SlideShare una empresa de Scribd logo

Securing Voice Communication

Luca Pradovera
Luca Pradovera

A presentation given at AdhearsionConf 2013 about the possible attacks against SIP and RTP relative countermeasures.

Tecnología
1 de 36
Descargar para leer sin conexión
SECURING VOICE COMMUNICATION (The NSA does not need to hear about this.) by Luca Pradovera
About me Luca Pradovera Voice Application Developer Mojo Lingo LLC, Atlanta, GA Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
CAN WE TRUST VOIP? NO. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Alice, Bob and Bubba All cleartext! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Signaling: SIP (SESSION INITIATION PROTOCOL) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Request methods: INVITE, ACK, BYE SIP is similar to HTTP Headers: To, From Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
INVITE sip:123@10.203.175.11 SIP/2.0 Via: SIP/2.0/UDP 10.203.175.1:63851;rport;branch=z9hG4bKPjOZmllyLuQ52Gda.vzcmWrVVtmFKSyRuz Max-Forwards: 70 From: "Luca Pradovera" <sip:usera@10.203.175.11>;tag=DRTwWU5q2EfrbebG7IMvd3RdDbsKFPOX To: <sip:123@10.203.175.11> Contact: <sip:23941570@10.203.175.1:63851> Call-ID: PvpN2LErALSXW16MbkJPBcZNf7fzeSc4 CSeq: 15461 INVITE Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: 100rel, replaces, norefersub, gruu User-Agent: Blink Pro 3.4.0 (MacOSX) Authorization: Digest username="usera", realm="asterisk", nonce="080a602e", uri="sip: 123@10.203.175.11", response="40732f23b39bc681484874c89c424bf4", algorithm=MD5 SIP Headers Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Content-Type: application/sdp Content-Length: 396 ! v=0 o=- 3595073567 3595073567 IN IP4 10.203.175.1 s=Blink Pro 3.4.0 (MacOSX) c=IN IP4 10.203.175.1 t=0 0 m=audio 50000 RTP/AVP 108 99 98 9 0 8 96 a=rtcp:50001 a=rtpmap:108 opus/48000 a=fmtp:108 useinbandfec=1 a=rtpmap:9 G722/8000 SDP Payload a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:96 telephone-event/8000 a=fmtp:96 0-15 a=sendrecv Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Attacking SIP (TRY THIS AT SOMEONE ELSE’S HOME.) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
SIP digest auth is weak. MD5-1 = MD5 (Username:Realm:Password)
 MD5-2 = MD5 (Method:URI)
 Response MD5 Value = MD5 (MD5-1:Nonce:MD5-2) The only unknown term is the password = An offline attack is possible! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
SIP is vulnerable Forging Contact: to hijack a session Easy man-in the middle attacks DoS via Expires: 0 Denial of service via REGISTER Denial of service via BYE Identity theft Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
SIPS How do we solve this? (SIP Secure) Very similar to HTTPS - Requires client support Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Software support • Asterisk: https://wiki.asterisk.org/wiki/display/AST/Secure +Calling+Tutorial • FreeSWITCH: http://wiki.freeswitch.org/wiki/SIP_TLS • Many softphones and hardware phones Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Media: RTP (REAL-TIME TRANSPORT PROTOCOL) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
RTP Basics UDP protocol Ports 1024 to 65535 Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Let me hear you say… Packet sniffing enables easy eavesdropping A switched network requires an ARP cache poisoning attack but not much more CREEPY DEMO TIME! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
What if I want to be REALLY bad? The timestamp usually starts with 0 and increments by the length of the codec content (e.g. 160ms); the sequence starts with 0 and increments by 1, and the SSRC is usually a static value for the session and a function of time. = They are PREDICTABLE! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
How can we have fun? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Audio injection By predicting timestamp, sequence and SSRC, we can play whatever frame we want. “Did you just say something? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Audio replacement Using higher sequences and timestamp, we make the original audio packets obsolete. Just replace “buy” with “sell” and watch Bitcoin crash! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
What if I am just grumpy? DoS via packet flooding (keep repeating a packet) DoS by RTCP Bye (session teardown) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
By the way, the NSA knows about this. (AND IN CASE THEY WERE MISSING ANYTHING, IT IS IN MY DROPBOX ANYWAY) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
SRTP (Secure RTP) Uses AES in counter mode (AESCTR) with 128 or 256 bit keys Generates a cypher stream that is XORed real-time with plaintext media Headers are signed, payload is encrypted Uses symmetric keys and ciphers that need to be negotiated somehow Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Still need those keys… (NEGOTIATION) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
MIKEY and SDES MIKEY was never actually adopted because it requires additional SIP capabilities SDES (SDP Security Descriptions) a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 requires full TLS protection and still exposes keying to SIP servers. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Keying in the media path: DTLS-SRTP • DTLS exchange over the media port • Uses secrets from the DTLS handshake as keying information • Requires PKI (Public Key Infrastructure) • Used by WebRTC Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
ZRTP (Z is cooler than S.) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
What it does 1. Discovery phase, to find out if the peers support ZRTP 2. Key agreement phase, to exchange the keying data 3. Secure phase, confirming the cryptographic exchange worked and switching to SRTP Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
How it works • Exchange happens in media path • Diffie-Hellman key exchange • SAS (Short Authentication String) produced so it can be compared by humans Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Hellman, the mayonnaise guy? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Why is the SAS important? • The Short Authentication String is computed with a hash of the keys negotiated during DH exchange • It is usually a 4 digit number • It guarantees the absence of a man-in-the-middle • It is retained and reused for subsequent communications Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Benefits • Does not require any signaling security • It is, in fact, signaling and server agnostic (SIP, H. 323, Jingle, WebRTC) • Protected against man-in-the-middle attacks • Best-effort encryption with feedback (the user agent knows if the line is secure or not) • It has a Z in the acronym. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Software support • FreeSWITCH: https://wiki.freeswitch.org/wiki/ZRTP • Jitsi: https://jitsi.org/ • ZFone: http://zfoneproject.com/ Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Final caveats • You are never truly secure • Ensure you never drop out of the IP network • Endpoints are easy targets Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Bibliography • Hacking VoIP: Protocols, Attacks and Countermeasures (http://goo.gl/33EtU7) • SIP: Understanding the Session Initiation Protocol (http://goo.gl/sFSsSi) • Applied Cryptography: Protocols, Algorithms, and Source Code in C (http://goo.gl/U4QOJj) • Countless RFCs and extensions Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Thank you! • http:// mojolingo.com • @lucaprado on Twitter • polysics on Github and IRC Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA

Recomendados

Scaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceScaling FreeSWITCH Performance
Scaling FreeSWITCH Performance
Moises Silva
 
Janus/Asterisk @ Astricon 2017
Janus/Asterisk @ Astricon 2017Janus/Asterisk @ Astricon 2017
Janus/Asterisk @ Astricon 2017
Lorenzo Miniero
 
ClueCon 2017
ClueCon 2017ClueCon 2017
ClueCon 2017
Luca Pradovera
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a Microservice
Evan McGee
 
SIP in action Itexpo West
SIP in action Itexpo WestSIP in action Itexpo West
SIP in action Itexpo West
Graham Francis
 
SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction
Speakinprivate
 
Dalton Jim
Dalton JimDalton Jim
Dalton Jim
Carl Ford
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
Olle E Johansson
 

Recomendados

Scaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceScaling FreeSWITCH Performance
Scaling FreeSWITCH Performance
Moises Silva
 
Janus/Asterisk @ Astricon 2017
Janus/Asterisk @ Astricon 2017Janus/Asterisk @ Astricon 2017
Janus/Asterisk @ Astricon 2017
Lorenzo Miniero
 
ClueCon 2017
ClueCon 2017ClueCon 2017
ClueCon 2017
Luca Pradovera
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a Microservice
Evan McGee
 
SIP in action Itexpo West
SIP in action Itexpo WestSIP in action Itexpo West
SIP in action Itexpo West
Graham Francis
 
SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction
Speakinprivate
 
Dalton Jim
Dalton JimDalton Jim
Dalton Jim
Carl Ford
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
Olle E Johansson
 
network security
network securitynetwork security
network security
Srinivasa Rao
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
Aaron Zauner
 
8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte
CPqD
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern Traffic
Shain Singh
 
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
Lilminow
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy Nolan
Joao Galdino Mello de Souza
 
Kranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcKranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtc
Tim Panton
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
Eric Klein
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical Overview
PrivateWave Italia SpA
 
E Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotE Snet Authentication Fabric Pilot
E Snet Authentication Fabric Pilot
FNian
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Frank Lesniak
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015
Mike Spaulding
 
Office in a box - Converged Applications Gateway
Office in a box - Converged Applications GatewayOffice in a box - Converged Applications Gateway
Office in a box - Converged Applications Gateway
SI3D systems
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
DataWorks Summit
 
PPT 2.0M
PPT 2.0MPPT 2.0M
PPT 2.0M
Videoguy
 
SIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile NetworksSIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile Networks
Daniel-Constantin Mierla
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
Aaron Zauner
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
Fatih Ozavci
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TWD Industries AG
 
ION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLSION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLS
Deploy360 Programme (Internet Society)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Más contenido relacionado

Similar a Securing Voice Communication

8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte
CPqD
 
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
Lilminow
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015
Mike Spaulding
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
DataWorks Summit
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
Aaron Zauner
 
ION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLSION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLS
Deploy360 Programme (Internet Society)
 

Similar a Securing Voice Communication (20)

network security
network securitynetwork security
network security
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
 
8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern Traffic
 
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy Nolan
 
Kranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcKranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtc
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical Overview
 
E Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotE Snet Authentication Fabric Pilot
E Snet Authentication Fabric Pilot
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015
 
Office in a box - Converged Applications Gateway
Office in a box - Converged Applications GatewayOffice in a box - Converged Applications Gateway
Office in a box - Converged Applications Gateway
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
 
PPT 2.0M
PPT 2.0MPPT 2.0M
PPT 2.0M
 
SIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile NetworksSIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile Networks
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
 
ION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLSION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLS
 

