voip security
play

VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network - PowerPoint PPT Presentation

Sep 08, 2023 •581 likes •941 views

VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 *Thanks to Prof. Angelos Keromytis for materials for these lecture slides. CSE545 - Advanced Network Security - Professor McDaniel Page 1 Example of

  1. VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 *Thanks to Prof. Angelos Keromytis for materials for these lecture slides. CSE545 - Advanced Network Security - Professor McDaniel Page 1

  2. Example of toll fraud attack • Break into company PBX ‣ use them to route calls of your customers ‣ this has actually happened http://www.theregister.co.uk/2006/06/08/voip_fraudsters_nabbed/ http://www.theregister.co.uk/2009/02/11/fugitive_voip_hacker_arrested/ “ Federal authorities yesterday arrested a Miami man who they said made more than $1 million in a hacking scheme involving the resale of Internet telephone service.” “In all, more than 15 Internet phone companies, including the one in Newark, were left having to pay as much as $300,000 each in connection fees for routing the phone traffic to other carriers without receiving any revenue for the calls, prosecutors said.” Systems and Internet Infrastructure Security Laboratory (SIIS) Page 2

  3. What is VoIP/IMS? • Protocol(s) for voice communication over IP-based infrastructures ‣ use of the Internet itself is dependent on operator • Voice over IP: catch-all term for numerous kinds of media ‣ Generally applied to voice and conference oriented products and services, e.g., Skype • IP Multimedia Subsystem : industry standard for IP-based multimedia communications ‣ Video, ‣ Calendaring/scheduling ‣ File-sharing ‣ Collaborative editing, ... 2 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 3

  4. VoIP in the marketplace • Basis for many products/services ‣ commercial: Vonage, 3, T -Mobile/UMA, T -Mobile@Home, ... ‣ free/semi-free: Skype, GTalk, MSN, Yahoo! IM, AIM, Gizmo, ... • Both enterprise- and consumer-oriented ‣ management simplification ‣ cost reduction • Various architectural models ‣ centralized vs. P2P ‣ open vs. closed Systems and Internet Infrastructure Security Laboratory (SIIS) Page 4

  5. Useful Terms • codec - coder/decoder ‣ Program (not format) used to process media-specific data • SDP - session description protocol ‣ Standard for describing media session parameters Systems and Internet Infrastructure Security Laboratory (SIIS) Page 5

  6. VoIP Protocols • Signaling • Dominant mechanisms ‣ Responsible for call setup and ‣ Session Initiation Protocol (SIP) management ‣ Unlicensed Mobile Access (UMA) ‣ Architectural and operational ‣ Others: Skype, Asterisk, GTalk/ components AIM ... • Principal/endpoint naming, IP ‣ Useful terms mapping, proxying, billing, ‣ codec - “coder/decoder” program access control, device (not format) used to process configuration/management, media-specific data customer support, QoS ‣ SDP - session description protocol is • Data transport a standard for describing media ‣ Codecs, transport protocols session parameters (typically RTP), QoS, content security signaling Systems and Internet Infrastructure Security Laboratory (SIIS) Page 6

  7. Session Initiation Protocol (SIP) • IETF Standardized signaling for IMS ( among others ) ‣ Similar to HTTP ‣ Text-based ‣ Request/response structure ‣ Stateful - highly complex state machine ‣ TCP or UDP (port 5060) • Devices ‣ End-points (soft phones or hardware devices) ‣ Proxy servers (local services acting on behalf of phone) ‣ Registrars (local point to register with network) ‣ Redirect servers (redirects calls) ‣ Location server (VoIP HLR) Systems and Internet Infrastructure Security Laboratory (SIIS) Page 7

  8. SIP Flow Systems and Internet Infrastructure Security Laboratory (SIIS) Page 8

  9. SIP/RTP Call progress 1. Locate endpoint* [SIP] 2. Establish call [SIP] 3. Data Transfer [RTP] 4. Hangup [SIP] *not shown Systems and Internet Infrastructure Security Laboratory (SIIS) Page 9

  10. Call forwarding Systems and Internet Infrastructure Security Laboratory (SIIS) Page 10

  11. SIP Call Flow Systems and Internet Infrastructure Security Laboratory (SIIS) Page 11

  12. Real-time Transport Protocol (RTP) • RTP is a pair of protocols designed to support applications with latency and jitter constraints ‣ Supports the tightly controlled delivery of stream data, ‣ E.g., require some hard or soft QoS (quality of service) • Protocols using ephemeral ports (1025-65535) ‣ RTCP (Real-Time Control Protocol) provides signaling between peers that measures and adjusts session to compensate for changing conditions ‣ RTP - the data channel that delivers the data • SDP sometimes used to describe the session requirements, as negotiated through SIP • Standards support a range of codecs, e.g., RFC 3016 .., Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12

  13. In reality... • Much “hidden” shared infrastructure ‣ DNS, web, NAT, TFTP , DHCP/PPPoE, Int/DiffServ, firewalls,... • Emergent properties ‣ example: web-based UI poisoning through SIP-field manipulation • Live aspect makes problems harder ‣ e.g., how can we filter voice spam based on content? 2 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 13

  14. SIP Security • Largely the ad hoc application of existing general-purpose security mechanisms ‣ Authentication uses HTTP-style digest authentication ‣ TLS - when TCP is used ‣ S/MIME - used to encode/secure payloads ‣ IPsec - can be used to secure any protocols run over IP ‣ Secure Real-time Transport Protocol (SRTP) - crypto extensions to protect real-time sessions, e.g., encrypt the voice channel • Implication : security largely pushed on infrastructure Systems and Internet Infrastructure Security Laboratory (SIIS) Page 14

  15. SIP authentication 2 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 15

  16. Unlicensed Mobile Access (UMA) • Route GSM calls over the Internet (or a public network) ‣ (usually) transparent handover between GSM and UMA • Popular with cellphone providers ‣ T -Mobile USA, Orange France, ... • Benefits ‣ reduce need to install expensive cell towers / upgrade capacity ‣ reduce spectrum needs / utilization ‣ improve “reception” in difficult locations ‣ depending on billing, avoid roaming charges (think international!) • Not to be confused with pico-/micro-/femto-cells 2 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 16

  17. UMA deployment Source: http://www.umatechnology.org/ 2 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 17

  18. UMA details • Encapsulation of GSM/3G inside IP ‣ complete frame, minus the on-the-air crypto ‣ can transfer voice, IM and (in the future) video • Typically, devices are WiFi-supporting cellphones ‣ not strictly necessary, e.g., T -Mobile@Home in USA • GSM frames are not natively protected ‣ A5/2 is anyway weak (i.e., broken) 2 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 18

  19. UMA Security • Handset-to-provider IPsec ‣ Strong crypto and integrity protection ‣ Key management (IKE, IKEv2) is a different story altogether ‣ Authentication done via EAP-SIM (based on shared secret) • The key management protocol (IKE/IKEv2) is complex ‣ Perhaps “too big” to be trusted ‣ More importantly, easy to misconfigure • not as big a problem in a tightly managed environments (cellphones) • but, UMA+smartphones spells trouble • Provider must interface internal network with Internet ‣ higher risk of compromise by external attackers ‣ large numbers of potentially malicious insiders Systems and Internet Infrastructure Security Laboratory (SIIS) Page 19

  20. Threat in VoIP systems • Everyone thinks of the traditional C/I/A threats • Loss of communication confidentiality and privacy (C) ‣ traffic analysis, content privacy • Loss of communication integrity (I) ‣ impersonation (inbound, outgoing calls), modification of content, falsification of call records • Loss of communication availability (A) ‣ accidental or intentional denial of service (DoS) Systems and Internet Infrastructure Security Laboratory (SIIS) Page 20

  21. Unique VoIP characteristics • Elaborate billing infrastructure in place • Users are used to paying for telephony services • Most charges are for relatively small amounts • Large number of charges per billing cycle ‣ unlikely that small unauthorized charge will be noticed or challenged • Phone infrastructure is “trusted” by average user ‣ perception carried over from PSTN ‣ not grounded on facts or experience Systems and Internet Infrastructure Security Laboratory (SIIS) Page 21

  22. VoIP-Specific Threats and Risks • Theft of service , e.g., toll fraud, billing fraud • Social engineering , e.g., phishing/spear-phishing • Direct charge-back , e.g., immediate monetization • Risks ‣ Some in common with other types of systems (software vulnerabilities) ‣ Some are very specific to IMS (protocol vulnerabilities) ‣ Some are common, but are amplified by some IMS feature, e.g., large-scale phishing through impersonation or call hijacking • Q: are these substantially different than in cell networks? Systems and Internet Infrastructure Security Laboratory (SIIS) Page 22

  23. VoIP/IMS risk vectors • Variety of risk vectors ‣ some in common with other types of systems • software vulnerabilities ‣ some are very specific to IMS • protocol vulnerabilities ‣ some are common, but are amplified by some IMS feature • large-scale phishing through impersonation or call hijacking 2 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

VoIP Security Title : Something Old (H.323), Something New (IAX), Something Hallow ( Security ),

VoIP Security Title : Something Old (H.323), Something New (IAX), Something Hallow ( Security ),

VoIP Security Title : Something Old (H.323), Something New (IAX), Something Hallow ( Security ), & Something Blue (VoIP Administrators) BlackHat 2007 Presented by: Himanshu Dwivedi (hdwivedi@isecpartners.com) Zane Lackey

768 views • 58 slides
SCAP for VoIP Automating Configuration Compliance 6 th Annual IT Security Automation Conference

SCAP for VoIP Automating Configuration Compliance 6 th Annual IT Security Automation Conference

SCAP for VoIP Automating Configuration Compliance 6 th Annual IT Security Automation Conference Presentation Overview 1. The Business Challenge 2. Securing Voice over IP Networks 3. The ISA VoIP Security Project 4. Next Steps With SCAP 5. Summary

388 views • 23 slides
What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for

What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for

Welcome to Business Matters Todays topic: What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for Voice over Internet Protocol - Phone service through your Internet connection 2 Components of

510 views • 29 slides
Security in VoIP Systems Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla Security in VoIP

Security in VoIP Systems Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla Security in VoIP

Security in VoIP Systems Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla Security in VoIP Systems 1 Background: the PSTN Cell Cell POTS POTS Subscriber To wer Subscriber Subscriber POTS Qwest Trunk Line Verizon Subscriber

801 views • 57 slides
Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP

Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP

Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP (voice over IP) is an IP telephony term for a set of facilities used to manage the delivery of voice information over the Internet. A major advantage of

1.26k views • 5 slides
Viproy VoIP Penetration and Exploitation Toolkit Fatih zavc Security Consultant @ Sense of

Viproy VoIP Penetration and Exploitation Toolkit Fatih zavc Security Consultant @ Sense of

Viproy VoIP Penetration and Exploitation Toolkit Fatih zavc Security Consultant @ Sense of Security (Australia) # whois Security Consultant @ Sense of Security (Australia) 10+ Years Experience in Penetration Testing 800+

494 views • 21 slides
Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1

Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1

Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1 PRI Gateway Dedicated VoIP-ISDN PRI Gateway Plug-n-Play device VoIP access device for an existing PBX PRI trunking for an

404 views • 27 slides
VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite components VoIP switch - SIP softswitch based on VoIP switch Opensips significantly re-developed by 5g 5g Future. Future Dynamic or static routing - a

156 views • 11 slides
A Holistic Approach to Open-Source VoIP Security Preliminary results from the EUX2010Sec

A Holistic Approach to Open-Source VoIP Security Preliminary results from the EUX2010Sec

www.nr.no A Holistic Approach to Open-Source VoIP Security Preliminary results from the EUX2010Sec project Lothar Fritsch, Arne-Kristian Groven, and Lars Strand Cancun, Mexico March 2009 Overview Goal The EUX2010Sec project

490 views • 19 slides
Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE,

Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE,

Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE, NCTU Quincy Wu Email: solomon@ipv6.club.tw 1 Outline Introduction Voice over IP RTP & SIP NTP VoIP Platform Conclusion

1.02k views • 64 slides
VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely,

VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely,

VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely, 15.-16. January 2009 VoIP? PSTN: 100 year old technology, 99.999% uptime, call anyone anytime can VoIP offer that today? VoIP next

479 views • 15 slides
Introduction (1 of 2) An Empirical Evaluation of VoIP Playout Buffer Dimensioning in VoIP

Introduction (1 of 2) An Empirical Evaluation of VoIP Playout Buffer Dimensioning in VoIP

4/3/2015 Introduction (1 of 2) An Empirical Evaluation of VoIP Playout Buffer Dimensioning in VoIP increasingly important Skype, Google Talk, and MSN Started with inexpensive use at home with friends and family Messenger Now businesses

