Secure Videoconferencing Today Jill Gemmill University of Alabama at Birmingham
Why is security for videoconferencing needed today? Some applications require privacy: Telemedicine: for patient comfort and HIPAA requirements Sensitive meetings: grant reviews; counter-terrorism planning The Internet is no longer a friendly place: any network connected system is a target for attacks.
What is meant by “videoconference security”? At a “gut level”, we might think of: No eavesdropping No denial of service or break-ins No “spamming” (video/voice from unwanted visitors) Making sure resources like MCU’s are used only by those authorized
Standards for Security: ITU X.800 and IETF RFC 2828 Authentication Access Control Data Confidentiality Data Integrity Nonrepudiation Availability Service
Standard Security Mechanisms ITU X.800 Encryption Digital Signature Access Control Data Integrity Authentication Exchange Traffic Padding Routing Control Notarization Trusted Functionality Security Label Event Detection Security Audit Trail Security Recovery Non-trivial
“Legacy” Videoconference Security (H.320) Used leased telephone line (ISDN) lines – you were buying your own private circuit No IP connection used Expensive “Nailed Down”, not reconfigurable.
Basic Security Concerns (H.323 and SIP) Remote management interfaces: use strong password for remote logins (Tandberg alone in offering SSL) Turn off streaming Disable FTP, HTML, Telnet and SNMP functions Disable Viavideo web interface by clearing password Watch for security patches and update systems immediately.
Downside of basic security…. Usually breaks ability for video support organization to monitor/manage your systems Makes it harder to update software (no FTP) Solution: put systems behind a firewall
Firewalls and NATs Found especially in medical centers Firewall: Blocks incoming network traffic Network Address Translator (NAT): Hides your network addresses so they can’t be reached from outside For videoconferencing, these protections become OBSTACLES to overcome (securely, of course!)
Encryption For total privacy, encryption is needed. All encryption methods are designed to protect data in transit, so that it is readable only at the source and destination Some encryption methods are tied to user authentication, so that you are assured of who the data came from and that it can be read only by the intended recipient
Encrypt End-to-End or per Link/Hop? End-to-End approach encrypts at source and decrypts at destination Good news: can’t be read in the middle Issue: routers need to read addresses. Data is secure, destination address is not. Per Link/Hop Encryption: decrypt/encrypt at router More time consuming (increases latency) Unencrypted data at router is vulnerable It is possible to use both approaches simultaneously Overhead includes increased bandwidth and latency *
Where to encrypt? Encryption managed by the application Encryption managed near transport layer Encryption managed in the network layer By design, each layer is unaware of what occurs at other layers Physical Layer (wires) Data Link (hardware address) NETWORK (IP) TRANSPORT (TCP/UDP) APPLICATIONS
Virtual Private Network (VPN) IPSec Capable of encrypting/authenticating ALL data at the IP layer Transparent to applications (no changes needed) Physical Layer (wires) Data Link (hardware address) NETWORK (IP) TRANSPORT (TCP/UDP) APPLICATIONS
Secure Socket Layer (SSL) Created and torn down on a per- session basis Frequently used on web servers – Transparent to the application Note: over TCP only Physical Layer (wires) NETWORK (IP) TRANSPORT APPLICATIONS TCPUDP SSL / TLS
Application Specific Encryption Examples S/MIME PGP Kerberos Video / Voice ???? Physical Layer (wires) NETWORK (IP) TRANSPORT (TCP/UDP) APPLICATIONS
Does the videoconferencing application do encryption? Not really Standards exist (next speakers) Not implemented in the market Certain vendors offer proprietary use of standard encryption algorithms and claim to have a “standards-based solution” BUT no inter-operability (Tandberg, VCON)
Encryption political issues Encryption software is slow; Encryption hardware is expensive and increases the cost of the product Encryption algorithms may be covered by patents and use requires licensing (eg: RSA) Encryption algorithms may be subject to export control (eg: DES)
Let’s Consider the videoconferencing application Hop to Hop Communication End-to-End Communication Model for both H.323 and SIP architectures
Things to notice in the model SIP Call Control is over TCP H.323 Call control is UDP at ends and TCP in the middle Media streamS – separate voice, video, data, etc. Perhaps two video streams (one in each direction) UDP precludes use of SSL
Review: Encryption can be done with IPSec, SSL or by Application No application-layer encryption for VC No SSL for VC due to UDP Guess that leaves IPSec and “clever hacks”
Let’s place the model in a university medical center Videoconferencing uses dynamic ports – BLOCKED Outside calls coming in – BLOCKED Willingness to reconfigure firewall - NONE
One approach to secure videoconferencing today “Secure Telemedicine Utilizing State-Wide Internet” NIH-SBIR Phase 1. Jim Chamberlain, AZ Technology. Julie Harper, Jill Gemmill UAB. Unencrypted here
Pros and Cons PRO Very inexpensive if you already own the firewall Relatively simple to install and operate Requires cooperation of firewall management CON Requires remote VC station that can load VPN client software Suitable for fixed point to point only Requires cooperation of firewall management VC station must be able to send VPN IP address, not its own
Another approach: a pair of departmentally managed VPN’s
Pros and Cons PRO Can be installed at departmental level Works with “appliance” VC units like Polycoms CON VC units must be able to send VPN IP address as reply address rather than their own Added expense of firewall/VPN units Fixed locations only
IP Freedom Solution Encryption Module Announced & due in market shortly Works with SIP and H.323 Call Servers
Pros and Cons PRO Extremely easy to install; no need to contact network staff Flexible connectivity Available as an I2 Commons service Transparent to end users Works for both SIP and H.323 Client software is free Supports mobile users CON Expensive Encryption module : more expensive Licensing is based on number of concurrent users; number shrinks with bandwidth used, and encryption Proprietary technology (but only need one!) “Clever hack”
Other gotcha’s If your campus has a bandwidth manager (Packeteer-type device) your VC multimedia may be mistaken for annoying video/music and have its bandwidth limited Result – can degrade or terminate VC session
Action Items ? Collect “Best Practices” for Secure Videoconferencing? Feedback to I2/federal agencies on importance of Application-layer security for video/voice applications Other ?
Acknowledgments “ViDe.Net: Middleware for Scalable Video Services for Research and Higher Education” NSF ANI (Gemmill, Chatterjee, Johnson) “Alabama Internet2 Middleware Initiative”, NSF EPSCoR, EPS via UA ) (Shealy, Gemmill) “Secure Telemedicine Utilizing State-Wide Internet” NIH-SBIR Phase 1. Jim Chamberlain, AZ Technology. Julie Harper, Jill Gemmill UAB. Any opinions, findings or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.