Experiences of using a secure VoIP user agent on PDAs

Experiences of using a secure VoIP user agent on PDAs

Johan Bilien ([email protected])Erik Eliasson

([email protected]) Jon-Olov Vatn ([email protected])

Royal Institute of Technology (KTH)

Stockholm, Sweden

Wi-Fi Voice, Paris,25-28 May 2004 Experiences of using a secure VoIP user agent o

n PDAs Bilien, Eliasson, Vatn

of 20

Secure VoIP on PDAs HP iPAQ h5550

Built-in WLAN and Bluetooth

Built-in microphone and speaker can be used

Add-on camera SIP User Agent (UA)

Minisip (www.minisip.org)

Security enhancements



of 20

Securing public (mobile) IP telephony

Security scope WLAN link (potentially

with WPA) Only first/last hop Enforce access control

Mobile VPN solutions Good for communication

within an organization Public communication

(end-to-end security) Secure telephony

between two arbitrary parties

AP

a.org

GW

b.org

[email protected]

AP

[email protected]

GW

Internet

These are complementary techniques. We focus on public communication.



of 20

What security does VoIP provide to a user?

• Is she really talking to Bob?

• Is charging being done correctly?

• Can incoming calls be blocked selectively (avoiding spamming)?

• Can Trudy listen to our call?

• Can Trudy find out who Alice calls (or who is calling Alice)?

• Can Trudy detect where Alice is (location privacy)?

• Can Alice make anonymous calls?

Alice (a user) associates the term secure VoIP with properties such as:



of 20

End-to-end security: which layer? Network layer: IPSEC / IKE

NAT/firewall traversal problem Requires strong interaction between

the application and the operating system

Application layer: SRTP / MIKEY Transparent to the lower layers Very few implementations yet

(but we have one!) Optimized for media protection



of 20

Secure RTP IETF standard (RFC 3711, March 2004) Secures RTP and RTCP streams, by

adding: Encryption (AES used in stream cipher mode) Integrity (HMAC-SHA1) Low overhead



of 20

Multimedia Internet KEYing

IETF draft – approved by the IESG Mutual authentication and key exchange for

secure multimedia exchange Requires only one round-trip Embedded in session establishment (SIP,

RTSP) Three alternative authentication modes:

Shared key Public key encryption Signed Diffie-Hellman



of 20

VoIP architecure: Internet Internet calls

Entities: User agents

Alice and Bob SIP servers (proxies)

Register current location Forward Invite messages

DNS servers SRV Records (SIP)

Certificate authorities (CAs) Needed if certificate-based

authentication is desired

AP

a.org

[email protected]

AP

[email protected]

Internet

a.org

CA DNSSIP

a.org

b.org

CADNSSIP

Media



of 20

VoIP architecure: Internet PSTN calls

SIP/PSTN provider PSTN-GW Security

No security support no confidentiality at all

Security support confidentiality over Internet

RoutingDoes not route IP-IP for free need two SIP

servers/identities

AP

[email protected]

012-45678

Internet

a.org

c.com

GWDNSSIPCA

PSTN

SIP/PSTN provider

a.org

CA DNSSIP

[email protected]

Possiblysecure



of 20

VoIP architecure:Intermediate solution

No security at SIP/PSTN provider

Add B2B UA at Alice’s organization (a.org)

a.org can add security support to B2B UA Partial security of PSTN-calls

End-to-end security for Internet Internet calls

AP

012-45678

Internet

a.org

c.com

GWDNSSIPPSTN

SIP/PSTN

a.org

CA DNSSIP

[email protected]([email protected])

B2B

provider

AP

[email protected]

Secure



of 20

Minisip SIP User Agent Open Source (GPL)

Security implementation open for review!

Released April 5 2004 www.minisip.org ~350 downloads

(as of May 6 2004) Distributed as:

Source code RedHat RPM-package Debian .deb-package Microsoft Windows

version to come

Source modules MIKEY

First published implementation

SIP SDP SRTP/RTP STUN (NAT traversal) Sound I/O



of 20

Platforms Minisip runs on:

HP iPAQ h5550 (or similar) and PC hardware

Linux operating system (Familiar Linux recommended on iPAQs, www.handhelds.org)

Microsoft Windows (CE) support required for large scale PDA tests



of 20

Implementation Developed in C++ Written in separate modules that

can be used by other applications Portability

GUI and Sound IO is not (yet) ported to Microsoft Windows and Windows CE

Dependencies OpenSSL (various security functions) GUI: Qt or GTK on Linux



of 20

Campus environment IEEE 802.11b coverage, no link-layer security SIP soft-phones (minisip)

Laptops with USB headsets, GNU/Linux HP iPAQ h5550, Familiar Linux

SIP servers SIP Express Router (www.iptel.org) Asterisk for outgoing PSTN calls (www.asterisk.org)

SIP/PSTN provider – Digisip (www.digisip.com) DNS (BIND), PKI (OpenSSL)



of 20

Public Key Trust Models Current model

SIP phones store root CA certificates

Root CAs certify SIP providers (no name subordination)

SIP providers certify their users (Common Name = SIP URI)

Future models Top-down

Similar to the current model, but with name subordination

Could utilize DNSSEC Up-Cross-Down

Less dependent on external CAs Who should certify the users?

[email protected]

a.org

CA CA CA

CA

Root Certificate Authorities

[email protected]

b.orgCA

Rootcertificates

Rootcertificates



of 20

Secure VoIP first experiences: DelaysNo significant delays: At call establishment: in the worst case roughly

100 ms (Diffie-Hellman) on an average PC*1

No additional round-trip Pre-computation of some parameters

For the media processing: throughput of 20 Mbit/s on an average PC*2

Fast encryption scheme Can be used on small devices

*1: see J. Bilien et al. ”Call establishment delay for secure VoIP”, WiOpt’04, Cambridge UK, March 2004*2: see I. Caballero ”Secure Mobile VoIP”, Master Thesis, KTH, Stockholm Sweden, June 2003



of 20

Secure VoIP first experiences:User interaction Secure call policies:

Opportunistic or required? Very few secure UAs No secure PSTN gateway The UA should be able to fall back on non-secure calls

Certificate management is not user-friendly Hard certificates (e.g. SIM card) Will users ignore security alerts?

Accept unsecure calls? (Opportunistic – policy matter) Accept/install non-verified certificates? (Potentially scary!)



of 20

Secure VoIP first experiences:User interaction [2]

Incoming call management: Authentication allows incoming call management

policies Unsolicited calls can be blocked (white-lists) How to establish the first contact? What user interface should be used to enter these

policies? CPL? User interface representation of “security”

Messages, symbols, color indicators in the GUI Hands-free (e.g. USB headset) to enable screen

interaction Sound signals, vibration



of 20

Experiences not related tosecurity

HP iPAQ h5550 Battery time concerns

Hibernation state not possible (can not receive calls) We are currently not using WLAN power-save mode

Possible to utilize iPAQ buttons and buzzer Good audio quality (better than GSM phone)

Campus WLAN environment Web-login mechanism to block unauthorized

users Cumbersome interaction using PDAs Losing connectivity when moving have to login



of 20

Future work Security

Secure PSTN gatewayMIKEY/SRTP may require dedicated hardware support

MIKEY re-keying effects on media stream Secure Session Mobility PKI trust models

Push-To-Talk Video media stream Large scale tests on students using iPAQs with

Microsoft Windows CE supported by HP donation UPnP support for NAT traversal complementing

STUN

Experiences of using a secure VoIP user agent on PDAs

Documents

Transcript of Experiences of using a secure VoIP user agent on PDAs