Experiences of using a secure VoIP user agent on PDAs Johan Bilien Erik Eliasson Jon-Olov Vatn Royal Institute of Technology (KTH) Stockholm, Sweden

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 2 of 20 Secure VoIP on PDAs HP iPAQ h5550 Built-in WLAN and Bluetooth Built-in microphone and speaker can be used Add-on camera SIP User Agent (UA) Minisip ( Security enhancements

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 3 of 20 Securing public (mobile) IP telephony Security scope WLAN link (potentially with WPA) Only first/last hop Enforce access control Mobile VPN solutions Good for communication within an organization Public communication (end-to-end security) Secure telephony between two arbitrary parties AP a.org GW b.org AP GW Internet These are complementary techniques. We focus on public communication.

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 4 of 20 What security does VoIP provide to a user? Is she really talking to Bob? Is charging being done correctly? Can incoming calls be blocked selectively (avoiding spamming)? Can Trudy listen to our call? Can Trudy find out who Alice calls (or who is calling Alice)? Can Trudy detect where Alice is (location privacy)? Can Alice make anonymous calls? Alice (a user) associates the term secure VoIP with properties such as:

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 5 of 20 End-to-end security: which layer? Network layer: IPSEC / IKE NAT/firewall traversal problem Requires strong interaction between the application and the operating system Application layer: SRTP / MIKEY Transparent to the lower layers Very few implementations yet (but we have one!) Optimized for media protection

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 6 of 20 Secure RTP IETF standard (RFC 3711, March 2004) Secures RTP and RTCP streams, by adding: Encryption (AES used in stream cipher mode) Integrity (HMAC-SHA1) Low overhead

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 7 of 20 Multimedia Internet KEYing IETF draft – approved by the IESG Mutual authentication and key exchange for secure multimedia exchange Requires only one round-trip Embedded in session establishment (SIP, RTSP) Three alternative authentication modes: Shared key Public key encryption Signed Diffie-Hellman

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 8 of 20 VoIP architecure: Internet  Internet calls Entities: User agents Alice and Bob SIP servers (proxies) Register current location Forward Invite messages DNS servers SRV Records (SIP) Certificate authorities (CAs) Needed if certificate-based authentication is desired AP a.org AP Internet a.org CADNSSIP a.org b.org CADNSSIP Media

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 9 of 20 VoIP architecure: Internet  PSTN calls SIP/PSTN provider PSTN-GW Security No security support  no confidentiality at all Security support  confidentiality over Internet Routing Does not route IP-IP for free  need two SIP servers/identities AP Internet a.org c.com GWDNSSIPCA PSTN SIP/PSTN provider a.org CADNSSIP Possibly secure

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 10 of 20 VoIP architecure: Intermediate solution No security at SIP/PSTN provider Add B2B UA at Alice’s organization (a.org) a.org can add security support to B2B UA  Partial security of PSTN-calls End-to-end security for Internet  Internet calls AP Internet a.org c.com GWDNSSIP PSTN SIP/PSTN a.org CADNSSIP B2B provider AP Secure

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 11 of 20 Minisip SIP User Agent Open Source (GPL) Security implementation open for review! Released April ~350 downloads (as of May ) Distributed as: Source code RedHat RPM-package Debian.deb-package Microsoft Windows version to come Source modules MIKEY First published implementation SIP SDP SRTP/RTP STUN (NAT traversal) Sound I/O

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 12 of 20 Platforms Minisip runs on: HP iPAQ h5550 (or similar) and PC hardware Linux operating system (Familiar Linux recommended on iPAQs, Microsoft Windows (CE) support required for large scale PDA tests

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 13 of 20 Implementation Developed in C++ Written in separate modules that can be used by other applications Portability GUI and Sound IO is not (yet) ported to Microsoft Windows and Windows CE Dependencies OpenSSL (various security functions) GUI: Qt or GTK on Linux

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 14 of 20 Campus environment IEEE b coverage, no link-layer security SIP soft-phones (minisip) Laptops with USB headsets, GNU/Linux HP iPAQ h5550, Familiar Linux SIP servers SIP Express Router ( Asterisk for outgoing PSTN calls ( SIP/PSTN provider – Digisip ( DNS (BIND), PKI (OpenSSL)

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 15 of 20 Public Key Trust Models Current model SIP phones store root CA certificates Root CAs certify SIP providers (no name subordination) SIP providers certify their users (Common Name = SIP URI) Future models Top-down Similar to the current model, but with name subordination Could utilize DNSSEC Up-Cross-Down Less dependent on external CAs Who should certify the users? a.org CA Root Certificate Authorities b.org CA Root certificates

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 16 of 20 Secure VoIP first experiences: Delays No significant delays: At call establishment: in the worst case roughly 100 ms (Diffie-Hellman) on an average PC* 1 No additional round-trip Pre-computation of some parameters For the media processing: throughput of 20 Mbit/s on an average PC* 2 Fast encryption scheme  Can be used on small devices * 1 : see J. Bilien et al. ”Call establishment delay for secure VoIP”, WiOpt’04, Cambridge UK, March 2004 * 2 : see I. Caballero ”Secure Mobile VoIP”, Master Thesis, KTH, Stockholm Sweden, June 2003

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 17 of 20 Secure VoIP first experiences: User interaction Secure call policies: Opportunistic or required? Very few secure UAs No secure PSTN gateway The UA should be able to fall back on non-secure calls Certificate management is not user-friendly Hard certificates (e.g. SIM card) Will users ignore security alerts? Accept unsecure calls? (Opportunistic – policy matter) Accept/install non-verified certificates? (Potentially scary!)

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 18 of 20 Secure VoIP first experiences: User interaction [2] Incoming call management: Authentication allows incoming call management policies Unsolicited calls can be blocked (white-lists) How to establish the first contact? What user interface should be used to enter these policies? CPL? User interface representation of “security” Messages, symbols, color indicators in the GUI Hands-free (e.g. USB headset) to enable screen interaction Sound signals, vibration

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 19 of 20 Experiences not related to security HP iPAQ h5550 Battery time concerns Hibernation state not possible (can not receive calls) We are currently not using WLAN power-save mode Possible to utilize iPAQ buttons and buzzer Good audio quality (better than GSM phone) Campus WLAN environment Web-login mechanism to block unauthorized users Cumbersome interaction using PDAs Losing connectivity when moving  have to login

Wi-Fi Voice, Paris, May 2004 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn Page 20 of 20 Future work Security Secure PSTN gateway MIKEY/SRTP may require dedicated hardware support MIKEY re-keying effects on media stream Secure Session Mobility PKI trust models Push-To-Talk Video media stream Large scale tests on students using iPAQs with Microsoft Windows CE supported by HP donation UPnP support for NAT traversal complementing STUN