Henning Schulzrinne Columbia University

Slides:

Advertisements

Similar presentations

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

Advertisements

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Colombo, Sri Lanka, 7-10 April 2009 Preferential Telecommunications Service Access Networks Lakshmi Raman, Senior Staff Engineer Intellectual Ventures.

Hart District Acceptable Use Policy Acceptable Use Policy.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

Security WG Areas of Interest FYI - Strawman Vancouver June 2001 Sprint PCS ®

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

ENUM Chris Wong Converging Services Branch International Training Program 7 September 2006.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Geneva, Switzerland, 2 June 2014 Study on Spoofed Call Detection and Prevention in 3GPP China Mobile ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland,

IT Expo SECURITY Scott Beer Director, Product Support Ingate

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

Protecting VoIP networks against denial of service and service theft Henning Schulzrinne with Gaston Ormazabal (Verizon) and IRT graduate students Dept.

Support Services & IP Multimedia Subsystem (IMS)

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Charlotte Greene EDTC 630 A document of set rules by the school district that explains what you can and cannot do with district owned information systems.

Larry Amiot Northwestern University Internet2 Commons Site Coordinator Training September 27, 2004 Austin, Texas Introduction to.

Presented By Team Netgeeks SIP Session Initiation Protocol.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Future ICT Landscapes – Security and Privacy Challenges & Requirements Simone Fischer-Hübner IVA Workshop, Stockholm 24th May 2012.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

RUCUS - IETF 71 1 Lessons Learned From IETF Antispam Work Jim Fenton.

Detection and Mitigation of Spam in IP Telephony Networks using Signaling Protocol Analysis MacIntosh, R Vinokurov, D Advances in Wired and Wireless Communication,

SIP-H.323 Interworking Group RRR-1 IETF-48 SIP-H.323 Interworking Requirements draft-agrawal-sip-h323-interworking-reqs-00.txt Hemant.

Emergency Context Resolution with Internet Technologies BOF (ecrit) Jon Peterson, Hannes Tschofenig BOF Chairs.

17 February 2016 SIPPING - IEPREP Joint Meeting Fred Baker - IEPREP co-chair Rohan Mahy - SIPPING co-chair.

Internet Telephony Oct WHAT is our desired outcome for IP telephony standardization? Two angles –Specific standards.

The Session Initiation Protocol - SIP

Marion County Public Schools Acceptable Use Guidelines for Network Access.

Legal & Ethical Responsibilities HEALTH SCIENCE. Objectives ■ Understand and know legal actions concerning : malpractice, negligence, assault and battery,

Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.

سمینار تخصصی What is PSTN ? (public switched telephone network) تیرماه 1395.

Application Layer Functionality and Protocols Abdul Hadi Alaidi

VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.

Acceptable Use Policy.

IP Telephony (VoIP).

THIS IS THE WAY ENUM Variants Jim McEachern

COMPUTER SECURITY CONCEPTS

IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx

The study and demonstration on SIP security vulnerabilities

Session Initiation Protocol (SIP)

Information and Network Security

Net 431: ADVANCED COMPUTER NETWORKS

Internet Safety and Acceptable Use Policies.

Thoughts on VoIP and Emergency Calling

Jean-François Mulé CableLabs

Cyber Issues Facing Medical Practice Managers

Hannes Tschofenig Henning Schulzrinne M. Shanmugam

Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.

Accelerating IMS Deployment

INFORMATION SYSTEMS SECURITY and CONTROL

Cryptography and Network Security

دیواره ی آتش.

Ethical Principles of Psychologists and Code of Conduct

January doc.: IEEE xx/xxxx January 2006

DATABASE SECURITY For CSCL (BIM).

Ethical Use of Computers

IoTSec Taxonomy Proposal

LEGAL AND ETHICAL RESPONSIBILITIES IN HEALTH CARE.

SIP Basics Workshop Dennis Baron July 20, 2005.

LEGAL AND ETHICAL RESPONSIBILITIES IN HEALTH CARE

09 | Configuring Lync Online

STIR / SHAKEN for 911 use of SHAKEN 8/7/2019

Legal and Ethical Responsibilities

Presentation transcript:

Henning Schulzrinne Columbia University VoIP Security Henning Schulzrinne Columbia University November 2006 VoIPSec

Overview Taxonomy General network threats made worse Resources November 2006 VoIPSec

Services Call control Directory services Gateway service call establishment, reporting, mid-call service features, and teardown  SIP, proxies Directory services alias, user name, extension, E.164 number  URL (ENUM) Gateway service inter-work between two different types of networks, e.g., PSTN and VoIP  media gateways Network services DNS, TFTP, FTP, DHCP, HTTP, Telnet, RADIUS, and DIAMETER Session border control functions signaling and/or bearer traffic as it crosses a trust boundary November 2006 VoIPSec VoIPSA report

Multi-party freedom model People can move from role to role: Initiating contact Joining communication in progress Accepting contact Terminating communication in progress Refusing contact November 2006 VoIPSec

VoIP threat taxonomy November 2006 VoIPSec

User requirements and goals User is able to … … invite anyone … to join multiple parties … refuse an invite … drop out of a session … indicate consent for any and all contact and reporting … refuse consent for any and all contact and reporting … set policies for the user and all legally subordinate domains user is assured confidentiality and immunity for lawful communication November 2006 VoIPSec

Privacy and security The Privacy Concept = privilege of all people to have their communication systems and content free from unauthorized access, interruption, delay or modification consent of the person claiming privacy within the limits of the law Security = the right to protect privacy, a method of achieving privacy ways to keep communication systems and content free from unauthorized access, interruption, delay or modification November 2006 VoIPSec

Social threats: Misrepresentation Misrepresentation includes the delivery of information which is false as to the identity, authority or rights of another party or false as to the content of information communicated identity authority (false authentication) rights (false authorization) content (audio, video, text) Examples: false caller ID, organization, name voice masking and impersonation false presence information “phishing”, “vishing” social engineering (see ChoicePoint) false claim of government authority November 2006 VoIPSec

Social threats: Theft of services Theft of services is any unlawful taking of an economic benefit of a service provider by means intended to deprive the provider of lawful revenue or property. unauthorized deletion or altering of billing records unauthorized bypass of lawful billing systems unauthorized billing taking of service provider property Common in PSTN e.g., resale of services with delayed billing “blue boxes” November 2006 VoIPSec

Social threats: unwanted contact Unwanted contact is any contact that either bypasses prior affirmative consent (opt-in) or a refusal of consent (opt-out) Can be illegal (harassment, extortion, fraud) or just unwanted Harassment “Harassment is any form of unwanted communication which embarrasses, intimidates, vexes, annoys or threatens the receiver of the communication with actions which are improper under the law.” Extortion “Extortion is any act to induce another to do or refrain from any conduct or give up any freedom, right, benefit or property, under a threat of loss or harm to the person, their reputation, property or the health, safety, reputation or welfare of anyone they know.” November 2006 VoIPSec

Resources Security consideration sections in RFCs http://www.voipsa.org November 2006 VoIPSec