Último

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

Securing Voice Communication

  • 1. SECURING VOICE COMMUNICATION (The NSA does not need to hear about this.) by Luca Pradovera
  • 2. About me Luca Pradovera Voice Application Developer Mojo Lingo LLC, Atlanta, GA Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 3. CAN WE TRUST VOIP? NO. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 4. Alice, Bob and Bubba All cleartext! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 5. Signaling: SIP (SESSION INITIATION PROTOCOL) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 6. Request methods: INVITE, ACK, BYE SIP is similar to HTTP Headers: To, From Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 7. INVITE sip:123@10.203.175.11 SIP/2.0 Via: SIP/2.0/UDP 10.203.175.1:63851;rport;branch=z9hG4bKPjOZmllyLuQ52Gda.vzcmWrVVtmFKSyRuz Max-Forwards: 70 From: "Luca Pradovera" <sip:usera@10.203.175.11>;tag=DRTwWU5q2EfrbebG7IMvd3RdDbsKFPOX To: <sip:123@10.203.175.11> Contact: <sip:23941570@10.203.175.1:63851> Call-ID: PvpN2LErALSXW16MbkJPBcZNf7fzeSc4 CSeq: 15461 INVITE Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: 100rel, replaces, norefersub, gruu User-Agent: Blink Pro 3.4.0 (MacOSX) Authorization: Digest username="usera", realm="asterisk", nonce="080a602e", uri="sip: 123@10.203.175.11", response="40732f23b39bc681484874c89c424bf4", algorithm=MD5 SIP Headers Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 8. Content-Type: application/sdp Content-Length: 396 ! v=0 o=- 3595073567 3595073567 IN IP4 10.203.175.1 s=Blink Pro 3.4.0 (MacOSX) c=IN IP4 10.203.175.1 t=0 0 m=audio 50000 RTP/AVP 108 99 98 9 0 8 96 a=rtcp:50001 a=rtpmap:108 opus/48000 a=fmtp:108 useinbandfec=1 a=rtpmap:9 G722/8000 SDP Payload a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:96 telephone-event/8000 a=fmtp:96 0-15 a=sendrecv Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 9. Attacking SIP (TRY THIS AT SOMEONE ELSE’S HOME.) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 10. SIP digest auth is weak. MD5-1 = MD5 (Username:Realm:Password)
 MD5-2 = MD5 (Method:URI)
 Response MD5 Value = MD5 (MD5-1:Nonce:MD5-2) The only unknown term is the password = An offline attack is possible! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 11. SIP is vulnerable Forging Contact: to hijack a session Easy man-in the middle attacks DoS via Expires: 0 Denial of service via REGISTER Denial of service via BYE Identity theft Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 12. SIPS How do we solve this? (SIP Secure) Very similar to HTTPS - Requires client support Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 13. Software support • Asterisk: https://wiki.asterisk.org/wiki/display/AST/Secure +Calling+Tutorial • FreeSWITCH: http://wiki.freeswitch.org/wiki/SIP_TLS • Many softphones and hardware phones Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 14. Media: RTP (REAL-TIME TRANSPORT PROTOCOL) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 15. RTP Basics UDP protocol Ports 1024 to 65535 Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 16. Let me hear you say… Packet sniffing enables easy eavesdropping A switched network requires an ARP cache poisoning attack but not much more CREEPY DEMO TIME! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 17. What if I want to be REALLY bad? The timestamp usually starts with 0 and increments by the length of the codec content (e.g. 160ms); the sequence starts with 0 and increments by 1, and the SSRC is usually a static value for the session and a function of time. = They are PREDICTABLE! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 18. How can we have fun? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 19. Audio injection By predicting timestamp, sequence and SSRC, we can play whatever frame we want. “Did you just say something? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 20. Audio replacement Using higher sequences and timestamp, we make the original audio packets obsolete. Just replace “buy” with “sell” and watch Bitcoin crash! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 21. What if I am just grumpy? DoS via packet flooding (keep repeating a packet) DoS by RTCP Bye (session teardown) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 22. By the way, the NSA knows about this. (AND IN CASE THEY WERE MISSING ANYTHING, IT IS IN MY DROPBOX ANYWAY) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 23. SRTP (Secure RTP) Uses AES in counter mode (AESCTR) with 128 or 256 bit keys Generates a cypher stream that is XORed real-time with plaintext media Headers are signed, payload is encrypted Uses symmetric keys and ciphers that need to be negotiated somehow Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 24. Still need those keys… (NEGOTIATION) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 25. MIKEY and SDES MIKEY was never actually adopted because it requires additional SIP capabilities SDES (SDP Security Descriptions) a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 requires full TLS protection and still exposes keying to SIP servers. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 26. Keying in the media path: DTLS-SRTP • DTLS exchange over the media port • Uses secrets from the DTLS handshake as keying information • Requires PKI (Public Key Infrastructure) • Used by WebRTC Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 27. ZRTP (Z is cooler than S.) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 28. What it does 1. Discovery phase, to find out if the peers support ZRTP 2. Key agreement phase, to exchange the keying data 3. Secure phase, confirming the cryptographic exchange worked and switching to SRTP Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 29. How it works • Exchange happens in media path • Diffie-Hellman key exchange • SAS (Short Authentication String) produced so it can be compared by humans Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 30. Hellman, the mayonnaise guy? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 31. Why is the SAS important? • The Short Authentication String is computed with a hash of the keys negotiated during DH exchange • It is usually a 4 digit number • It guarantees the absence of a man-in-the-middle • It is retained and reused for subsequent communications Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 32. Benefits • Does not require any signaling security • It is, in fact, signaling and server agnostic (SIP, H. 323, Jingle, WebRTC) • Protected against man-in-the-middle attacks • Best-effort encryption with feedback (the user agent knows if the line is secure or not) • It has a Z in the acronym. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 33. Software support • FreeSWITCH: https://wiki.freeswitch.org/wiki/ZRTP • Jitsi: https://jitsi.org/ • ZFone: http://zfoneproject.com/ Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 34. Final caveats • You are never truly secure • Ensure you never drop out of the IP network • Endpoints are easy targets Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 35. Bibliography • Hacking VoIP: Protocols, Attacks and Countermeasures (http://goo.gl/33EtU7) • SIP: Understanding the Session Initiation Protocol (http://goo.gl/sFSsSi) • Applied Cryptography: Protocols, Algorithms, and Source Code in C (http://goo.gl/U4QOJj) • Countless RFCs and extensions Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 36. Thank you! • http:// mojolingo.com • @lucaprado on Twitter • polysics on Github and IRC Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA