SlideShare una empresa de Scribd logo

Securing IP Fax - A New Standard Approach

Descargar como PPTX, PDF
J
James Rafferty

Securing IP Fax - A New Standard Approach Slightly revised version of presentation I made at SIPNOC 2014 in June, 2014

Tecnología
1 de 20
Securing IP Fax A New Standard Approach James Rafferty President, Human Communications SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 1
Overview • Background • What does Security mean for Fax? • What are the Threats? • IETF proposed solution • Impact for Customers • Summary SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 2
Background • Facsimile is an immensely popular solution – Has evolved from an office equipment approach to one which is widely distributed on networks using computer-based solutions – Network rapidly migrating to IP and the Cloud – T.38 IP fax over UDPTL is the widely deployed, standard solution • Issues: – UDPTL is specific to fax; missing security tools found for RTP • T.38 over RTP is also standard, but has minimal implementation – Previous attempts to adopt security for fax not adopted in the marketplace • Annexes found in ITU-T T.30 created in 1996, but not used – Realization of need for security now much more obvious • Real time fax now often going over IP networks • Concern by IT managers and service providers about securing all of their message traffic, including fax SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 3
What Does Security Mean for Fax? • Security solutions typically based on assessment of threats • Examples of Threats for Real Time Fax: – Preserve Confidentiality • Stop 3rd parties from being able to decode the contents of a fax if intercepted on the network – Maintain Integrity • Prevent 3rd parties from manipulating the contents of fax messages – Confirm Identity • Ensure that the identity of the fax sender can be verified SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 4
How to Address the Threats? • Often confusion between solutions and threats • Common Perception that encryption solves all security problems, but it’s more complicated than that – There’s no one single “magic bullet” that solves all security issues • Encryption useful, but threat model still needs to be understood to meet security goals SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 5
Threat: Breach Confidentiality • Much of the information conveyed by fax is private – Individual’s financial and health information – Business financial or other proprietary data • A confidentiality solution needs to keep the fax data confidential while it traverses the network Eavesdrop or steal content SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 6
Threat: Change the Content • Faxes are used to send images coded using particular compression methods • Not easy to do, but pages could be intercepted in route and then changed • Example: – Provide disinformation to disrupt competitor Inject New ContentSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 7
Threat: Spoof Identity • Internet services are under increased attack by rogue users who create SPAM, send fake messages and impersonate identities • We’ve all received emails that say they’re from somebody we know, but are really SPAM • How? The intruders are spoofing identities. Spoof Identity SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 8
Proposed Standard from IETF • 3GPP and IP Fax Community wanted to add security for T.38 IP Fax – Work originated due to demand from service providers for secure fax solutions • MMUSIC working group of IETF has been working on related draft since Summer, 2013 – draft-ietf-mmusic-udptl-dtls-07.txt • Co-authors Christer Holmberg, Ivo Sedlacek and Gonzalo Salgueiro • Wide variety of comments from both fax and Internet communities • Also vetted by the Fax over IP working group of the SIP Forum • Approval Status • Has passed working group last call; now being reviewed for approval (IESG) • Potential for publication as standards track document later this year • 3GPP will also reference in their upcoming specifications (Release 12) SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 9
Why DTLS? • Draft uses existing security standard DTLS • RFC 6347 – Datagram Transport Layer Security Version 1.2 • DTLS builds on well-known practices in the Transport Layer Security protocol (TLS) – TLS suitable for session protocols running over TCP – DTLS extends TLS concepts, but is adapted for use with datagram protocols (such as UDP) • DTLS can be used to secure media centric protocols such as RTP and UDPTL SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 10
Protocol Stack Layers T.38 IP Fax Protocol UDPTL DTLS UDP IP Adds Transport Security Layer to T.38 over UDPTL SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 11
Does New Spec Address the Threats? Let’s take a closer look SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 12
Protect Confidentiality • T.38 over UDPTL provides no protection vs. 3rd parties that want to eavesdrop on a fax • DTLS provides strong encryption; messages can’t be decoded without access to keys used in the selected Cipher Eavesdrop or steal content XSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 13
Protect Integrity • In T.38 over UDPTL, it is possible to modify the image content • Addition of DTLS layer provides data integrity – DTLS computes Message Authentication Codes (MACs) using hashing algorithms to protect against changes to message content – If message content changes, hash totals will be invalid Inject New Content XSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 14
Prevent Identity Spoofing • In T.38 over UDPTL, there is no protection vs. spoofed identities • New draft spec recommends using PKIX Certificates to authenticate the two sides (per RFC 5280) – checks name on certificate vs. domain name Spoof Identity X SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 15
Impact for Customers • Addition of Security for T.38 IP fax should be valuable to customers both in the enterprise and service provider markets • But: – Often slow rampup from standardization to deployment • Can be jumpstarted through support by industry groups • Vendors can gain an edge by deploying the standard solution early • Later, vendors will need to have interworking implementations of the standard SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 16
Accelerating the Rampup • 3GPP targets adding to IP Multimedia Subsystem / LTE standards as of Release 12 – This endorsement will help drive additional deployment on IMS / VoLTE networks, notably for service providers – Fax and SIP Trunking service providers are also likely adopters • Adoption Acceleration Opportunities via Forums – SIP Forum supports early adoption of standards via: • SIPit – Interop activities for SIP protocol in general • SIPConnect – interop and compliance activities for SIP Trunking • Fax over IP Working Group – members can monitor status of early implementations – Other forums such as I3 may also be interested SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 17
Enterprise to the Cloud and Beyond • New standard will be an excellent fit for Cloud implementations, managed within the Enterprise or via managed service providers • Will also have value for enterprise networks which interconnect premises, or hybrid networks between premise and the Cloud • Should also fit SIP Trunking use cases for IP Fax • Could result in future extensions to agreements such as SIP Connect SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 18
Summary • IETF is close to standardizing a new security standard for IP Fax • Should address the most likely threats that would compromise fax use over IP networks • Likely first implementers will be back to back deployments by single vendor • Endorsement by 3GPP will help drive mid to longer term deployments on IMS / LTE networks • New standard should also be good fit for Enterprise uses such as SIP Trunking and the Cloud • Participation in Forums can help accelerate the adoption rampup once the standard is approved SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 19
About James Rafferty • Versatile Product Management and Marketing Leader • Blog: http://blog2.humancomm.com • Twitter: @jrafferty11 • Email: jayAthumancommDotcom • LinkedIn: https://www.linkedin.com/pub/ja mes-rafferty/0/917/474 SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 20

