An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
Agenda SIP for Video conferencing Security Problems Authentication in SIP End-to-End Security (S/MIME) Hop-by-Hop Security (SIPS, TLS) Traversing NATs/Firewalls
SIP (The IETF Standard) Session Initiation Protocol is a signaling standard from IETF for real-time multimedia session establishment. Sessions can be voice, video or instant messaging and is described by SDP. Basic components: User Agent (UA): works on behalf of users to set up calls Proxy Servers (PS): keeps track of location of end-points Registrar: Each UA registers to inform current location and preferred reachability information SIP messages are ASCII text messages that are human readable.
SIP Operation Cgu.edu Proxy/registrar Unc.edu Proxy/registrar LS REGISTER sip:registrar.cgu.edu SIP/2.0 Via: SIP/2.0/UDP samirspc.cgu.edu:5060;branch=z9hG4bKnashds7 Max-Forwards: 70 To: Samir From: Samir ;tag= Call-ID: CSeq: 1826 REGISTER Contact: Expires: 7200 Content-Length: 0 INVITE SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8 Max-Forwards: 70 To: Samir From: Alice ;tag= Call-ID: a84b4c76e66710 CSeq: INVITE Contact: Content-Type: application/sdp Content-Length: 142
Security on the Internet Internet is open Anyone with Internet access may attack anyone else Increasing complexity and programmability leads to lots of bugs that can be exploited Packets can be dumped (or snooped) anywhere in the middle of the packet path What are you trying to secure? Authenticate – make sure you are connected to the correct person Privacy – no one else should hear/see media Integrity – No one should be able to change or manipulate packets that are legitimate Availability – subject to Denial of Service attacks
SIP Security Mechanisms End-to-end mechanisms Basic authentication Digest authentication (similar to HTTP digest) Message body encryption using S/MIME Hop-by-hop mechanisms Transport Layer Security (TLS) IP Security (IPSec) The SIPS URI schema
SIP Authentication SIP Client SIP Server REQUEST CHALLENGE Generate the Nonce value Nonce, realm Compute response = F(nonce, Username, password, realm) REQUEST Nonce, realm, Username, response Authenticate: compute F(nonce, username, password, realm) And compare with response F= MD5
SIP uses what is available today Privacy prevents unauthorized people from inspecting both signaling and media Can be solved using encryption Problems: encryption computationally expensive, need key exchange mechanisms, no PKI in place Protocol security is only a piece of the big picture; security of a system can be compromised by naïve implementation or poor administration Security of a single protocol does not help; all participating protocols have to be made secured
Hop-by-Hop Mechanisms Requires belief in transitive trust Immense computational stress on servers if public key is used Can deal with firewalls/NATs May cover entire signaling Mechanisms: Ipsec, TLS SIPS URI invokes hop-by-hop security
S/MIME Secure Multipurpose Internet Mail Extension is a security enhancement to the MIME Internet format standard, based on technology from RSA Data security. RFC 822 defined mail formats: header and body. Header uses From, To, Subject, Date followed by text (body). MIME provides new header field that provide information about the body of the message: content formats and transfer encoding Five header field are defined in MIME: MIME version, Content-type, Content-Transfer-Encoding, Content-ID, Content Description
S/MIME Capability Enveloped data: This consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients Signed data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. The content plus signature are then encoded with base64 encoding. Clear signed data: similar to above except that only the signed digest is encoded in base64. Content is sent in the clear. Signed and enveloped data: signed-only and encrypted-only data may be nested. Cryptographic algorithms: supports SHA-1, Digital Signature Standard (DSS), Diffie-Hellman key exchange, RSA encryption. Collectively it is a package pkcs7-mime.
Using S/MIME in SIP SIP messages carry MIME bodies. So one can encrypt them using S/MIME. However certain SIP intermediaries need to view and process certain headers in between. S/MIME certificates These certs are used to identify end-users rather than servers. Certificates asserts that the holder is identified by an end-user address user’s address of These certificates can be stored within UA on a virtual keyring. S/MIME key exchange Whenever the CMS SignedData message is used in S/MIME for SIP, it must contain the certificate bearing the public key necessary to verify the signature. UAC initiating S/MIME should structure the body as ‘multipart/signed’.
Traversing Firewalls/NATs Voice and Video over IP provides dynamic ports and addresses. Most firewalls use a static port-based rules to admit/deny traffic. FW solutions Use FW ALGs Use Firewall Control Protocol (FCP) developed by Midcom NATs – conserve IP address space by allowing transparent private/public addressing and reuse Problems:session-address indicated in signaling(SDP, addres-of- record) do not match NATed address. Solutions – get rid of NAT (IPV6), run ALGs, or use STUN.