Upload
koalla01
View
214
Download
0
Embed Size (px)
Citation preview
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 1/11
1
SIP Security MechanismsThrough a secure Software Engineering
approach
Prajwalan [email protected]
Agenda
• Introduction
• Security Issues during phases of SD ! – "e#uirements $ngineering
– System Design
– Implementation
– %esting
• &pen Issues
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 3/11
3
0oehm Spiral Model
"e#uirements$ngineering
System Design
Implementation!oding/
System%esting and!ustomer"e-iew
"e#uirements $ngineering
• ,hat could an end user e5pect 1 – !all should +e esta+lished with right callee
– Media will remain confidential throughout the path
– %hird party should not +e a+le to see who is calling whom
– !aller is charged correctly
– It is possi+le to make calls when caller wants
• Security goals – Maintain confidentiality Encryption /
– Integrity protection )A /
– DoS protection "eal -ith replay, ### /
– $ntities in-ol-ed are authenticated !oth caller an callee /
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 4/11
4
"e#uirements $ngineering
• Attacks and their impact "isk
Threat Impact
Sniffing the signal messages oss of pri-acy
Sniffing the media oss of pri-acy
Message tampering Impersonating'6ijack "$7IS%$" /
DoS' oss of Integrity' Incorrect 0illing'4nauthori8ed Access
"eplay DoS' Incorrect 0illing
Spam "$7IS%$" and I2*I%$ DoS
9a+ricated Messages DoS' Incorrect 0illing' 4nauthori8edAccess
%earing down session e.g. 0:$ attack'!A2!$ attack/
DoS' Incorrect 0illing
"e#uirements $ngineering
• Prioriti8e the "e#uirements
Requirement Priority Level
!onnection to correct callee 6igh
Proper +illing 6igh!onnection a-aila+ility 6igh
Signal Proctection 6igh
!aller and callee identity protection 6igh ( Medium 111
!all 3uality Medium
Media Protection Medium
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 5/11
5
System Design
• Se-eral security mechanisms $hich one to go for .
• Its important to analy8e the tradeoffs associated with eachcountermeasure – ets analy8e now
5y8.com
sip)+o+@a+c.comsip)[email protected]
a+c.com
Trudy
Digest Authentication
• Authenticating !lient
– 2o $ncryption 2o confidentiality
– 2o guarantee of successful client authenticity /se I entity0ea er1R2 33435
Digest Authentication 4A and Pro5y Authentication
* Source of Picture: Sawda, S., Urien, P.: SIPSecurity Attacks and Solutions: A state-of-the-artreview. IEEE Network, (2006)
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 6/11
6
Identity 6eader
• 9irst Step ) Digest Authentication
• Second Step )9rom%o!all IDDate!se#!ontact
S6A ; < "SA
Signature
0ase =>
Identity
Pri-ateKey ofPro5y
I2*I%$ sip)+o+@a+c.com SIP ?.9rom) ...%o) ...!all;ID ) ...!se#) ...!ontact) ...Date) ...Identity: I4S:BCK E/ 6ASDFIdentity-Info:Ghttps)((somesite.com(5y8.cerH algFrsa;
sha<!ontent;%ype)....
% S(D% S
• Pro-ides confidentiality as well as integrity
• Integrated key management
• 6op +y 6op Interme iate proxies must be truste
• If all the links do not use % S(D% S then security may +ecompromised – sips) 4"I is used to indicate that % S must +e used.
• % S %!P' D% S 4DP
• If signalling is also done o-er 4DP 6nly "T7S may be sufficient
• 4sing D% S without "%P/ for media may result into high networko-erhead
• PKI Pro+lem
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 7/11
7
S(MIM$
• $ncrypt the MIM$ +ody with pu+lic key of recei-er
• Pro-ides +oth confidentiality and integrity
• $ntity authentication
• Pu+lic key of recei-er 6btaine through *#8&9 certificate1signe by truste A 5
• Additional o-erhead due to PKI
• All the headers cannot +e encrypted Re uest /RI, ;ia,Recor <Route, To, 2rom, se , all I" – &"' encrypt all the headers along with +ody and their hash o-er
header and +ody J attach unencrypted header
• $nd to $nd
IPSec
• 2etwork layer security' so protects +oth %!P and 4DP
• !onfidentiality' Integrity' $ntity Authentication
• Integrated Key Management
• %ransparent to application• 0ut it is also +ased on PKI
• Deployment challenges – SAD' Administrati-e "ights' Support +y all &S
• 6op +y 6op
• It seems like application will ha-e to depend on the platform
!hang' !.' u' :.9.' Pang' A.!.' Kuo' %.,..) Design andImplementation of SIP Security.
