2005/8/2

VoIP Security Threat Analysis

Saverio Niccolini, Jrgen Quittek, Marcus Brunner, Martin Stiemerling (NEC, Network Laboratories, Heidelberg)

Introduction
Security attacks taxonomy
Denial of Service (DoS) attacks Abuse of service attacks Interception and modification attacks

Threats

confidentiality: it refers to the fact that the information is accessible only to those authorized to have access integrity: it refers to the validity of data availability: it refers to the expectation of availability and quality of resources

Denial of Service (DoS) attacks

SIP-specific

Denial of Service (DoS) attacks

SIP-specific
SIP malformed methods / buffer overflow

one single message can stop the server/client from working properly
poor implementations (lot of them unfortunately)

SIP methods flooding

will keep the SIP server busy / make it crashing

not responding to registration updates clients not able to place calls preventing mobility

SIP random messages

can keep busy/crash SIP server depending on FSM implementation (already at low rates) because of high number of checks

Denial of Service (DoS) attacks

Session Hijacking (using SIP methods)
After INVITE message, a 301 Moved Permanently message would hijack the call towards whoever the attacker decides (himself of another client)
SIP Proxy
INVITE

SIP Client-B
INV ITE
301 Mo ved Pe rmanen tly

SIP Client-A

INVIT E

Attacker

The attacker messages cancel a pending request with the same Call-ID, TO, From, and Cseq fields

Internet Telephony Security: DoS attacks

Session Tear down (not limited to SIP clients, but also to SIP servers)

SIP Proxy

INVITE

INV ITE

SIP Client-B
/B YE CA NC EL

SIP Client-A Attacker

The attacker messages cancel a pending request with the same Call-ID, TO, From, and Cseq fields

Denial of Service (DoS) attacks

RTP/RTCP-specific DoS attacks

Denial of Service (DoS) attacks

RTP/RTCP-specific DoS attacks
RTCP BYE, not in sync with the Signaling protocol

Forging Reception Reports

Reporting more Packet Loss Report more Jitter

Result: The Signaling protocol is not aware that there is no exchange of voice samples any more

Result: usage of a poor quality codec with an adaptive system Result: usage of a poor quality codec with an adaptive system

Denial of Service (DoS) attacks

General DoS attacks

Abuse of service attacks

Abuse of service attacks

Identity Theft
Registering address instead of other (if requires authentication might use another type of attack)
SIP Registrar

SIP Client-B
ITE INV

INVITE SIP Client-B

SI P nt-B Clie

I am user B and here is my IP Address

SIP Client-A

Attacker

SPAM over Internet Telephony (SPIT)

Same thread as with email (hundreds of calls just with publicity messages, the phone is ringing all day, etc.) SIP allows field forging (like with email) Problem increase with respect to traditional telephony
Cheaper call rates than traditional telephony Flexibility of receiving calls from anywhere from anybody in the world

Consequences are worse than with email

SIP voice call interrupts user immediately And SIP is not voice only, but applies to Instant Messaging, and Presence too Mailboxes become full over night
less means to distinguish spam and ham

NEC Network Laboratories: Patent on SPIT avoidance submitted on June 2005

Interception and modification attacks

Denial of Service (DoS) attacks

RTP play-out
Same SSRC, higher sequence number, higher timestamp
Result: The fake content will be played before the real one
This means that from now on we will be able to play what ever we wish to this side of the conversation since all the next transmissions of the other side will look old to the receiving party

Call Eavesdropping
Capturing RTP flows
Since RTP identifies the codec being used (statically) or either using a dynamic identified codec it is easy to reconstruct the voice sampling (even in real time) Result: listen/record conversations Result: listen DTMF tones to steal passwords and PINs

Need to be in the middle?

