Escolar Documentos
Profissional Documentos
Cultura Documentos
Revision 1.1
Ofir Arkin
Managing Security Architect
©2002 @STAKE, INC.
Agenda
Overview
An Introduction to VoIP
2
©2002 @STAKE, INC.
Overview
Overview
Some security issues arise from Media Transport
protocols (RTP, RTCP, SCTP) being used to carry
voice, some security issues arise from Signaling
protocols (SIP, H.323, MEGACO, MGCP) and their
respected architecture (the placement of the
“intelligence”, as an example) which are being
used, and other issues arise from the different
components that combine a VoIP architecture. We
will also examine supporting protocols, such as
Quality of Service (QoS) protocols. We can even
name physical security as another source for
concern.
VoIP has a wide range of deployment
scenarios, hence a wide range of security
problems reflecting these scenarios. 4
©2002 @STAKE, INC.
A Definition of VoIP
We can define VoIP simply as “the transport
of voice traffic using the Internet Protocol”.
Stating “using the Internet Protocol”
associates the usage of the Internet in the
mind of many people. But the matter of fact is
that Internet Telephony is only a portion of
VoIP, and VoIP has a broader definition. To
remove any shreds of a debut we define VoIP
as “the transport of voice traffic using the
Internet Protocol utilizing any network”.
5
©2002 @STAKE, INC.
Protocol Types:
Media Transport
Destination device returns
its IP Address to the
SIP IP Phone originating device and a
7
media connection is opened
©2002 @STAKE, INC.
Media Transport
RTP and RTCP (IETF)
SCTP (IETF)
Supporting Services
DNS
Routing - TRIP (Telephony Routing over IP)
Quality of Service – RSVP, 802.1q
8
©2002 @STAKE, INC.
Traditional Telephony:
IP:
13
©2002 @STAKE, INC.
an organization.
©2002 @STAKE, INC.
Delay/Latency
Jitter
Packet Loss
Speech Coding Techniques
19
©2002 @STAKE, INC.
Latency/Delay
With VoIP we define latency as the interval it
takes speech to exit the speaker’s mouth and
reach the listener’s ear. This definition is also
known as “one way latency” or “mouth-to-ear
latency”. Typically latency is measured by
milliseconds. The sum of the two one-way
latency figures is also known as the round trip
latency. ITU-T recommendation G.114 specifies
that in order to have a good quality of voice, the
round-trip delay should not exceed 300ms.
20
©2002 @STAKE, INC.
22
©2002 @STAKE, INC.
Modem
100BaseT
PC
28
©2002 @STAKE, INC.
29
©2002 @STAKE, INC.
33
©2002 @STAKE, INC.
Data
Voice
My Hub (is your Hub)
Data
By passing si mple pack et shap ing
mec hanisms.
Get ting int o t he Voi ce VL AN: End -of - 37
Gam e.
©2002 @STAKE, INC.
IP Phone
100BaseT 100BaseT
PC
I a m represent ing
the p hys ical ad dress I am rep resent ing
of the IP Phone the p hy si cal a ddress
of the Swi tch
No Electricity No Service.
“G, here goes our Carrier Grade
availability…”
too much
traffic, but still you can cause outage in the
©2002 @STAKE, INC.
IP Phones (Easy)
Routers, Switches (depends on the equipment)
Signaling Gateways, Media Gateways, SIP
41
Proxies…
(Easy-Medium)
Any device in the path a call takes from a
©2002 @STAKE, INC.
4 bit
4 bit
Us ed b y a re ceiver Version
Header
Length
8-bit type of service 16-bit total length ( in bytes )
The ti mestamp is us ed to
16-bit Source Port 16-bit Destination Port
pla ce R TP pack ets i n a 8 bytes
co rre ct timing o rder 16-bit UDP Length 16-bit UDP Checksum
V P X CC M PT Sequence Number
Timestamp
Identifie s the
so ur ce o f an SSRC
RTP s tream
CSRC
42
©2002 @STAKE, INC.
Encryption
“k” parameter…
©2002 @STAKE, INC.
Mixer Mixer
128kbps 128kbps 64kbps 64kbps
Denial of Service
48
©2002 @STAKE, INC.
49
©2002 @STAKE, INC.
SIP Components
SIP UAC – SIP User Agent Client
UA – UAC + UAS
SIP Architecture
DNS Server
The Location Service is
being queries to check that
the destination IP address
DNS Query for
represents a valid registered
the IP Address of
device, and for its IP Address
the SIP Proxy of
the Destination Location Service
Domain SIP Proxy
VITE
FW: SIP IN
100 Trying
g
180 Ringin FW
:S
200 OK 18 IP
0R IN
E ACK 20 ing VI
IT T
V
IN ing g SIP Proxy AC 0 OK ing E
P ry K
SI T in
0 0 i ng
1 R K
8 0 O K
1 0
20 AC
SIP IP Phone
RTP Media
Both Way
BYE
200 OK
53
SIP IP Phone
©2002 @STAKE, INC.
v=0
o=UserA 2890844526 2890844526 IN IP4 here.com
s=Session SDP
c=IN IP4 100.101.102.103
t=0 0
m=audio 49172 RTP/AVP 0
a=rtpmap:0 PCMU/8000 54
©2002 @STAKE, INC.
B: SIP IP Phone
ITE
INV
EL
NC
CA
A: SIP IP Phone
C:Attacker
Cseq…”
©2002 @STAKE, INC.
B: SIP IP Phone
ITE
INV
CANCEL
A: SIP IP Phone
C:Attacker
57
©2002 @STAKE, INC.
v=0
o=UserA 2890844526 2890844526 IN IP4 here.com
s=Session SDP
c=IN IP4 100.101.102.103
t=0 0
m=audio 49172 RTP/AVP 0
a=rtpmap:0 PCMU/8000 59
©2002 @STAKE, INC.
B: SIP IP Phone
ITE
INV
301 Mo
ved Pe
r manen
tly
INVIT
E’
A: SIP IP Phone
C:Attacker
60
©2002 @STAKE, INC.
A: SIP IP Phone
C:Attacker
61
©2002 @STAKE, INC.
Authentication Mechanisms:
Basic
Digest
PGP (not any more)
63
©2002 @STAKE, INC.
SIP Proxy
SIP Proxy
IP Phone B
SIP Proxy
SIP Proxy
Questions?
Ofir Arkin
Managing Security Architect