2!S' -ol. C<' pp. ==C;;=LB. Springer' 6eidel+erg ? /
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 8/11
8
Secure "%P
• 0asically "%P +ased media protection
• !onfidentiality A$S in key stream mode
• Integrity 6MA!;S6A;<
• "eplay +ased DoS Se#uence 2um+ers
• ow network o-erhead
• Key Management Issue – 6a-e to depend on additional SIP signal J % S or S(MIM$
– N"%P key agreement protocol -hich performs "iffie<0ellman keyexchange for SRT+, =o nee of +>I, SAS 1Short Authentication String5
• $hat if me ia is not RT+ .
So ,hich one to go with 1
• Digest J Identity ...
• S(MIM$ +>I problem
• IPSec "eployment issues ? +>I problem
• % S Truste +roxies an all interme iate proxis must support it
• S"%P >ey "istribution issues an supports only RT+• D% S T7S problems ? net-ork o(erhea if RT+ is not use #
Requirement Solution
!onnection to correct callee % S(D% S' S(MIM$' IPSec
Proper +illing Digest' % S(D% S' S(MIM$' IPSec
!onnection a-aila+ility 111
Signal Proctection % S(D% S' S(MIM$' IPSec
!aller and callee identity protection Digest' % S(D% S' S(MIM$' IPSec
!all 3uality 111
Media Protection D% S' S"%P' IPSec
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 9/11
9
Implementation
• !onfiguration of different ser-ers such as D2S' Pro5ies etc...
• De-eloping custom pro5ies' 4As – AI2 SIP J AI2 SDP from Sun Microsystems and 2IS%
– SIP Ser-let
– SIP API for ?M$ from Sun Microsystems and 2okia
– As per recent documentation' none pro-ides API support for a+o-esecurity mechanisms "ifferent A+I nee e
– &pen SS Strictly base -ith /nix libraries• a-a and .2$% +ased API
• *isual !JJ ,in ? and M9!/
– ,rite "esponsi+le codes
SIP Security %esting
• Should at least focus on security re#uirements identified in"e#uirements $ngineering phase
• Should +e performed +y sending malformed SIP re#uests'
• Sending a lot of authenticated and unauthenticated re#uests• !heck of % S or S(MIM$ or D% S or S"%P support
• !heck if deprecated technologies are used
• "%P or media tampering
• 0uffer o-erflow and S3 Injection 111
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 10/11
10
SIP Security %esting
• %ools) – SIPp: A free 6pen Source test tool @ traffic generator for the SI+ protocol#
– PROTOS SIP Fuzzer: < Tool that sen s a set of malforme SI+ messages#
– SiVuS: A SI+ ;ulnerability Scanner that scans for SI+ targets an attacks them
– SIPNess: A basic tool to construct, sen or recei(e SI+ messages
– SIPBomber: A sip<protocol R2 B%C'D testing tool
– SFTF : A SI+ 2orum test frame-ork to e(aluate an report the security anrobustness of a SI+ user agent
&pen Issues
• Denial of Ser-ice Attacks – Against 4A' Pro5ies
– 9looding Set threshol for each user in the proxy
• 6ow to know that pro5y is authori8ed for a particular domain – Attri+ute !ertificate
– $5isting O. C fields 11
• ,ill the method descri+ed in this paper really result into asecure SIP +ased product 1
8/13/2019 SIP Security Mechanisms
http://slidepdf.com/reader/full/sip-security-mechanisms 11/11
Summary
• SIP is highly -ulnera+le to se-eral attacks
• Security Mechanims are there' +ut each of them ha-e theirown tradeoffs – Mainly implementation issues and practical pro+lems
• Security should +e considered through all the phases of SD ! – 9rom "e#uirements $ngineering to %esting