SIP Security Mechanisms

8/13/2019 SIP Security Mechanisms

http://slidepdf.com/reader/full/sip-security-mechanisms 1/11

1

SIP Security MechanismsThrough a secure Software Engineering

approach

Prajwalan [email protected]

Agenda

• Introduction

• Security Issues during phases of SD ! – "e#uirements $ngineering

– System Design

– Implementation

– %esting

• &pen Issues





3

0oehm Spiral Model

"e#uirements$ngineering

System Design

Implementation!oding/

System%esting and!ustomer"e-iew

"e#uirements $ngineering

• ,hat could an end user e5pect 1 – !all should +e esta+lished with right callee

– Media will remain confidential throughout the path

– %hird party should not +e a+le to see who is calling whom

– !aller is charged correctly

– It is possi+le to make calls when caller wants

• Security goals – Maintain confidentiality Encryption /

– Integrity protection )A /

– DoS protection "eal -ith replay, ### /

– $ntities in-ol-ed are authenticated !oth caller an callee /



4


• Attacks and their impact "isk

Threat Impact

Sniffing the signal messages oss of pri-acy

Sniffing the media oss of pri-acy

Message tampering Impersonating'6ijack "$7IS%$" /

DoS' oss of Integrity' Incorrect 0illing'4nauthori8ed Access

"eplay DoS' Incorrect 0illing

Spam "$7IS%$" and I2*I%$ DoS

9a+ricated Messages DoS' Incorrect 0illing' 4nauthori8edAccess

%earing down session e.g. 0:$ attack'!A2!$ attack/

DoS' Incorrect 0illing


• Prioriti8e the "e#uirements

Requirement Priority Level

!onnection to correct callee 6igh

Proper +illing 6igh!onnection a-aila+ility 6igh

Signal Proctection 6igh

!aller and callee identity protection 6igh ( Medium 111

!all 3uality Medium

Media Protection Medium



5

System Design

• Se-eral security mechanisms $hich one to go for .

• Its important to analy8e the tradeoffs associated with eachcountermeasure – ets analy8e now

5y8.com

sip)+o+@a+c.comsip)[email protected]

a+c.com

Trudy

Digest Authentication

• Authenticating !lient

– 2o $ncryption 2o confidentiality

– 2o guarantee of successful client authenticity /se I entity0ea er1R2 33435

Digest Authentication 4A and Pro5y Authentication

* Source of Picture: Sawda, S., Urien, P.: SIPSecurity Attacks and Solutions: A state-of-the-artreview. IEEE Network, (2006)



6

Identity 6eader

• 9irst Step ) Digest Authentication

• Second Step )9rom%o!all IDDate!se#!ontact

S6A ; < "SA

Signature

0ase =>

Identity

Pri-ateKey ofPro5y

I2*I%$ sip)+o+@a+c.com SIP ?.9rom) ...%o) ...!all;ID ) ...!se#) ...!ontact) ...Date) ...Identity: I4S:BCK E/ 6ASDFIdentity-Info:Ghttps)((somesite.com(5y8.cerH algFrsa;

sha<!ontent;%ype)....

% S(D% S

• Pro-ides confidentiality as well as integrity

• Integrated key management

• 6op +y 6op Interme iate proxies must be truste

• If all the links do not use % S(D% S then security may +ecompromised – sips) 4"I is used to indicate that % S must +e used.

• % S %!P' D% S 4DP

• If signalling is also done o-er 4DP 6nly "T7S may be sufficient

• 4sing D% S without "%P/ for media may result into high networko-erhead

• PKI Pro+lem



7

S(MIM$

• $ncrypt the MIM$ +ody with pu+lic key of recei-er

• Pro-ides +oth confidentiality and integrity

• $ntity authentication

• Pu+lic key of recei-er 6btaine through *#8&9 certificate1signe by truste A 5

• Additional o-erhead due to PKI

• All the headers cannot +e encrypted Re uest /RI, ;ia,Recor <Route, To, 2rom, se , all I" – &"' encrypt all the headers along with +ody and their hash o-er

header and +ody J attach unencrypted header

• $nd to $nd

IPSec

• 2etwork layer security' so protects +oth %!P and 4DP

• !onfidentiality' Integrity' $ntity Authentication

• Integrated Key Management

• %ransparent to application• 0ut it is also +ased on PKI

• Deployment challenges – SAD' Administrati-e "ights' Support +y all &S

• 6op +y 6op

• It seems like application will ha-e to depend on the platform

!hang' !.' u' :.9.' Pang' A.!.' Kuo' %.,..) Design andImplementation of SIP Security.

2!S' -ol. C<' pp. ==C;;=LB. Springer' 6eidel+erg ? /



8

Secure "%P

• 0asically "%P +ased media protection

• !onfidentiality A$S in key stream mode

• Integrity 6MA!;S6A;<

• "eplay +ased DoS Se#uence 2um+ers

• ow network o-erhead

• Key Management Issue – 6a-e to depend on additional SIP signal J % S or S(MIM$

– N"%P key agreement protocol -hich performs "iffie<0ellman keyexchange for SRT+, =o nee of +>I, SAS 1Short Authentication String5

• $hat if me ia is not RT+ .

So ,hich one to go with 1

• Digest J Identity ...

• S(MIM$ +>I problem

• IPSec "eployment issues ? +>I problem

• % S Truste +roxies an all interme iate proxis must support it

• S"%P >ey "istribution issues an supports only RT+• D% S T7S problems ? net-ork o(erhea if RT+ is not use #

Requirement Solution

!onnection to correct callee % S(D% S' S(MIM$' IPSec

Proper +illing Digest' % S(D% S' S(MIM$' IPSec

!onnection a-aila+ility 111

Signal Proctection % S(D% S' S(MIM$' IPSec

!aller and callee identity protection Digest' % S(D% S' S(MIM$' IPSec

!all 3uality 111

Media Protection D% S' S"%P' IPSec



9

Implementation

• !onfiguration of different ser-ers such as D2S' Pro5ies etc...

• De-eloping custom pro5ies' 4As – AI2 SIP J AI2 SDP from Sun Microsystems and 2IS%

– SIP Ser-let

– SIP API for ?M$ from Sun Microsystems and 2okia

– As per recent documentation' none pro-ides API support for a+o-esecurity mechanisms "ifferent A+I nee e

– &pen SS Strictly base -ith /nix libraries• a-a and .2$% +ased API

• *isual !JJ ,in ? and M9!/

– ,rite "esponsi+le codes

SIP Security %esting

• Should at least focus on security re#uirements identified in"e#uirements $ngineering phase

• Should +e performed +y sending malformed SIP re#uests'

• Sending a lot of authenticated and unauthenticated re#uests• !heck of % S or S(MIM$ or D% S or S"%P support

• !heck if deprecated technologies are used

• "%P or media tampering

• 0uffer o-erflow and S3 Injection 111



10

SIP Security %esting

• %ools) – SIPp: A free 6pen Source test tool @ traffic generator for the SI+ protocol#

– PROTOS SIP Fuzzer: < Tool that sen s a set of malforme SI+ messages#

– SiVuS: A SI+ ;ulnerability Scanner that scans for SI+ targets an attacks them

– SIPNess: A basic tool to construct, sen or recei(e SI+ messages

– SIPBomber: A sip<protocol R2 B%C'D testing tool

– SFTF : A SI+ 2orum test frame-ork to e(aluate an report the security anrobustness of a SI+ user agent

&pen Issues

• Denial of Ser-ice Attacks – Against 4A' Pro5ies

– 9looding Set threshol for each user in the proxy

• 6ow to know that pro5y is authori8ed for a particular domain – Attri+ute !ertificate

– $5isting O. C fields 11

• ,ill the method descri+ed in this paper really result into asecure SIP +ased product 1



Summary

• SIP is highly -ulnera+le to se-eral attacks

• Security Mechanims are there' +ut each of them ha-e theirown tradeoffs – Mainly implementation issues and practical pro+lems

• Security should +e considered through all the phases of SD ! – 9rom "e#uirements $ngineering to %esting

Documents

SIP Security Mechanisms