Download presentation
Presentation is loading. Please wait.
1
VoIP Security Assessment: Methods and Tools H. Abdelnur, V. Cridlig, R. State and O. Festor {abdelnur,cridligv,state,festor}@loria.fr Madynes, LORIA-INRIA Lorraine, FRANCE VoIP MaSe 2006, 3rd April 2006, Vancouver, Canada
2
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 2 Content Motivation for Fuzzy Packet tool Background Software capabilities and design Attack scenarii on VoIP communications Future works
3
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 3 Motivation and requirements Assessing the security of a SIP architecture –Anticipate future security threats on VoIP deployement –Highlight current weaknesses –Find some workarounds to limit these threats Requirements –High-level scenarii –Low-Level features –Extensibility Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
4
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 4 Background Session Initiation Protocol (SIP) –Main architectural components SIP Servers –SIP proxy –Redirect Server –Registrar Server SIP endpoints –SIP also requires A DNS server A location service –Concerned messages REGISTER INVITE Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
5
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 5 Fuzzy Packet capabilities Features –Interpret/Generate messages (like SIP messages) Fuzziness (buffer overflow detection, user enumeration, bug detection in SIP state machine implementations, break common phone call patterns...) –Play/Generate RTP packets –Capture/Injection of packets Address spoofing –Packets filtering Feature combination => attack scenario Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
6
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 6 Fuzzy Packet plugin system Plugin resolver –Manages XML nodes from a scenario –Forwards command to the right plugins –XML Nodes from different plugins can be embedded Plugins examples –Rtp-play –Sniff –Inject Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
7
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 7 Attack scenarii on VoIP communications Type of scenarii experimented –Brute force credentials discovery –RTP play-out –SIP-based phone call eavesdropping –SIP-based phone call hijacking Description of scenarii –Easy and extensible XML language Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
8
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 8 SIP registration attempt SIP message generator Randomization Dictionnary User enumeration Fields generated From: Login Password Call-ID Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
9
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 9 Packet injection scenario Phase 1 –Generates ethernet field values –Generates IP layer field values (src/dest IP address) –Generates transport layer (src/dest port) Phase 2 –Encapsulates inside the packet a previously generated SIP message Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
10
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 10 Learning private information Simulating the behavior of a regular SIP client –Sniffing/injecting packets The scenario allows –To learn from the register server responses Does the user exist ? Is the password correct ? Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
11
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 11 Media codec discovery Two approaches –Listening SIP messages carrying the information INVITE SIP message OK SIP message –Brute force Try different codecs Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
12
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 12 SIP call play-out Man-in-the middle attack –Physically –ARP spoofing Eavesdropping sniffer –Packet interception RTP play-out spoofer –Packet interception –Sequence number modification –Packet injection calling called Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
13
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 13 Conclusion and future works Conclusion –Fuzzy packet is a tool that allows easy packet handling: capture, injection, fuzziness –Experimental scenarii focused on SIP Future works –Improve fuzzy packet Provide both XML and Python API to build plugins and scenarii Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
14
3rd April 2006VoIP MaSe, VoIP Signaling Security, Vancouver, Canada 14 Thanks ! Any questions ? Motivation For Fuzzy Packet Tool Background Software Capabilities and design Attack scenarii on VoIP Future works
Similar presentations