Recomendados

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2Anne Starr
 
RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014Eleni Trouva
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
6 security130123
6 security1301236 security130123
6 security130123ICT PRISTINE
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 

Recomendados

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2Anne Starr
 
RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014Eleni Trouva
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
6 security130123
6 security1301236 security130123
6 security130123ICT PRISTINE
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
VOIP security
VOIP securityVOIP security
VOIP securityRohit Gurjar
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)ryaekle
 
Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Eleni Trouva
 
L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6j otgo
 
Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Videoguy
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration EasyIntelePeer
 
Comppt22
Comppt22Comppt22
Comppt22Deliad
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network careerUniversitas Bina Darma Palembang
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
Slied13
Slied13Slied13
Slied13ringoattocin
 
Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014ICT PRISTINE
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Labfrcarlson
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowDan York
 
Tech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesTech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesJisc
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptOECLIB Odisha Electronics Control Library
 
IRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopIRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopEleni Trouva
 
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...BDDazza
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationRam Bharosh Raut
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
ETE405-lec4.pdf
ETE405-lec4.pdfETE405-lec4.pdf
ETE405-lec4.pdfmashiur
 
VoIP Research Paper
VoIP Research PaperVoIP Research Paper
VoIP Research PaperAashish Pande
 

Más contenido relacionado

La actualidad más candente

Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)ryaekle
 
Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Eleni Trouva
 
L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6j otgo
 
Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Videoguy
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration EasyIntelePeer
 
Comppt22
Comppt22Comppt22
Comppt22Deliad
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014ICT PRISTINE
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Labfrcarlson
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowDan York
 
Tech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesTech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesJisc
 
IRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopIRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopEleni Trouva
 
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...BDDazza
 

La actualidad más candente (20)

VOIP security
VOIP securityVOIP security
VOIP security
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)
 
Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012
 
L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6
 
Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration Easy
 
Comppt22
Comppt22Comppt22
Comppt22
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedure
 
Slied13
Slied13Slied13
Slied13
 
Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Lab
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To Know
 
Tech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesTech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network services
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
 
IRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopIRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE Workshop
 
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Vpn ppt
Vpn pptVpn ppt
Vpn ppt
 

Similar a Securing IP Fax - A New Standard Approach

ETE405-lec4.pdf
ETE405-lec4.pdfETE405-lec4.pdf
ETE405-lec4.pdfmashiur
 
IOT_module_3.pdf
IOT_module_3.pdfIOT_module_3.pdf
IOT_module_3.pdfAmitH42
 
Voip Eddie Jan2010
Voip Eddie Jan2010Voip Eddie Jan2010
Voip Eddie Jan2010ekaypour
 
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056mashiur
 
Prof Olivier Bonaventure EU Presentation on MPTCP
Prof Olivier Bonaventure EU Presentation on MPTCPProf Olivier Bonaventure EU Presentation on MPTCP
Prof Olivier Bonaventure EU Presentation on MPTCPGraham G. Turnbull
 
A short introduction to TETRA Industry Group and the benefits of TETRA
A short introduction to TETRA Industry Group and the benefits of TETRAA short introduction to TETRA Industry Group and the benefits of TETRA
A short introduction to TETRA Industry Group and the benefits of TETRALeonardo
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPSean Flores
 
MULTIMEDIA SERVICES OVER IP NETWORKS
MULTIMEDIA SERVICES OVER IP NETWORKSMULTIMEDIA SERVICES OVER IP NETWORKS
MULTIMEDIA SERVICES OVER IP NETWORKSYatish Bathla
 
ITN_Module_17.pptx
ITN_Module_17.pptxITN_Module_17.pptx
ITN_Module_17.pptxssuserf7cd2b
 
8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lteCPqD
 
Energize your Unified Communications with SIP
Energize your Unified Communications with SIPEnergize your Unified Communications with SIP
Energize your Unified Communications with SIPXO Communications
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutionseroglu
 
Zuniga-Privacy-ECSG-update
Zuniga-Privacy-ECSG-updateZuniga-Privacy-ECSG-update
Zuniga-Privacy-ECSG-updateBrandon Height
 
Chapter 8 Presentaion
Chapter 8 PresentaionChapter 8 Presentaion
Chapter 8 PresentaionAmy McMullin
 
Benefits of SIP Trunking
Benefits of SIP TrunkingBenefits of SIP Trunking
Benefits of SIP TrunkingIntelePeer
 
IMTC Connect 2015, SIP Parity Activity Group Update
IMTC Connect 2015, SIP Parity Activity Group UpdateIMTC Connect 2015, SIP Parity Activity Group Update
IMTC Connect 2015, SIP Parity Activity Group UpdateCharles Eckel
 
M1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxM1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxAngel Garcia
 

Similar a Securing IP Fax - A New Standard Approach (20)

ETE405-lec4.pdf
ETE405-lec4.pdfETE405-lec4.pdf
ETE405-lec4.pdf
 
VoIP Research Paper
VoIP Research PaperVoIP Research Paper
VoIP Research Paper
 
IOT_module_3.pdf
IOT_module_3.pdfIOT_module_3.pdf
IOT_module_3.pdf
 
Voip Eddie Jan2010
Voip Eddie Jan2010Voip Eddie Jan2010
Voip Eddie Jan2010
 
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056
 
Prof Olivier Bonaventure EU Presentation on MPTCP
Prof Olivier Bonaventure EU Presentation on MPTCPProf Olivier Bonaventure EU Presentation on MPTCP
Prof Olivier Bonaventure EU Presentation on MPTCP
 