631 views • 7 slides
Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel

Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel

Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel Jrgen Wurzer Institute of IT Security Research St. Plten University of Applied Sciences DeepSec 2010 November 25 th 2010 Mobile VoIP Steganography

528 views • 27 slides
SIP- -based Prepaid Mechanism based Prepaid Mechanism SIP on NTP VoIP Platform in on NTP VoIP

SIP- -based Prepaid Mechanism based Prepaid Mechanism SIP on NTP VoIP Platform in on NTP VoIP

LAB 117 & VoIP LAB SIP- -based Prepaid Mechanism based Prepaid Mechanism SIP on NTP VoIP Platform in on NTP VoIP Platform in Taiwan Taiwan 19th APAN Meeting in Bangkok, January 2005 Ines Sok-Ian Sou and Prof. Quincy Wu Dept. of

293 views • 27 slides
A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Tejmani Sinam, Irengbam Tilokchan Singh, Sukumar Nandi Pradeep Lamabam, Ngasham Nandarani Devi Department of Computer Science and Engineering,

231 views • 6 slides
CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY

CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY

CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY OPERATOR DATA MVNO OTTs Services that 100% guarantee reliable and lucrative partnerships lead to absolute success. premier global communications

331 views • 7 slides
Vancouver 2010 Olympics Lessons Learned: Cyber Robert Pitcher, Cyber Incident Handler

Vancouver 2010 Olympics Lessons Learned: Cyber Robert Pitcher, Cyber Incident Handler

Vancouver 2010 Olympics Lessons Learned: Cyber Robert Pitcher, Cyber Incident Handler robert.pitcher@ps.gc.ca Public Safety Canada FIRST Conference 15 June 2011 Agenda Canadian Cyber Incident Response Centre Roles and Responsibilities

408 views • 21 slides
Data Series January 8, 2015 Harris Silver, M MD Co-chair, Bernalillo County Opioid Abuse

Data Series January 8, 2015 Harris Silver, M MD Co-chair, Bernalillo County Opioid Abuse

2 nd Bernalillo County Opioid Abuse Accountability Summit Data Series January 8, 2015 Harris Silver, M MD Co-chair, Bernalillo County Opioid Abuse Accountability Initiative Total Overdose e Death Rates, Bernali lillo llo Co. & N

577 views • 21 slides
Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

The trade-off betw een energy consumption and dependability consumption and dependability Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology Gteborg, Sweden Trade-offs in Computer System Design

363 views • 22 slides
FAMILY Politicians, dictators, kings, phoney- because they wouldve freaked and gone baloney

FAMILY Politicians, dictators, kings, phoney- because they wouldve freaked and gone baloney

We must respect pect not only the abilitie ities and individ idual alitie ities of our gender der, , but also the enviro ironm nment nt in which h we live. . Our surround ndin ings gs give to us uncond ndit itiona nally. .

539 views • 29 slides
Development in the Civil Infrastructure Platform Yoshitake Kobayashi Embedded Linux Conference,

Development in the Civil Infrastructure Platform Yoshitake Kobayashi Embedded Linux Conference,

SLTS Kernel and Base-Layer Development in the Civil Infrastructure Platform Yoshitake Kobayashi Embedded Linux Conference, Portland, February 21-23, 2017 1 Our Civilization is Run by Linux 2

619 views • 43 slides
Critical Friends Panel 1 EQ Communications Who we are Housekeeping Agenda 2 Purpose

Critical Friends Panel 1 EQ Communications Who we are Housekeeping Agenda 2 Purpose

September 2018 Critical Friends Panel 1 EQ Communications Who we are Housekeeping Agenda 2 Purpose of today Provide you with Get your valued an update on what input into our weve been doing future stakeholder since we last

988 views • 53 slides
Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann Department of Informatics Technical University of Munich 28.10.2019 Adversarial Robustness of Machine Learning Models for Graphs S. Gnnemann Can you

669 views • 27 slides
Some recent results from ICARUS C. FARNESE INFN Padova On behalf of the ICARUS Collaboration

Some recent results from ICARUS C. FARNESE INFN Padova On behalf of the ICARUS Collaboration

Some recent results from ICARUS C. FARNESE INFN Padova On behalf of the ICARUS Collaboration NEUTRINO 2014 Boston 2-7 June 2014 The ICARUS Collaboration M. Antonello a , B. Baibussinov b , P. Benetti c , F. Boffelli c , A. Bubak l , E.

420 views • 19 slides

More recommend