/
Voice over IP (VoIP) security Voice over IP (VoIP) security

Voice over IP (VoIP) security - PowerPoint Presentation

celsa-spraggs
celsa-spraggs . @celsa-spraggs
Follow
409 views
Uploaded On 2017-10-13

Voice over IP (VoIP) security - PPT Presentation

Introduction Voice over IP and IP telephony Network convergence Telephone and IT PoE Power over Ethernet Mobility and Roaming Telco Switched gt Packet IP Closed world gt Open world ID: 595636

security sip attack attacker sip security attacker attack rtp authentication media voip signaling architecture layer attacks gateway http tls users session protocol

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Voice over IP (VoIP) security" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Voice over IP (VoIP) securitySlide2

Introduction

Voice over IP and IP telephony

Network convergence

Telephone and IT

PoE

(Power over Ethernet)

Mobility and Roaming

Telco

Switched -> Packet (IP)

Closed world -> Open world

Security

and privacy

IPhreakers

VoIP

vs

3GSlide3

Architecture

: protocols

Signaling

User location

Session

Setup

Negotiation

Modification

Closing

Transport

Encoding, transport, etc.Slide4

Architecture

: protocols

SIP

IETF - 5060/5061 (TLS) - “HTTP-like, all in one”

Proprietary extensions

Protocol becoming an architecture

“End-to-end” (between IP PBX)

Inter-AS MPLS VPNs

Transitive trust

IM extensions (SIMPLE)

H.323

Protocol family

H.235 (security), Q.931+H.245 (management), RTP, CODECs, etc.

ASN.1Slide5

Architecture

: protocols

RTP (Real Time Protocol)

5004/

udp

RTCP

No

QoS

/bandwidth management

Packet reordering

CODECs

old: G.711 (PSTN/POTS - 64Kb/s)

current: G.729 (8Kb/s)Slide6

Architecture

: systems

Systems

SIP ProxyCall Manager/IP PBXUser management and reporting (HTTP, etc)H.323: GK (GateKeeper)Authentication server (Radius)Billing servers (CDR/billing)DNS, TFTP, DHCP serversSlide7

Architecture

: systems

Voice Gateway (IP-PSTN)

Gateway Control ProtocolsSignaling: SS7 interfaceMedia Gateway ControllerControls the MG (Megaco/H.248)SIP interfaceSignaling GatewayInterface between MGC and SS7SCTP

- ISUP, Q.931

Transport

Media Gateway: audio conversionSlide8

Architecture

: firewall/VPN

Firewall

“Non-stateful” filtering“Stateful” filteringApplication layer filtering (ALGs)NAT / “firewall piercing”

(H.323 : 2xTCP, 4x dynamic UDP - 1719,1720)

(SIP : 5060/

udp

)

Encrypted VPN

SSL/TLS

IPsec

Where to encrypt (LAN-LAN, phone-phone, etc)?Slide9

VOIP

Threats

Denial of Service

ICMP FloodIP Spoofing Port Scans Land AttackIP Source Route

Evasdropping

or recording

In VOIP eavesdropping is a type of an attack, if an attacker able to

eavesdropp

a communication. Then he can launch different type of an attack like Man in the Middle attack etc.

Call Hijacking and Spoofing

Call Redirection

Voice SPAM (

Vishing

, Mailbox Stuffing, Unsolicited Calling)

Voicemail HackingSlide10

VOIP

Attacks

Signaling Layer Attacks

SIP Registration Hijacking

Impersonating a Server

SIP Message Modification

SIP Cancel / SIP BYE attack

SIP DOS attack

Media Layer Attacks

Eavesdropping

RTP insertion attack

SSRC collision attacksSlide11

Signaling Layer Attacks

SIP Registration attack

Attacker impersonates a valid UA to a registrar himself as a valid user agent. So attacker can

recieve

calls for a

legitmate

user.

Impersonating a Server

When an attacker impersonates a remote server and user agent request are served by the attacker machine.

SIP Message Modification

If an attacker launches a man in the middle attack and modify a message. Then attacker could lead the caller to connect to malicious system.

SIP CANCEL / SIP BYE

SIP Denial of Service

In SIP attacker creates a bogus request that contained a fake IP address and Via field in the SIP header contains the identity of the target host.Slide12

Media Layer

Attacks

Eavesdropping

SSRC collision

If an attacker

eavesdropp

the conversation and uses one’s peer SSRC to send RTP packet to other peer, it causes to terminate a session.Slide13

Security

Solutions

Two types of security solutions

End-to-End security

In SIP end points can ensure end-to-end security to those messages which proxy does not read, like SDP messages could

be

protectedusing

S/MIME.

Media is transferred directly, so end-to-end security is achieved by SRTP.

Hop-by-hop security

TLS, IPSec

TLS provide transport layer security over TCP. Normally SIP URI is in the form of

sip:abc@example.com

, but if we are using TLS then SIP URI will be

sips:abc@example.com

and signaling must be send encrypted.Slide14

Authentication

Authentication means to identify a person.

If we take SIP as signaling protocol in VOIP, it defines two mechanisms for authentication

HTTP digest authentication

• S/MIME

HTTP Digest Authentication

HTTP digests mechanisms used between users to proxies, users to

users

but not between proxies to proxies.

S/MIME

S/MIME uses X.509 certificates to authenticate end users in the

same

way that web browsers use them.Slide15

Media Encryption

In VOIP media is send directly between users using RTP. Encryption of media is achieved

by

IPSec

Secure

RTP (

SRTP)

It provides a framework for encryption and message authentication of RTP and RTCP.

Cipher

Algorithum

: AES

Authenitcation

is an optional feature.

SRTP uses Security Description for Media Streams (SDES)

algorithum

to negotiate session keys in SDP.

MIKKEY

Mikkey

provides its own authentication and integrity

mechanisim

.

Mikkey

messages carried in a SDP with a=key-mgmt

attritbute

.Slide16

There

are Specialized Hacking Tools

SIPScan

- enumerate SIP interfaces

TFTPBrute

- TFTP directory attacking

UDP and RTP Flooder -

DoS

tools

hping2 – TCP session flooding

Registration Hijacker - tool to take over H.323 session

SIVUS - SIP authentication and registration auditor

Vomit - RTP Playback

VOIP HOPPER – IP Phone

mimicing

tool

Dsniff

- various utilitarian tools (

macof

and

arpspoof

)

Wireshark

(Ethereal) /

tcpdump

- packet capture and protocol analysisSlide17

Thanks

You