It is not very difficult to get in the middle, and WLAN technology simplifies you the job
DNS (modify entries to point all traffic to a hacker's machine) DHCP (make all traffic go to hackers machine as default gateway, or change DNS entry to point at hacker's machine so all names resolve to hacker's IP address) ARP (reply with hacker's MAC address, gratuitous ARPs or regular ARP replies) Flood tables in switches to destroy existing MAC addr/port associations so all traffic is broadcast out every port, and then use ARP attacks Routing protocols (change routing such that traffic physically passes through a router/machine controlled by hacker) Spanning tree attacks to change layer 2 forwarding topology Physical insertion (e.g. PC with dual NIC cards, be it Ethernetbased or WLAN-based)

Existing security features within SIP Protocol

Encryption
it can prevent a malicious user to read the SIP signaling (or part of it) SIP signaling information can be used to launch an attack the encryption itself can not do anything against dictionary attacks guessing the fields Session tear-down (SIP-specific DoS attack) Session hijacking (SIP-specific DoS attack) Identity theft (Abuse of service attack) Replay attack (Abuse of service attack) Signaling spying (Interception and modification attack) hop-by-hop encryption end-to-end encryption
IPSec (protocol suite) SIPS (SIP using Transport Layer Security, TLS, RFC 2246 currently being update at v1.1) S/MIME (Secure/Multipurpose Internet Mail Extensions), RFC 2633

Encryption is useful for attacks like

Available solutions

Cons

consumes time, introduces another delay can introduce additional problems in NAT/FW traversal if no special means are adopted

Existing security features within SIP Protocol

Authentication (mostly used only with REGISTER and INVITE, if you are lucky) Can help to prevent the following set of attacks:
SIP signaling should be authenticated to deny access to not-authorized users Session tear-down (SIP-specific DoS attack) Session hijacking (SIP-specific DoS attack) SIP/SDP malformed methods (SIP-specific DoS attack) SIP messages causing buffer overflow (SIP-specific DoS attack) SIP methods flooding (SIP-specific DoS attack) Identity theft (Abuse of service attack) Replay attack (Abuse of service attack) Proxy impersonation (Abuse of service attack) Bypassing refused consent (Abuse of service attack) Improper access to services (Abuse of service attack) Client to Server
Digest authentication, RFC 2617 S/MIME IPSec SIPS (works only in the trapezoid scheme)

Available solutions

Server to Server

Cons

require trust relationship like a shared secret there is no dynamic key exchange protocol established solution

Existing security features within SIP Protocol

Identity framework in SIP

draft-ietf-sip-identity-05
each domain authenticate its own users
HTTP digest authentication each client maintains a persistent TLS connection to the server (the client verifies the server identity using TLS) and make a digest exchange over TLS

the domain itself can assert the identity of the sender with a signature when relying the message from that user to another domain

Existing security features within RTP/RTCP Protocol

Encryption and authentication
Secure Real Time Protocol (SRTP), RFC 3711 (not widely adopted yet)

Provides a framework for encryption and message authentication of RTP and RTCP streams Default cryptographic transforms and possible additions Has no pre-defined key management scheme It is compatible with MIKEY (Multimedia Internet KEYing), RFC 3830, Can help to prevent the following set of attacks:
does not need modifications when used with MIKEY RTP/RTCP session tear down (RTP/RTCP-specific DoS attack) RTP SSRC collision (RTP/RTCP-specific DoS attack) RTCP forged reception report (RTP/RTCP-specific DoS attack) Call content eavesdropping (Interception and modification attacks) RTP play-out (Interception and modification attacks)

IPSec

Cons

consumes time, introduces another delay can introduce additional problems with Lawful Interception (LI) if no special means are adopted

Additional security features

Pattern detection/prevention systems
the signatures or rules can be
deterministic models statistical models a combination of both

Anomaly detection/prevention systems Better parsing

auto-learning intelligence of SIP signaling of RTP/RTCP messages

Considerations on VoIP management

VoIP management is still in its infancy
Henning Schulzrinne, Columbia University, USA:
traditional management tools are of only limited help in this environment

which direction to take?

What about of VoIP Security management?

maybe it is not yet born needs different solutions from the VoIP management? if yes, which? which direction to take?

NEC Network Laboratories directions

On-going works VoIP Security applied to Session Border Controllers (SBCs)
Intrusion Detection/Prevention System SPAM prevention Lawful Interception

Future directions (starting in 2nd Half of 05) VoIP Security IPS (not limited to SBCs) VoIP management
client/server configuration is complex can P2P help?
are MIBs enough? what is possible here?

VoIP Security Management (servers need to be configured and queried from a security point of view)

maybe more on the client side than on the server side

Thank you! Questions?