1 Secure VoIP: call establishment and media protection Johan Bilien, Erik Eliasson, Joachim Orrblad, Jon-Olov Vatn Telecommunication Systems Laboratory.

Slides:

Advertisements

Similar presentations

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.

Advertisements

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.

MIKEY Capability Discovery Seokung Yoon (Korea Information Security Agency) draft-seokung-msec-mikey-capability-discovery-00.txt.

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

Experiences of using a secure VoIP user agent on PDAs Johan Bilien Erik Eliasson Jon-Olov Vatn

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

VoIP Voice Over IP Group 1: Mero Avanessian Tenghan Jiang Wendy Tran.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

Security at the Network Layer: IPSec

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.

Session Initiation Protocol (SIP) By: Zhixin Chen.

Modeling the SIP proxy using Promela Jong Yul Kim December 21, 2009.

SIP Security Matt Hsu.

Fredrik Lindholm 52st IETF Meeting 1Key management extensions Key Management Extensions for SDP and RTSP.

1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky.

VoIP - Implementing Trunk for PSTN Switch and VoIP Gateway An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Streaming Media Protocols Jani Hautakorpi Henry Pohan.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

Early Media in SIP: Problem Statement, Requirements, and Analysis of Solutions draft-barnes-sip-em-ps-req-sol Richard Barnes BBN Technologies IETF 68,

Host Identity Protocol

DTMF & Universal User Key Input Skip Cave InterVoice-Brite Inc.

Session Initiation Protocol Team Members: Manjiri Ayyar Pallavi Murudkar Sriusha Kottalanka Vamsi Ambati Girish Satya LeeAnn Tam.

Protocols Suite By: Aleksandr Gidenko. What is H.323? H.323 is a multimedia conferencing protocol for voice, video and data over IP-based networks that.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

Presented By Team Netgeeks SIP Session Initiation Protocol.

Karlstad University IP security Ge Zhang

Countermeasures of Spam over Internet Telephony in SIP.edu Campuses with MySQL and LDAP Support Speaker: Chang-Yu Wu Adviser: Dr. Quincy Wu School: National.

ZRTP: Media Path Key Agreement for Unicast Secure RTP April 2011, RFC 6189 Author(s): P. Zimmermann, A. Johnston, J. Callas Speaker :Ted 1.

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

IETF70, Vancouver, December 2007draft-wing-sipping-srtp-key-021 Disclosing Secure RTP (SRTP) Session Keys draft-wing-sipping-srtp-key-02 Dan Wing,

Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum

RTP – Real-time Transport Protocol Elbert Tsay, Brad Bargabus, Patrick Lim, Henry Quach The Five Packeteers (minus 1  )

1 SIP Requirements for SRTP Keying Dan Wing IETF 66 v4.

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 SIP Performance Benchmarking draft-poretsky-sip-bench-term-04.txt draft-poretsky-bmwg-sip-bench-meth-02.txt BMWG, IETF-70 Vancouver Dec 2007 Davids IIT.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Interactive Connectivity Establishment : ICE

Information-Centric Networks Section # 9.3: Clean Slate Instructor: George Xylomenos Department: Informatics.

1 Media Session Authorization Dan Wing draft-wing-session-auth-00.txt.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

The Session Initiation Protocol - SIP

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

User Application Control (Keypress Events) SIPPING WG - IETF 53 Robert Fairlie-Cuninghame, Bert Culpepper, Jean-François Mulé.

Analysis of SIP security Ashwini Sanap ( ) Deepti Agashe ( )

S Postgraduate Course in Radio Communications. Application Layer Mobility in WLAN Antti Keurulainen,

Securing Access to Data Using IPsec Josh Jones Cosc352.

SHIP: Performance Reference: “SHIP mobility management hybrid SIP-HIP scheme” So, J.Y.H.; Jidong Wang; Jones, D.; Sixth International Conference on

SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.

Protocols and the TCP/IP Suite Overview and Discussion

Session Initiation Protocol (SIP)

Presentation transcript:

1 Secure VoIP: call establishment and media protection Johan Bilien, Erik Eliasson, Joachim Orrblad, Jon-Olov Vatn Telecommunication Systems Laboratory Royal Institute of Technology (KTH) Stockholm, Sweden

2 Protecting the signaling –encryption and integrity protection –hop-by-hop –protection of privacy Protecting the media –encryption and integrity protection –end-to-end –at network (IPSec ESP) or application layer (SRTP) Authenticated Key Exchange (AKE) –provides key to protect the media –allows callee policies, such as filtering of spam Requirements for secure VoIP UA P P

3 AKE for Secure VoIP Which protocol? –IKE (RFC 2409) widely deployed and acknowledged –MIKEY (RFC 3830) specifically designed for protection of multimedia services MIKEY profile defined for SRTP How to combine the AKE and the SIP signaling? –“out-of-band”, performed in additional messages, or –integrated, carried in the SIP messages

4 Performance metrics Ringing delay (RD) –from sending the INVITE to receiving the ringing notification –includes caller authentication Media clipping (MC) –media transmission is hindered by ongoing cryptographic processing Ghost ringing –the caller cancels the call after the callee started ringing INVITE 180 Ringing RD 200 OK RTP MC

5 IKE and SIP signaling IKE performed “out of band” SIP preconditions (RFC 3312) extended for IKE setup INVITE / IPSec required UPDATE IKE 183 Session in progress 200 OK (UPDATE) 200 OK (INVITE)

6 MIKEY and SIP signaling MIKEY integrated with SIP / SDP Without reliable provisional responses –Processing of the MIKEY response in the 200 OK creates media clipping INVITE / MIKEY Init 200 OK / MIKEY Response With reliable provisional responses –The MIKEY response is sent reliably in a provisional response –The security association is complete before the 200 OK is sent, thus avoiding media clipping 200 OK INVITE / MIKEY Init 183 / MIKEY Response PRACK

7 Implementation Signaling protection using TLS Media protection –SRTP AKE using MIKEY in the SDP offer-answer –IPSEC – ESP AKE using MIKEY in a separate MIME payload proposed MIKEY profile for ESP No reliable provisional response Open source (LGPL and GPL)

8 Secure call setup - delays Bob Alice INVITE/MIKEY Init Invite processing SIP Processing MIKEY verify, Policy check Callee Transmit Clipping Create MIKEY Reply Session key gen. (Update IPSec DBs) Packetization delay Ringing delay Create MIKEY Init SIP processing Caller Transmit Clipping: SIP Processing MIKEY verify, policy check Session key gen. (Update IPSec DBs) Packetization Delay Bob 180 Ringing 200 OK/MIKEY Reply DIAL OFF HOOK a2 a3 a4 a1 b1 RTP Media b2 b3 Caller Reception Clipping

9 Measurements

10 Conclusions and future work In all the measured cases, the ringing delay is not significant for a human person (~ 75 ms) The key exchange for SRTP results in a short transmit clipping on both sides (~170 ms) The use of IPSec results in a major media clipping on both sides (~ 800 ms). We believe this to be a Linux IPSec implementation issue. Adding support for reliable provisional responses, to carry the MIKEY response, would cancel those clippings. We recommend the use of SRTP for media protection, TLS for signaling protection, and an authenticated key exchange based on MIKEY.