SlideShare ist ein Scribd-Unternehmen logo

Securing Voice Communication

Luca Pradovera
Luca Pradovera

A presentation given at AdhearsionConf 2013 about the possible attacks against SIP and RTP relative countermeasures.

Technologie
1 von 36
Downloaden Sie, um offline zu lesen
SECURING VOICE COMMUNICATION (The NSA does not need to hear about this.) by Luca Pradovera
About me Luca Pradovera Voice Application Developer Mojo Lingo LLC, Atlanta, GA Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
CAN WE TRUST VOIP? NO. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Alice, Bob and Bubba All cleartext! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Signaling: SIP (SESSION INITIATION PROTOCOL) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Request methods: INVITE, ACK, BYE SIP is similar to HTTP Headers: To, From Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
INVITE sip:123@10.203.175.11 SIP/2.0 Via: SIP/2.0/UDP 10.203.175.1:63851;rport;branch=z9hG4bKPjOZmllyLuQ52Gda.vzcmWrVVtmFKSyRuz Max-Forwards: 70 From: "Luca Pradovera" <sip:usera@10.203.175.11>;tag=DRTwWU5q2EfrbebG7IMvd3RdDbsKFPOX To: <sip:123@10.203.175.11> Contact: <sip:23941570@10.203.175.1:63851> Call-ID: PvpN2LErALSXW16MbkJPBcZNf7fzeSc4 CSeq: 15461 INVITE Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: 100rel, replaces, norefersub, gruu User-Agent: Blink Pro 3.4.0 (MacOSX) Authorization: Digest username="usera", realm="asterisk", nonce="080a602e", uri="sip: 123@10.203.175.11", response="40732f23b39bc681484874c89c424bf4", algorithm=MD5 SIP Headers Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Content-Type: application/sdp Content-Length: 396 ! v=0 o=- 3595073567 3595073567 IN IP4 10.203.175.1 s=Blink Pro 3.4.0 (MacOSX) c=IN IP4 10.203.175.1 t=0 0 m=audio 50000 RTP/AVP 108 99 98 9 0 8 96 a=rtcp:50001 a=rtpmap:108 opus/48000 a=fmtp:108 useinbandfec=1 a=rtpmap:9 G722/8000 SDP Payload a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:96 telephone-event/8000 a=fmtp:96 0-15 a=sendrecv Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Attacking SIP (TRY THIS AT SOMEONE ELSE’S HOME.) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
SIP digest auth is weak. MD5-1 = MD5 (Username:Realm:Password)
 MD5-2 = MD5 (Method:URI)
 Response MD5 Value = MD5 (MD5-1:Nonce:MD5-2) The only unknown term is the password = An offline attack is possible! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
SIP is vulnerable Forging Contact: to hijack a session Easy man-in the middle attacks DoS via Expires: 0 Denial of service via REGISTER Denial of service via BYE Identity theft Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
SIPS How do we solve this? (SIP Secure) Very similar to HTTPS - Requires client support Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Software support • Asterisk: https://wiki.asterisk.org/wiki/display/AST/Secure +Calling+Tutorial • FreeSWITCH: http://wiki.freeswitch.org/wiki/SIP_TLS • Many softphones and hardware phones Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Media: RTP (REAL-TIME TRANSPORT PROTOCOL) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
RTP Basics UDP protocol Ports 1024 to 65535 Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Let me hear you say… Packet sniffing enables easy eavesdropping A switched network requires an ARP cache poisoning attack but not much more CREEPY DEMO TIME! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
What if I want to be REALLY bad? The timestamp usually starts with 0 and increments by the length of the codec content (e.g. 160ms); the sequence starts with 0 and increments by 1, and the SSRC is usually a static value for the session and a function of time. = They are PREDICTABLE! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
How can we have fun? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Audio injection By predicting timestamp, sequence and SSRC, we can play whatever frame we want. “Did you just say something? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Audio replacement Using higher sequences and timestamp, we make the original audio packets obsolete. Just replace “buy” with “sell” and watch Bitcoin crash! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
What if I am just grumpy? DoS via packet flooding (keep repeating a packet) DoS by RTCP Bye (session teardown) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
By the way, the NSA knows about this. (AND IN CASE THEY WERE MISSING ANYTHING, IT IS IN MY DROPBOX ANYWAY) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
SRTP (Secure RTP) Uses AES in counter mode (AESCTR) with 128 or 256 bit keys Generates a cypher stream that is XORed real-time with plaintext media Headers are signed, payload is encrypted Uses symmetric keys and ciphers that need to be negotiated somehow Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Still need those keys… (NEGOTIATION) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
MIKEY and SDES MIKEY was never actually adopted because it requires additional SIP capabilities SDES (SDP Security Descriptions) a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 requires full TLS protection and still exposes keying to SIP servers. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Keying in the media path: DTLS-SRTP • DTLS exchange over the media port • Uses secrets from the DTLS handshake as keying information • Requires PKI (Public Key Infrastructure) • Used by WebRTC Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
ZRTP (Z is cooler than S.) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
What it does 1. Discovery phase, to find out if the peers support ZRTP 2. Key agreement phase, to exchange the keying data 3. Secure phase, confirming the cryptographic exchange worked and switching to SRTP Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
How it works • Exchange happens in media path • Diffie-Hellman key exchange • SAS (Short Authentication String) produced so it can be compared by humans Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Hellman, the mayonnaise guy? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Why is the SAS important? • The Short Authentication String is computed with a hash of the keys negotiated during DH exchange • It is usually a 4 digit number • It guarantees the absence of a man-in-the-middle • It is retained and reused for subsequent communications Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Benefits • Does not require any signaling security • It is, in fact, signaling and server agnostic (SIP, H. 323, Jingle, WebRTC) • Protected against man-in-the-middle attacks • Best-effort encryption with feedback (the user agent knows if the line is secure or not) • It has a Z in the acronym. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Software support • FreeSWITCH: https://wiki.freeswitch.org/wiki/ZRTP • Jitsi: https://jitsi.org/ • ZFone: http://zfoneproject.com/ Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Final caveats • You are never truly secure • Ensure you never drop out of the IP network • Endpoints are easy targets Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Bibliography • Hacking VoIP: Protocols, Attacks and Countermeasures (http://goo.gl/33EtU7) • SIP: Understanding the Session Initiation Protocol (http://goo.gl/sFSsSi) • Applied Cryptography: Protocols, Algorithms, and Source Code in C (http://goo.gl/U4QOJj) • Countless RFCs and extensions Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
Thank you! • http:// mojolingo.com • @lucaprado on Twitter • polysics on Github and IRC Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA

Empfohlen

Scaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceScaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceMoises Silva
 
Janus/Asterisk @ Astricon 2017
Janus/Asterisk @ Astricon 2017Janus/Asterisk @ Astricon 2017
Janus/Asterisk @ Astricon 2017Lorenzo Miniero
 
ClueCon 2017
ClueCon 2017ClueCon 2017
ClueCon 2017Luca Pradovera
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
SIP in action Itexpo West
SIP in action Itexpo WestSIP in action Itexpo West
SIP in action Itexpo WestGraham Francis
 
SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction Speakinprivate
 
Dalton Jim
Dalton JimDalton Jim
Dalton JimCarl Ford
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldOlle E Johansson
 

Empfohlen

Scaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceScaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceMoises Silva
 
Janus/Asterisk @ Astricon 2017
Janus/Asterisk @ Astricon 2017Janus/Asterisk @ Astricon 2017
Janus/Asterisk @ Astricon 2017Lorenzo Miniero
 
ClueCon 2017
ClueCon 2017ClueCon 2017
ClueCon 2017Luca Pradovera
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
SIP in action Itexpo West
SIP in action Itexpo WestSIP in action Itexpo West
SIP in action Itexpo WestGraham Francis
 
SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction Speakinprivate
 
Dalton Jim
Dalton JimDalton Jim
Dalton JimCarl Ford
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldOlle E Johansson
 
network security
network securitynetwork security
network securitySrinivasa Rao
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lteCPqD
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficShain Singh
 
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdfLilminow
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanJoao Galdino Mello de Souza
 
Kranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcKranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcTim Panton
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateWave Italia SpA
 
Digital Technology and Programming Combined Presentation
Digital Technology and Programming Combined PresentationDigital Technology and Programming Combined Presentation
Digital Technology and Programming Combined PresentationRobert Casto
 
E Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotE Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotFNian
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015Mike Spaulding
 
Office in a box - Converged Applications Gateway
Office in a box - Converged Applications GatewayOffice in a box - Converged Applications Gateway
Office in a box - Converged Applications GatewaySI3D systems
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeDataWorks Summit
 