A short introduction to TETRA Industry Group and the benefits of TETRA
A short introduction to TETRA Industry Group and the benefits of TETRAA short introduction to TETRA Industry Group and the benefits of TETRA
A short introduction to TETRA Industry Group and the benefits of TETRA
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
 
data communication
data communicationdata communication
data communication
 
Pro Viva Emmanuel
Pro Viva EmmanuelPro Viva Emmanuel
Pro Viva Emmanuel
 
MULTIMEDIA SERVICES OVER IP NETWORKS
MULTIMEDIA SERVICES OVER IP NETWORKSMULTIMEDIA SERVICES OVER IP NETWORKS
MULTIMEDIA SERVICES OVER IP NETWORKS
 
ITN_Module_17.pptx
ITN_Module_17.pptxITN_Module_17.pptx
ITN_Module_17.pptx
 
8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte
 
Energize your Unified Communications with SIP
Energize your Unified Communications with SIPEnergize your Unified Communications with SIP
Energize your Unified Communications with SIP
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
 
Zuniga-Privacy-ECSG-update
Zuniga-Privacy-ECSG-updateZuniga-Privacy-ECSG-update
Zuniga-Privacy-ECSG-update
 
Chapter 8 Presentaion
Chapter 8 PresentaionChapter 8 Presentaion
Chapter 8 Presentaion
 
Benefits of SIP Trunking
Benefits of SIP TrunkingBenefits of SIP Trunking
Benefits of SIP Trunking
 
IMTC Connect 2015, SIP Parity Activity Group Update
IMTC Connect 2015, SIP Parity Activity Group UpdateIMTC Connect 2015, SIP Parity Activity Group Update
IMTC Connect 2015, SIP Parity Activity Group Update
 
M1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxM1-C17-Armando una red.pptx
M1-C17-Armando una red.pptx
 

