP Standards

• ITU-T H.323 suite• ETSI TIPHON • IETF SIP

also

• MEGACO• IPSec• TLS• etc


H.323

• H.235 Security and encryption for H-Series (H.323 and other H.245-based) multimedia terminals:

• No privacy for control traffic• No integrity protection for data streams• Vulnerabilities in the protocols: Flooding,

Man-in-the-Middle, session highjacking, etc.• No cryptographic algorithms mandated

or recommended therefore compliant non-interoperable implementations are possible.


TIPHON

• No privacy for control traffic• No integrity and authentication protection

for data streams • For signature and key encryption only one

algorithm is required (RSA), nothing else is even recommended

• Unsafe adaptation of ISO 9798-3 authentication mechanism.

• Patch-up approach to security instead of built-in


Denial of Service

• Bandwidth hogging– QoS mechanisms– Feedback by backchannel

• Useless computation– Karn-Simpson method– Puzzle methodology

• Memory depletion– Policies


SIP

• HTTP-like protocol• Text based• Easier to program

However• Control signaling only• Less capabilities • Needs to interoperate with H.323


Security of SIP

• An attempt to incorporate security from scratch

• Privacy protection of control messages• Some protection against traffic analysis• Many vulnerabilities in the first versions• Denial of service• Weak and inefficient authentication• Too many applications


SIP applications

• Instant messaging• Common Gateway Interface • Java applets • Java Mobile Agents• Simple Object Access Protocol (SOAP) • Network-capable appliances• Other


Appliance networking protocols

• Bluetooth• Jini• WAP• CAL• HAVi• UPnP• OSGi


Initial Deployment of the Telephone NetworkOverhead Wires at Broadway and John Street,

New York, 1890


Conclusions

• Use time-tested public algorithms and protocols

• Follow established secure design guidelines

• Involve security experts from day one• Limit functionality• Audit for vulnerability at each level• Divide and conquer


Password derivation vulnerability• H.235, section 10.3.2 authentication

exchange• Based on ISO/IEC 9798-2 standard• Password derivation:

– size(Password)=N, Key=password– size(Password)<N, Key is padded by zeroes– size(Password)>N, all “extra” password octets are

repeatedly folded into Key by XORing

• If N=7 and password is AmericaAmerica then we get an all-zero key.

A look at security of Voice over IP protocols

Documents

Transcript of A look at security of Voice over IP protocols