PPT 2.0M
PPT 2.0MPPT 2.0M
PPT 2.0MVideoguy
 
SIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile NetworksSIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile NetworksDaniel-Constantin Mierla
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTWD Industries AG
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Weitere ähnliche Inhalte

Ähnlich wie Securing Voice Communication

Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lteCPqD
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficShain Singh
 
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdfLilminow
 
Kranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcKranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcTim Panton
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateWave Italia SpA
 
Digital Technology and Programming Combined Presentation
Digital Technology and Programming Combined PresentationDigital Technology and Programming Combined Presentation
Digital Technology and Programming Combined PresentationRobert Casto
 
E Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotE Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotFNian
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015Mike Spaulding
 
Office in a box - Converged Applications Gateway
Office in a box - Converged Applications GatewayOffice in a box - Converged Applications Gateway
Office in a box - Converged Applications GatewaySI3D systems
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeDataWorks Summit
 
SIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile NetworksSIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile NetworksDaniel-Constantin Mierla
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTWD Industries AG
 

Ähnlich wie Securing Voice Communication (20)

network security
network securitynetwork security
network security
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
 
8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern Traffic
 
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy Nolan
 
Kranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcKranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtc
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical Overview
 
Digital Technology and Programming Combined Presentation
Digital Technology and Programming Combined PresentationDigital Technology and Programming Combined Presentation
Digital Technology and Programming Combined Presentation
 
E Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotE Snet Authentication Fabric Pilot
E Snet Authentication Fabric Pilot
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015
 
Office in a box - Converged Applications Gateway
Office in a box - Converged Applications GatewayOffice in a box - Converged Applications Gateway
Office in a box - Converged Applications Gateway
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
 
PPT 2.0M
PPT 2.0MPPT 2.0M
PPT 2.0M
 
SIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile NetworksSIP Server Optimizations for Mobile Networks
SIP Server Optimizations for Mobile Networks
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
 

Kürzlich hochgeladen

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 

Kürzlich hochgeladen (20)

