Presentation is loading. Please wait.

Presentation is loading. Please wait.

Henning Schulzrinne Columbia University

Published byAmi Marshall Modified over 6 years ago

Similar presentations

Presentation on theme: "Henning Schulzrinne Columbia University"— Presentation transcript:

1 Henning Schulzrinne Columbia University
VoIP Security Henning Schulzrinne Columbia University November 2006 VoIPSec

2 Overview Taxonomy General network threats made worse Resources
November 2006 VoIPSec

3 Services Call control Directory services Gateway service
call establishment, reporting, mid-call service features, and teardown  SIP, proxies Directory services alias, user name, extension, E.164 number  URL (ENUM) Gateway service inter-work between two different types of networks, e.g., PSTN and VoIP  media gateways Network services DNS, TFTP, FTP, DHCP, HTTP, Telnet, RADIUS, and DIAMETER Session border control functions signaling and/or bearer traffic as it crosses a trust boundary November 2006 VoIPSec VoIPSA report

4 Multi-party freedom model
People can move from role to role: Initiating contact Joining communication in progress Accepting contact Terminating communication in progress Refusing contact November 2006 VoIPSec

5 VoIP threat taxonomy November 2006 VoIPSec

6 User requirements and goals
User is able to … … invite anyone … to join multiple parties … refuse an invite … drop out of a session … indicate consent for any and all contact and reporting … refuse consent for any and all contact and reporting … set policies for the user and all legally subordinate domains user is assured confidentiality and immunity for lawful communication November 2006 VoIPSec

7 Privacy and security The Privacy Concept = privilege of all people to have their communication systems and content free from unauthorized access, interruption, delay or modification consent of the person claiming privacy within the limits of the law Security = the right to protect privacy, a method of achieving privacy ways to keep communication systems and content free from unauthorized access, interruption, delay or modification November 2006 VoIPSec

8 Social threats: Misrepresentation
Misrepresentation includes the delivery of information which is false as to the identity, authority or rights of another party or false as to the content of information communicated identity authority (false authentication) rights (false authorization) content (audio, video, text) Examples: false caller ID, organization, name voice masking and impersonation false presence information “phishing”, “vishing” social engineering (see ChoicePoint) false claim of government authority November 2006 VoIPSec

9 Social threats: Theft of services
Theft of services is any unlawful taking of an economic benefit of a service provider by means intended to deprive the provider of lawful revenue or property. unauthorized deletion or altering of billing records unauthorized bypass of lawful billing systems unauthorized billing taking of service provider property Common in PSTN e.g., resale of services with delayed billing “blue boxes” November 2006 VoIPSec

10 Social threats: unwanted contact
Unwanted contact is any contact that either bypasses prior affirmative consent (opt-in) or a refusal of consent (opt-out) Can be illegal (harassment, extortion, fraud) or just unwanted Harassment “Harassment is any form of unwanted communication which embarrasses, intimidates, vexes, annoys or threatens the receiver of the communication with actions which are improper under the law.” Extortion “Extortion is any act to induce another to do or refrain from any conduct or give up any freedom, right, benefit or property, under a threat of loss or harm to the person, their reputation, property or the health, safety, reputation or welfare of anyone they know.” November 2006 VoIPSec

11 Resources Security consideration sections in RFCs
November 2006 VoIPSec

Download ppt "Henning Schulzrinne Columbia University"

Similar presentations

SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Colombo, Sri Lanka, 7-10 April 2009 Preferential Telecommunications Service Access Networks Lakshmi Raman, Senior Staff Engineer Intellectual Ventures.

Colombo, Sri Lanka, 7-10 April 2009 Preferential Telecommunications Service Access Networks Lakshmi Raman, Senior Staff Engineer Intellectual Ventures.
Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
Security WG Areas of Interest FYI - Strawman Vancouver June 2001 Sprint PCS ®

Security WG Areas of Interest FYI - Strawman Vancouver June 2001 Sprint PCS ®
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
ENUM Chris Wong Converging Services Branch International Training Program 7 September 2006.

ENUM Chris Wong Converging Services Branch International Training Program 7 September 2006.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Geneva, Switzerland, 2 June 2014 Study on Spoofed Call Detection and Prevention in 3GPP China Mobile ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland,

Geneva, Switzerland, 2 June 2014 Study on Spoofed Call Detection and Prevention in 3GPP China Mobile ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland,
IT Expo SECURITY Scott Beer Director, Product Support Ingate +1-613-963-0933.

IT Expo SECURITY Scott Beer Director, Product Support Ingate
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
ECRIT interim meeting - May 2005 1 Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.

ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
Protecting VoIP networks against denial of service and service theft Henning Schulzrinne with Gaston Ormazabal (Verizon) and IRT graduate students Dept.

Protecting VoIP networks against denial of service and service theft Henning Schulzrinne with Gaston Ormazabal (Verizon) and IRT graduate students Dept.
Support Services & IP Multimedia Subsystem (IMS)

Support Services & IP Multimedia Subsystem (IMS)
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Similar presentations

Ads by Google