Upload
hamdan-mahat
View
220
Download
0
Embed Size (px)
Citation preview
7/29/2019 ims04-giuhat-sipera
1/19
1Sipera Systems, Proprietary & Confidential
IMS Security and Protection
Micaela GiuhatVP Product Management
Sipera Systemsemail: [email protected]
7/29/2019 ims04-giuhat-sipera
2/19
2Sipera Systems, Proprietary & Confidential
Outline
Open system security
VoIP security requirements
Industry approach and strategies
IMS security requirements IMS vulnerabilities
Attack examples
Solution
Summary
7/29/2019 ims04-giuhat-sipera
3/19
3Sipera Systems, Proprietary & Confidential
Denial of Service Attacks Viruses SPYware Blended Attacks E-mail SPAM
Open Systems can be attacked
Internet
External
Web Servers
Internal
WebServers
E-mail ServersTraditional voice network
is closed system
VS
Internet which is open
Core Network
Bad Guys
7/29/2019 ims04-giuhat-sipera
4/19
4Sipera Systems, Proprietary & Confidential
The Internet Security Industry
Applications Protected
Web Apps
Database
Internet
External
Web Servers
Internal
WebServers
E-mail Servers
IDSFirewall
ButProblems still persist
Core Network
IPS
SPAM
Filter
Network SecurityLogs Correlation
7/29/2019 ims04-giuhat-sipera
5/19
5Sipera Systems, Proprietary & Confidential
Enter VoIP
Internet
External
Web Servers
Internal
WebServers
E-mail Servers
IDSFirewall
Communication Servers
IPS
SPAM
Filter
Network SecurityLogs Correlation
VoIP is different
Real time
Peer-to-peer
Protocol rich
Complex state machine
(several dozen states)
Feature rich (severalhundred services)
Separate signaling &
media planes
Low tolerance to false
positives & negatives
Core Network
7/29/2019 ims04-giuhat-sipera
6/19
6Sipera Systems, Proprietary & Confidential
Internet
External
Web Servers
Internal
WebServers
E-mail Servers
IPS
SPAM
Filter
Network SecurityLogs Correlation
IDSFirewall
Communication Servers
Current Industry Approach
Approach is unworkable:
1. Not real time
2. Cannot handle
encrypted traffic
3. Cant keep up with
new feature addition
Current Industry thinkingis to add VoIP sensibilitiesto all the existing securityboxes; Although nothing isactually available yet
Core Network
7/29/2019 ims04-giuhat-sipera
7/197Sipera Systems, Proprietary & Confidential
Hard to manage
Will not meet performancespecifications
Does not address multi vendor
Cannot keep up with new
features
Not available yet
Current Strategies
Core
switchPSTN GW
Guard
Security Agent
FW/ALG
Certs
IDS/IPS
Protect against
Windows OSvulnerabilities
Opens
pinholes
Authentication
Encryption
Scrub IP DoS/DDoS
Traffic
VoIP Traffic analysis
Signature/AnomalyFiltering
Event
Correlation
Remediation
ALG is
vulnerable
Cannot stop
Spoofed Caller IDs
Limited
signatures
May block
Good calls
7/29/2019 ims04-giuhat-sipera
8/198Sipera Systems, Proprietary & Confidential
Integrated, real time
VoIP security solution
that comprehensively
tackles all VoIP
vulnerabilities, both
Enterprise & Carrier
Internet
External
Web Servers
Internal
WebServers
E-mail Servers
IPS
SPAM
Filter
Network SecurityLogs Correlation
IDSFirewall
Communication Servers
Desired Approach
IP CommunicationsSecurity (IPCS) Solution
Core Network
7/29/2019 ims04-giuhat-sipera
9/199Sipera Systems, Proprietary & Confidential
Tolerance for False Negatives: Email Vs Voice
Security
Device
Email Server
Store Analyze Forward in near-real timeEmail Delivery Mode:E-mail may not
be extracted
Immediately;
can be deleted
fairly easily; low
annoyance level
False negative
Low volume
Email attack
Security
Device
Call delivered
in real time;
phone rings
constantly; high
annoyance levelCall Delivery Mode: Analyze Forward in real time
False negative
Call ServerLow volume
Voice attack
7/29/2019 ims04-giuhat-sipera
10/1910Sipera Systems, Proprietary & Confidential
Anti-SPAM
Firewall
Intrusion Prevention System
Denial of Service Prevention
Network Level Correlation
Intrusion Detection System
Typical Solution vs. Desired Solution
OS IP Web
OS IP Web
databaseIP Web
OS IP Web
OS IP Web database
VoIP
VoIP
VoIP
VoIP
VoIP
VoIPComprehensive
Integrated
Security Solution
for
Communications
Applications
(VoIP, IM, Video,
Multi-Media)
7/29/2019 ims04-giuhat-sipera
11/1911Sipera Systems, Proprietary & Confidential
Comprehensive IMS Security System
A Comprehensive IMS Security System must:
Prevent unauthorized usage
Protect end-user privacy Protect IMS infrastructure from attacks
Protect end-users from attacks
Handle voice SPAM
7/29/2019 ims04-giuhat-sipera
12/1912Sipera Systems, Proprietary & Confidential
Protection Techniques
Authentication (SIM)
Encryption (IPSec, TLS)
IMS Aware Firewall (Policy based filters:URL/IMSI/MSISDN/AP/IP white/black lists, etc)
IMS Intrusion Prevention (Call Stateful Deep packetinspection (IMS decode), Behavioral learning (finger
printing), Protocol fuzzing prevention, media filtering, etc.)