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 

Securing Voice Communication

  • 1. SECURING VOICE COMMUNICATION (The NSA does not need to hear about this.) by Luca Pradovera
  • 2. About me Luca Pradovera Voice Application Developer Mojo Lingo LLC, Atlanta, GA Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 3. CAN WE TRUST VOIP? NO. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 4. Alice, Bob and Bubba All cleartext! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 5. Signaling: SIP (SESSION INITIATION PROTOCOL) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 6. Request methods: INVITE, ACK, BYE SIP is similar to HTTP Headers: To, From Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 7. INVITE sip:123@10.203.175.11 SIP/2.0 Via: SIP/2.0/UDP 10.203.175.1:63851;rport;branch=z9hG4bKPjOZmllyLuQ52Gda.vzcmWrVVtmFKSyRuz Max-Forwards: 70 From: "Luca Pradovera" <sip:usera@10.203.175.11>;tag=DRTwWU5q2EfrbebG7IMvd3RdDbsKFPOX To: <sip:123@10.203.175.11> Contact: <sip:23941570@10.203.175.1:63851> Call-ID: PvpN2LErALSXW16MbkJPBcZNf7fzeSc4 CSeq: 15461 INVITE Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: 100rel, replaces, norefersub, gruu User-Agent: Blink Pro 3.4.0 (MacOSX) Authorization: Digest username="usera", realm="asterisk", nonce="080a602e", uri="sip: 123@10.203.175.11", response="40732f23b39bc681484874c89c424bf4", algorithm=MD5 SIP Headers Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 8. Content-Type: application/sdp Content-Length: 396 ! v=0 o=- 3595073567 3595073567 IN IP4 10.203.175.1 s=Blink Pro 3.4.0 (MacOSX) c=IN IP4 10.203.175.1 t=0 0 m=audio 50000 RTP/AVP 108 99 98 9 0 8 96 a=rtcp:50001 a=rtpmap:108 opus/48000 a=fmtp:108 useinbandfec=1 a=rtpmap:9 G722/8000 SDP Payload a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:96 telephone-event/8000 a=fmtp:96 0-15 a=sendrecv Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 9. Attacking SIP (TRY THIS AT SOMEONE ELSE’S HOME.) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 10. SIP digest auth is weak. MD5-1 = MD5 (Username:Realm:Password)
 MD5-2 = MD5 (Method:URI)
 Response MD5 Value = MD5 (MD5-1:Nonce:MD5-2) The only unknown term is the password = An offline attack is possible! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 11. SIP is vulnerable Forging Contact: to hijack a session Easy man-in the middle attacks DoS via Expires: 0 Denial of service via REGISTER Denial of service via BYE Identity theft Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 12. SIPS How do we solve this? (SIP Secure) Very similar to HTTPS - Requires client support Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 13. Software support • Asterisk: https://wiki.asterisk.org/wiki/display/AST/Secure +Calling+Tutorial • FreeSWITCH: http://wiki.freeswitch.org/wiki/SIP_TLS • Many softphones and hardware phones Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 14. Media: RTP (REAL-TIME TRANSPORT PROTOCOL) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 15. RTP Basics UDP protocol Ports 1024 to 65535 Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 16. Let me hear you say… Packet sniffing enables easy eavesdropping A switched network requires an ARP cache poisoning attack but not much more CREEPY DEMO TIME! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 17. What if I want to be REALLY bad? The timestamp usually starts with 0 and increments by the length of the codec content (e.g. 160ms); the sequence starts with 0 and increments by 1, and the SSRC is usually a static value for the session and a function of time. = They are PREDICTABLE! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 18. How can we have fun? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 19. Audio injection By predicting timestamp, sequence and SSRC, we can play whatever frame we want. “Did you just say something? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 20. Audio replacement Using higher sequences and timestamp, we make the original audio packets obsolete. Just replace “buy” with “sell” and watch Bitcoin crash! Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 21. What if I am just grumpy? DoS via packet flooding (keep repeating a packet) DoS by RTCP Bye (session teardown) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 22. By the way, the NSA knows about this. (AND IN CASE THEY WERE MISSING ANYTHING, IT IS IN MY DROPBOX ANYWAY) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 23. SRTP (Secure RTP) Uses AES in counter mode (AESCTR) with 128 or 256 bit keys Generates a cypher stream that is XORed real-time with plaintext media Headers are signed, payload is encrypted Uses symmetric keys and ciphers that need to be negotiated somehow Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 24. Still need those keys… (NEGOTIATION) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 25. MIKEY and SDES MIKEY was never actually adopted because it requires additional SIP capabilities SDES (SDP Security Descriptions) a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 requires full TLS protection and still exposes keying to SIP servers. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 26. Keying in the media path: DTLS-SRTP • DTLS exchange over the media port • Uses secrets from the DTLS handshake as keying information • Requires PKI (Public Key Infrastructure) • Used by WebRTC Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 27. ZRTP (Z is cooler than S.) Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 28. What it does 1. Discovery phase, to find out if the peers support ZRTP 2. Key agreement phase, to exchange the keying data 3. Secure phase, confirming the cryptographic exchange worked and switching to SRTP Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 29. How it works • Exchange happens in media path • Diffie-Hellman key exchange • SAS (Short Authentication String) produced so it can be compared by humans Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 30. Hellman, the mayonnaise guy? Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 31. Why is the SAS important? • The Short Authentication String is computed with a hash of the keys negotiated during DH exchange • It is usually a 4 digit number • It guarantees the absence of a man-in-the-middle • It is retained and reused for subsequent communications Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 32. Benefits • Does not require any signaling security • It is, in fact, signaling and server agnostic (SIP, H. 323, Jingle, WebRTC) • Protected against man-in-the-middle attacks • Best-effort encryption with feedback (the user agent knows if the line is secure or not) • It has a Z in the acronym. Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 33. Software support • FreeSWITCH: https://wiki.freeswitch.org/wiki/ZRTP • Jitsi: https://jitsi.org/ • ZFone: http://zfoneproject.com/ Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 34. Final caveats • You are never truly secure • Ensure you never drop out of the IP network • Endpoints are easy targets Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 35. Bibliography • Hacking VoIP: Protocols, Attacks and Countermeasures (http://goo.gl/33EtU7) • SIP: Understanding the Session Initiation Protocol (http://goo.gl/sFSsSi) • Applied Cryptography: Protocols, Algorithms, and Source Code in C (http://goo.gl/U4QOJj) • Countless RFCs and extensions Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA
  • 36. Thank you! • http:// mojolingo.com • @lucaprado on Twitter • polysics on Github and IRC Securing telephony - AdhearsionConf 2013 - December 4 and 5, Atlanta, GA