Último

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

Securing IP Fax - A New Standard Approach

  • 1. Securing IP Fax A New Standard Approach James Rafferty President, Human Communications SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 1
  • 2. Overview • Background • What does Security mean for Fax? • What are the Threats? • IETF proposed solution • Impact for Customers • Summary SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 2
  • 3. Background • Facsimile is an immensely popular solution – Has evolved from an office equipment approach to one which is widely distributed on networks using computer-based solutions – Network rapidly migrating to IP and the Cloud – T.38 IP fax over UDPTL is the widely deployed, standard solution • Issues: – UDPTL is specific to fax; missing security tools found for RTP • T.38 over RTP is also standard, but has minimal implementation – Previous attempts to adopt security for fax not adopted in the marketplace • Annexes found in ITU-T T.30 created in 1996, but not used – Realization of need for security now much more obvious • Real time fax now often going over IP networks • Concern by IT managers and service providers about securing all of their message traffic, including fax SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 3
  • 4. What Does Security Mean for Fax? • Security solutions typically based on assessment of threats • Examples of Threats for Real Time Fax: – Preserve Confidentiality • Stop 3rd parties from being able to decode the contents of a fax if intercepted on the network – Maintain Integrity • Prevent 3rd parties from manipulating the contents of fax messages – Confirm Identity • Ensure that the identity of the fax sender can be verified SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 4
  • 5. How to Address the Threats? • Often confusion between solutions and threats • Common Perception that encryption solves all security problems, but it’s more complicated than that – There’s no one single “magic bullet” that solves all security issues • Encryption useful, but threat model still needs to be understood to meet security goals SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 5
  • 6. Threat: Breach Confidentiality • Much of the information conveyed by fax is private – Individual’s financial and health information – Business financial or other proprietary data • A confidentiality solution needs to keep the fax data confidential while it traverses the network Eavesdrop or steal content SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 6
  • 7. Threat: Change the Content • Faxes are used to send images coded using particular compression methods • Not easy to do, but pages could be intercepted in route and then changed • Example: – Provide disinformation to disrupt competitor Inject New ContentSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 7
  • 8. Threat: Spoof Identity • Internet services are under increased attack by rogue users who create SPAM, send fake messages and impersonate identities • We’ve all received emails that say they’re from somebody we know, but are really SPAM • How? The intruders are spoofing identities. Spoof Identity SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 8
  • 9. Proposed Standard from IETF • 3GPP and IP Fax Community wanted to add security for T.38 IP Fax – Work originated due to demand from service providers for secure fax solutions • MMUSIC working group of IETF has been working on related draft since Summer, 2013 – draft-ietf-mmusic-udptl-dtls-07.txt • Co-authors Christer Holmberg, Ivo Sedlacek and Gonzalo Salgueiro • Wide variety of comments from both fax and Internet communities • Also vetted by the Fax over IP working group of the SIP Forum • Approval Status • Has passed working group last call; now being reviewed for approval (IESG) • Potential for publication as standards track document later this year • 3GPP will also reference in their upcoming specifications (Release 12) SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 9
  • 10. Why DTLS? • Draft uses existing security standard DTLS • RFC 6347 – Datagram Transport Layer Security Version 1.2 • DTLS builds on well-known practices in the Transport Layer Security protocol (TLS) – TLS suitable for session protocols running over TCP – DTLS extends TLS concepts, but is adapted for use with datagram protocols (such as UDP) • DTLS can be used to secure media centric protocols such as RTP and UDPTL SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 10
  • 11. Protocol Stack Layers T.38 IP Fax Protocol UDPTL DTLS UDP IP Adds Transport Security Layer to T.38 over UDPTL SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 11
  • 12. Does New Spec Address the Threats? Let’s take a closer look SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 12
  • 13. Protect Confidentiality • T.38 over UDPTL provides no protection vs. 3rd parties that want to eavesdrop on a fax • DTLS provides strong encryption; messages can’t be decoded without access to keys used in the selected Cipher Eavesdrop or steal content XSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 13
  • 14. Protect Integrity • In T.38 over UDPTL, it is possible to modify the image content • Addition of DTLS layer provides data integrity – DTLS computes Message Authentication Codes (MACs) using hashing algorithms to protect against changes to message content – If message content changes, hash totals will be invalid Inject New Content XSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 14
  • 15. Prevent Identity Spoofing • In T.38 over UDPTL, there is no protection vs. spoofed identities • New draft spec recommends using PKIX Certificates to authenticate the two sides (per RFC 5280) – checks name on certificate vs. domain name Spoof Identity X SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 15
  • 16. Impact for Customers • Addition of Security for T.38 IP fax should be valuable to customers both in the enterprise and service provider markets • But: – Often slow rampup from standardization to deployment • Can be jumpstarted through support by industry groups • Vendors can gain an edge by deploying the standard solution early • Later, vendors will need to have interworking implementations of the standard SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 16
  • 17. Accelerating the Rampup • 3GPP targets adding to IP Multimedia Subsystem / LTE standards as of Release 12 – This endorsement will help drive additional deployment on IMS / VoLTE networks, notably for service providers – Fax and SIP Trunking service providers are also likely adopters • Adoption Acceleration Opportunities via Forums – SIP Forum supports early adoption of standards via: • SIPit – Interop activities for SIP protocol in general • SIPConnect – interop and compliance activities for SIP Trunking • Fax over IP Working Group – members can monitor status of early implementations – Other forums such as I3 may also be interested SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 17
  • 18. Enterprise to the Cloud and Beyond • New standard will be an excellent fit for Cloud implementations, managed within the Enterprise or via managed service providers • Will also have value for enterprise networks which interconnect premises, or hybrid networks between premise and the Cloud • Should also fit SIP Trunking use cases for IP Fax • Could result in future extensions to agreements such as SIP Connect SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 18
  • 19. Summary • IETF is close to standardizing a new security standard for IP Fax • Should address the most likely threats that would compromise fax use over IP networks • Likely first implementers will be back to back deployments by single vendor • Endorsement by 3GPP will help drive mid to longer term deployments on IMS / LTE networks • New standard should also be good fit for Enterprise uses such as SIP Trunking and the Cloud • Participation in Forums can help accelerate the adoption rampup once the standard is approved SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 19
  • 20. About James Rafferty • Versatile Product Management and Marketing Leader • Blog: http://blog2.humancomm.com • Twitter: @jrafferty11 • Email: jayAthumancommDotcom • LinkedIn: https://www.linkedin.com/pub/ja mes-rafferty/0/917/474 SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 20