IMS SPAM Filter(User control,Behavioral learning (call patterns, trust scores),
Machine Call detection, etc.
IMS Network Level Security Management(Event correlation, Network Threat Protection )
Vulnerabilities
Unauthorized use PrivacyAttacks on
Infrastructure
Attacks on
End-usersIMS SPAM
Well Defined by 3GPP,
Addressed by Core
IMS infrastructure:
SIM, HSS, AAA, PDG
Not addressed
Security Aspects addressed in IMS
7/29/2019 ims04-giuhat-sipera
13/1913Sipera Systems, Proprietary & Confidential
IP Traffic
Characteristics
Non-Real time
Client - Server
Real time
IMS/SIP/H.248/RTP/MPEG aware
Call State & Service aware
Web Database VoIP IMS IP TV
Existing Internet
Security Solutions
Not addressed
TCP/UDP/ICMP/FTP/HTTP/SQL aware
Peer - Peer
User & Traffic Behavioral Learning
Security Aspects addressed in IMS
7/29/2019 ims04-giuhat-sipera
14/1914Sipera Systems, Proprietary & Confidential
IMS reference architecture
IP Transport (Access and Core)
AS HSS
P-CSCF
S-CSCF
BGCF
I-CSCFSLF
Charging
Functions
UE
Mw
Mw
Mr
Mg
Mj
Mi
Mp Mn
Gq
ISC Cx
Dx
Dh
Sh
Rf/Ro
Cx
MRFC MGCF
MRFP
Mi
Mw
AS HSS
GGSN
P-CSCF
S-CSCF
BGCF
I-CSCFSLF
Charging
Functions
UE
Mw
Mw
Mr
Mg
Mj
Mi
Mp Mn
ISC Cx
Dx
Dh
Sh
Rf/Ro
Cx
MRFC MGCF
MRFP
Mi
Mw
SIP
DIAMETER
H.248
MRFPMGW
PSTN
IP Transport (Access and Core)
7/29/2019 ims04-giuhat-sipera
15/1915Sipera Systems, Proprietary & Confidential
IMS & SIP enable a rich feature
set of Converged Services ..
but also open up the network to
IP based vulnerabilities
IMS & SIP vulnerabilities include: OS level vulnerabilities
IP Layer 3 vulnerabilities
IMS Framework related vulnerabilities
SIP/RTP/H.248/etc. protocol vulnerabilities
VoIP/Video/PoC/etc. Application vulnerabilities
VoIP SPAM
Well known in the data world
New, unique &
real time sensitive
Application level
vulnerabilities
P/S/I CSCFSLF/PDF/IBCF/IWF
MGCF
MRFC
BGCF
SGF
MGW
MRFP
T-MGF
IMS core
IMS Vulnerabilities
SIP ServerCall Server
Media Gateway
HSS Apps Chrg
IP-IP GW
ABGF
IBGF
7/29/2019 ims04-giuhat-sipera
16/1916Sipera Systems, Proprietary & Confidential
IMS Architecture Vulnerabilities: Some Examples
Compromised mobile phones Zombie hard/soft phones
Modified phone with malicious intent Malicious/Malformed/Spoofed signaling attacks
Malicious/Malformed/Spoofed media attacks
Spoofed IMS Emergency session attacks
Presence update attacks Initiating Conferencing to block the network resources
UE having direct access to the IMS core network Charging fraud - Signaling directly to S-CSCF to avoid charging
Misconfigured/partially configured UEs and/or Network elements
Non-GPRS access such as WLAN or BB can be attacked directly fromthe internet without a subscription
SPAM
7/29/2019 ims04-giuhat-sipera
17/1917Sipera Systems, Proprietary & Confidential
IMS Application Level Attacks
Zombie attackers
Spoofed PacketsSpammer
P/S/I CSCFSLF/PDF/IBCF/IWF
MGCF
MRFC
BGCF
SGF
MGW
MRFP
T-MGF
MMD core
SIP Server Call Server
Media Gateway
HSS Apps Chrg
IP-IP GW
ABGF
IBGF
Both Network & Subscribers
can be attacked
Human attackers
Attack Types:
Flood Denial of Service Signaling
Media
Distributed DoS
Stealth DoS Target individual or group
of users
Blended attacks
Recruit zombies and usethem to launch an attack
SPAM SPAM over Internet
Telephony (SPIT)
IMS V lnerabilit Protection
7/29/2019 ims04-giuhat-sipera
18/1918Sipera Systems, Proprietary & Confidential
IMS Vulnerability Protection
System Reference Architecture
Zombie attackers
Human attackers
SpammerIMS
Vulnerability
Protection
System
IMS Vulnerability Protection System is distinct from the IMS core infrastructure
P/S/I CSCF
SLF/PDF/IBCF/IWF
MGCF
MRFC
BGCFSGF
MGW
MRFP
T-MGF
IMS core
SIP ServerCall Server
Media Gateway
HSS Apps Chrg
IP-IP GW
ABGF
IBGF
7/29/2019 ims04-giuhat-sipera
19/19
19Sipera Systems Proprietary & Confidential
Attack Summary
An IMS network built to 3GPP or TISPAN specifications compliance hasnumerous vulnerabilities
An attack on the network could cause network-wide outages including bringingdown HSSs, App Servers, SIP servers, Call Servers, Media Gateways and IP-IPGateways
Attacks towards specific targeted individual users could cause them extremeannoyance and disrupt their service in insidious ways
Sipera Systems research team has identified over 90 distinct categories ofattacks
These attacks require hackers with varying levels of sophistication, but manyattacks are possible even by so called script kiddies