SlideShare a Scribd company logo

Morecrypto in the world of SIP - the Session Initiation Protocol

Olle E Johansson
Olle E Johansson

The Internet is under attack and we need more encryption everywhere. This applies to the world of realtime communication too. This talk briefly goes through what can be done today and what needs to be done in the future. Originally delivered at Kamailio World 2014 in Berlin.

Technology
1 of 19
#MoreCrypto and SIP A small step to make it harder 
 to listen to SIP based activity. V1.5 - SIP - oej@edvina.net - slideshare.net/oej 2014-02-09
The problem We have built an information network
 that is too easy to monitor. We simply
 trusted everyone too much in a naive way. Sadly, we can’t do
 that any more.
#MoreCrypto The Internet mirrors society When the Internet was small, there was a select group
 of people using it. They felt is was a safe place.
#MoreCrypto As the Internet grew and reflects more of society,
 we forgot to harden it. It’s time now.
#MoreCrypto The engineers are working The IETF recently decided to focus a lot of energy to add more confidentiality and
 security in general to the technology
 we use every day. The IETF is the organisation that defined
 most of the standards we use today to communicate.
What’s the problem?
#MoreCrypto Changing the Internet
 is too hard. We are not using the security tools we have in the way they are meant to be used today. In some cases, like e-mail and IP telephony, most of us do not use any security tools at all.
#MoreCrypto How do we change? The users must require change. Otherwise,
 very few things happen. But developers can change implementations too.
 
 It is up to you and me.
#MoreCrypto What needs to be done? A lot of changes needs to be done in how we build
 services, operate them and use them. More crypto Easy to use authentication Enhanced privacy Stronger confidentiality …and much more
#MoreCrypto TLS is an important tool TLS Transport
 Layer
 Security TLS provides confidentiality, identity
 and integrity to Internet communication. TLS is used in HTTPS:// web pages, but can also be used from applications on a computer as well as a cell phone. TLS is based on SSL, that was a provider-specific technology. TLS is maintained by the IETF and is still being improved.
#MoreCrypto Start simple. Use connection encryption wherever possible. Use HTTPS and serve information over HTTPS In short:
 #MoreCrypto
#MoreCrypto Why? More crypto on the Internet raise the cost of listening in to our information flows, our conversations. It does not solve all the issues, we have a lot of work
 ahead of us. Using more TLS is not very complicated and can be used in most applications today.
#MoreCrypto The work continues Mobile
 apps Web IP
 Telephony E-mail Cloud
 Services Internet of things The Digital home Chat Video
 Services Require
 #MoreCrypto!
NEW! OPPURTUNISTIC
 SECURITY Secure network traffic, regardless of what the user says. Do whatever you can to make it harder to listen in.
#MoreCrypto Re-learning Authenticated TLS Opportunistic encryption 
 of sessions Secure signalling
 hop by hop. Not secure, but 
 harder to listen in SDES key exchange + SRTP Not secure, but 
 harder to listen to media DTLS key exchange + SRTP Secure if end2end
#MoreCrypto Opportunistic Security In SIP Clients - UAs and Proxys - should prefer
 TLS over TCP and UDP. Let’s forget about
 the SIPS uri.
 It just doesn’t work or help. All servers - SBC, B2BUA, PBX, Proxys
 should have TLS working. Certificates are available for free! Use SRTP wherever possible.
#MoreCrypto Let’s make this happen. Default to trying TLS before
 any other SIP transport Always offer SRTP,
 Maybe combination Rtp + SRTP Always install TLS
 certificates in servers Use SIP outbound over
 TLS from UAs
#MoreCrypto A final word "The point is not to make enforcement of the law more difficult; legal intercept is a necessary part of living in a society. 
 
 Casual retention of everyone’s data, ripe for misuse, however, is not, and that’s what the industry — from Google and Yahoo!, to the IETF and Tim Berners-Lee — are pushing back on." Mark Nottingham, 
 chair of the IETF HTTPbis wg http://www.mnot.net/blog/2014/03/17/trying_out_tls_for_http_urls
#MoreCrypto More information http://www.internetsociety.org/deploy360/tls/ https://bettercrypto.org http://tools.ietf.org/html/draft-farrell-perpass-attack-06

Recommended

Iot course online training
Iot course online trainingIot course online training
Iot course online trainingTejaspathiLV
 
iot certification course training Bangalore
iot certification course training Bangaloreiot certification course training Bangalore
iot certification course training Bangaloremarketer1234
 
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youDeploy360 Programme (Internet Society)
 
TFI2014 Session II - Requirements for SDN - Jeff Doyle
TFI2014 Session II - Requirements for SDN - Jeff DoyleTFI2014 Session II - Requirements for SDN - Jeff Doyle
TFI2014 Session II - Requirements for SDN - Jeff DoyleColorado Internet Society (CO ISOC)
 
07 Open ICT Tools
07 Open ICT Tools07 Open ICT Tools
07 Open ICT ToolsBCE A&E
 
Swisscom: Smart Homes & Security Risks
Swisscom: Smart Homes & Security RisksSwisscom: Smart Homes & Security Risks
Swisscom: Smart Homes & Security RisksLea-María Louzada
 
Week2 S Ponges
Week2 S PongesWeek2 S Ponges
Week2 S PongesCorey Topf
 
Decentralized reception grethe
Decentralized reception gretheDecentralized reception grethe
Decentralized reception gretheGeorge Bekiaridis
 

Recommended

Iot course online training
Iot course online trainingIot course online training
Iot course online trainingTejaspathiLV
 
iot certification course training Bangalore
iot certification course training Bangaloreiot certification course training Bangalore
iot certification course training Bangaloremarketer1234
 
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youDeploy360 Programme (Internet Society)
 
TFI2014 Session II - Requirements for SDN - Jeff Doyle
TFI2014 Session II - Requirements for SDN - Jeff DoyleTFI2014 Session II - Requirements for SDN - Jeff Doyle
TFI2014 Session II - Requirements for SDN - Jeff DoyleColorado Internet Society (CO ISOC)
 
07 Open ICT Tools
07 Open ICT Tools07 Open ICT Tools
07 Open ICT ToolsBCE A&E
 
Swisscom: Smart Homes & Security Risks
Swisscom: Smart Homes & Security RisksSwisscom: Smart Homes & Security Risks
Swisscom: Smart Homes & Security RisksLea-María Louzada
 
Week2 S Ponges
Week2 S PongesWeek2 S Ponges
Week2 S PongesCorey Topf
 
Decentralized reception grethe
Decentralized reception gretheDecentralized reception grethe
Decentralized reception gretheGeorge Bekiaridis
 
Bds Blind Spot Mirror Systems Uk
Bds Blind Spot Mirror Systems UkBds Blind Spot Mirror Systems Uk
Bds Blind Spot Mirror Systems UkGuido Weijerman
 
Actividad 3
Actividad 3Actividad 3
Actividad 3Manuel Martin Barragán
 
Ep 2012 week4-piaget
Ep 2012 week4-piagetEp 2012 week4-piaget
Ep 2012 week4-piagetlaurahe
 
Week 36
Week 36Week 36
Week 36Corey Topf
 
Iadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And NavigationIadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And NavigationHans Kemp
 
Iad2 0910 q4 les 1 ontwerpen met patronen
Iad2 0910 q4 les 1 ontwerpen met patronenIad2 0910 q4 les 1 ontwerpen met patronen
Iad2 0910 q4 les 1 ontwerpen met patronenHans Kemp
 
Ouderavond Groningen Maart 2011
Ouderavond Groningen Maart 2011Ouderavond Groningen Maart 2011
Ouderavond Groningen Maart 2011inespee
 
Medical Librarianship in the Philippines: what's in store beyond the next gen...
Medical Librarianship in the Philippines: what's in store beyond the next gen...Medical Librarianship in the Philippines: what's in store beyond the next gen...
Medical Librarianship in the Philippines: what's in store beyond the next gen...Joseph Yap
 
Vocab lang&masscomm
Vocab lang&masscommVocab lang&masscomm
Vocab lang&masscommCorey Topf
 
Unit1 characteranalysis
Unit1 characteranalysisUnit1 characteranalysis
Unit1 characteranalysisCorey Topf
 
Birkenes kommune
Birkenes kommuneBirkenes kommune
Birkenes kommuneGeorge Bekiaridis
 
Paper2 olympics copy
Paper2 olympics copyPaper2 olympics copy
Paper2 olympics copyCorey Topf
 
Intro.
Intro.Intro.
Intro.Corey Topf
 
Good to Great - Journal
Good to Great - JournalGood to Great - Journal
Good to Great - JournalGopal Thiruvenkadam
 
Unit 2 3 1 Costs Of Production
Unit 2 3 1 Costs Of ProductionUnit 2 3 1 Costs Of Production
Unit 2 3 1 Costs Of ProductionCorey Topf
 
The Effects of Cross-Pollination : How non-library mass market services are c...
The Effects of Cross-Pollination : How non-library mass market services are c...The Effects of Cross-Pollination : How non-library mass market services are c...
The Effects of Cross-Pollination : How non-library mass market services are c...Baden Hughes
 
Norwegian directorate of integration an diversity
Norwegian directorate of integration an diversityNorwegian directorate of integration an diversity
Norwegian directorate of integration an diversityGeorge Bekiaridis
 
IADD1 0809Q3 Hoorcollege2 Deeltijd
IADD1 0809Q3 Hoorcollege2 DeeltijdIADD1 0809Q3 Hoorcollege2 Deeltijd
IADD1 0809Q3 Hoorcollege2 DeeltijdHans Kemp
 
Disambiguating Advanced Computing for Humanities Researchers
Disambiguating Advanced Computing for Humanities ResearchersDisambiguating Advanced Computing for Humanities Researchers
Disambiguating Advanced Computing for Humanities ResearchersBaden Hughes
 
Innovation academy2014 2015
Innovation academy2014 2015Innovation academy2014 2015
Innovation academy2014 2015Corey Topf
 
#MoreCrypto
#MoreCrypto #MoreCrypto
#MoreCrypto Olle E Johansson
 
#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLSOlle E Johansson
 

More Related Content

Viewers also liked

Bds Blind Spot Mirror Systems Uk
Bds Blind Spot Mirror Systems UkBds Blind Spot Mirror Systems Uk
Bds Blind Spot Mirror Systems UkGuido Weijerman
 
Ep 2012 week4-piaget
Ep 2012 week4-piagetEp 2012 week4-piaget
Ep 2012 week4-piagetlaurahe
 
Iadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And NavigationIadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And NavigationHans Kemp
 
Iad2 0910 q4 les 1 ontwerpen met patronen
Iad2 0910 q4 les 1 ontwerpen met patronenIad2 0910 q4 les 1 ontwerpen met patronen
Iad2 0910 q4 les 1 ontwerpen met patronenHans Kemp
 
Ouderavond Groningen Maart 2011
Ouderavond Groningen Maart 2011Ouderavond Groningen Maart 2011
Ouderavond Groningen Maart 2011inespee
 
Medical Librarianship in the Philippines: what's in store beyond the next gen...
Medical Librarianship in the Philippines: what's in store beyond the next gen...Medical Librarianship in the Philippines: what's in store beyond the next gen...
Medical Librarianship in the Philippines: what's in store beyond the next gen...Joseph Yap
 
Vocab lang&masscomm
Vocab lang&masscommVocab lang&masscomm
Vocab lang&masscommCorey Topf
 
Unit1 characteranalysis
Unit1 characteranalysisUnit1 characteranalysis
Unit1 characteranalysisCorey Topf
 
Paper2 olympics copy
Paper2 olympics copyPaper2 olympics copy
Paper2 olympics copyCorey Topf
 
Unit 2 3 1 Costs Of Production
Unit 2 3 1 Costs Of ProductionUnit 2 3 1 Costs Of Production
Unit 2 3 1 Costs Of ProductionCorey Topf
 
The Effects of Cross-Pollination : How non-library mass market services are c...
The Effects of Cross-Pollination : How non-library mass market services are c...The Effects of Cross-Pollination : How non-library mass market services are c...
The Effects of Cross-Pollination : How non-library mass market services are c...Baden Hughes
 
Norwegian directorate of integration an diversity
Norwegian directorate of integration an diversityNorwegian directorate of integration an diversity
Norwegian directorate of integration an diversityGeorge Bekiaridis
 
IADD1 0809Q3 Hoorcollege2 Deeltijd
IADD1 0809Q3 Hoorcollege2 DeeltijdIADD1 0809Q3 Hoorcollege2 Deeltijd
IADD1 0809Q3 Hoorcollege2 DeeltijdHans Kemp
 
Disambiguating Advanced Computing for Humanities Researchers
Disambiguating Advanced Computing for Humanities ResearchersDisambiguating Advanced Computing for Humanities Researchers
Disambiguating Advanced Computing for Humanities ResearchersBaden Hughes
 
Innovation academy2014 2015
Innovation academy2014 2015Innovation academy2014 2015
Innovation academy2014 2015Corey Topf
 

Viewers also liked (20)

Bds Blind Spot Mirror Systems Uk
Bds Blind Spot Mirror Systems UkBds Blind Spot Mirror Systems Uk
Bds Blind Spot Mirror Systems Uk
 
Actividad 3
Actividad 3Actividad 3
Actividad 3
 
Ep 2012 week4-piaget
Ep 2012 week4-piagetEp 2012 week4-piaget
Ep 2012 week4-piaget
 
Week 36
Week 36Week 36
Week 36
 
Iadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And NavigationIadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And Navigation
 
Iad2 0910 q4 les 1 ontwerpen met patronen
Iad2 0910 q4 les 1 ontwerpen met patronenIad2 0910 q4 les 1 ontwerpen met patronen
Iad2 0910 q4 les 1 ontwerpen met patronen
 
Ouderavond Groningen Maart 2011
Ouderavond Groningen Maart 2011Ouderavond Groningen Maart 2011
Ouderavond Groningen Maart 2011
 
Medical Librarianship in the Philippines: what's in store beyond the next gen...
Medical Librarianship in the Philippines: what's in store beyond the next gen...Medical Librarianship in the Philippines: what's in store beyond the next gen...
Medical Librarianship in the Philippines: what's in store beyond the next gen...
 
Vocab lang&masscomm
Vocab lang&masscommVocab lang&masscomm
Vocab lang&masscomm
 
Unit1 characteranalysis
Unit1 characteranalysisUnit1 characteranalysis
Unit1 characteranalysis
 
Birkenes kommune
Birkenes kommuneBirkenes kommune
Birkenes kommune
 
Paper2 olympics copy
Paper2 olympics copyPaper2 olympics copy
Paper2 olympics copy
 
Intro.
Intro.Intro.
Intro.
 
Good to Great - Journal
Good to Great - JournalGood to Great - Journal
Good to Great - Journal
 
Unit 2 3 1 Costs Of Production
Unit 2 3 1 Costs Of ProductionUnit 2 3 1 Costs Of Production
Unit 2 3 1 Costs Of Production
 
The Effects of Cross-Pollination : How non-library mass market services are c...
The Effects of Cross-Pollination : How non-library mass market services are c...The Effects of Cross-Pollination : How non-library mass market services are c...
The Effects of Cross-Pollination : How non-library mass market services are c...
 
Norwegian directorate of integration an diversity
Norwegian directorate of integration an diversityNorwegian directorate of integration an diversity
Norwegian directorate of integration an diversity
 
IADD1 0809Q3 Hoorcollege2 Deeltijd
IADD1 0809Q3 Hoorcollege2 DeeltijdIADD1 0809Q3 Hoorcollege2 Deeltijd
IADD1 0809Q3 Hoorcollege2 Deeltijd
 
Disambiguating Advanced Computing for Humanities Researchers
Disambiguating Advanced Computing for Humanities ResearchersDisambiguating Advanced Computing for Humanities Researchers
Disambiguating Advanced Computing for Humanities Researchers
 
Innovation academy2014 2015
Innovation academy2014 2015Innovation academy2014 2015
Innovation academy2014 2015
 

Similar to Morecrypto in the world of SIP - the Session Initiation Protocol

#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLSOlle E Johansson
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
 
SIP2012: Es hora de reiniciar la PBX!
SIP2012: Es hora de reiniciar la PBX!SIP2012: Es hora de reiniciar la PBX!
SIP2012: Es hora de reiniciar la PBX!OpenDireito
 
voip2day 2012 - Sip2012 ¡es hora de reiniciar la pbx! olle e johansson
voip2day 2012 - Sip2012 ¡es hora de reiniciar la pbx! olle e johanssonvoip2day 2012 - Sip2012 ¡es hora de reiniciar la pbx! olle e johansson
voip2day 2012 - Sip2012 ¡es hora de reiniciar la pbx! olle e johanssonVOIP2DAY
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)Guy Podjarny
 
The ultimate privacy guide
The ultimate privacy guideThe ultimate privacy guide
The ultimate privacy guideJD Liners
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxJezer Arces
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?Dan York
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principlesardexateam
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutionseroglu
 
CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)Michael DeLaGarza
 
The secret of TCP/IP and how it affects your PBX
The secret of TCP/IP and how it affects your PBXThe secret of TCP/IP and how it affects your PBX
The secret of TCP/IP and how it affects your PBXOlle E Johansson
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications TechnologiesSarah Jimenez
 
Stay Anonymous and Protected.pdf
Stay Anonymous and Protected.pdfStay Anonymous and Protected.pdf
Stay Anonymous and Protected.pdfTEWMAGAZINE
 
Bridgera enterprise IoT security
Bridgera enterprise IoT securityBridgera enterprise IoT security
Bridgera enterprise IoT securityRon Pascuzzi
 

Similar to Morecrypto in the world of SIP - the Session Initiation Protocol (20)

#MoreCrypto
#MoreCrypto #MoreCrypto
#MoreCrypto
 
#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
SIP2012: Es hora de reiniciar la PBX!
SIP2012: Es hora de reiniciar la PBX!SIP2012: Es hora de reiniciar la PBX!
SIP2012: Es hora de reiniciar la PBX!
 
voip2day 2012 - Sip2012 ¡es hora de reiniciar la pbx! olle e johansson
voip2day 2012 - Sip2012 ¡es hora de reiniciar la pbx! olle e johanssonvoip2day 2012 - Sip2012 ¡es hora de reiniciar la pbx! olle e johansson
voip2day 2012 - Sip2012 ¡es hora de reiniciar la pbx! olle e johansson
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
 
Safecrossroads ep01
Safecrossroads ep01Safecrossroads ep01
Safecrossroads ep01
 
The ultimate privacy guide
The ultimate privacy guideThe ultimate privacy guide
The ultimate privacy guide
 
Network security
Network securityNetwork security
Network security
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptx
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principles
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
 
CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)
 
The secret of TCP/IP and how it affects your PBX
The secret of TCP/IP and how it affects your PBXThe secret of TCP/IP and how it affects your PBX
The secret of TCP/IP and how it affects your PBX
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
Stay Anonymous and Protected.pdf
Stay Anonymous and Protected.pdfStay Anonymous and Protected.pdf
Stay Anonymous and Protected.pdf
 
Bridgera enterprise IoT security
Bridgera enterprise IoT securityBridgera enterprise IoT security
Bridgera enterprise IoT security
 
Blug talk
Blug talkBlug talk
Blug talk
 

More from Olle E Johansson

Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Olle E Johansson
 
CRA - overview of vulnerability handling
CRA - overview of vulnerability handlingCRA - overview of vulnerability handling
CRA - overview of vulnerability handlingOlle E Johansson
 
Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Olle E Johansson
 
The birth and death of PSTN
The birth and death of PSTNThe birth and death of PSTN
The birth and death of PSTNOlle E Johansson
 
WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019Olle E Johansson
 
Kamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffKamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffOlle E Johansson
 
Realtime communication over a dual stack network
Realtime communication over a dual stack networkRealtime communication over a dual stack network
Realtime communication over a dual stack networkOlle E Johansson
 
The Realtime Story - part 2
The Realtime Story - part 2The Realtime Story - part 2
The Realtime Story - part 2Olle E Johansson
 
Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016Olle E Johansson
 
Sips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolSips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolOlle E Johansson
 
SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)Olle E Johansson
 
Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!Olle E Johansson
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldOlle E Johansson
 
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)Olle E Johansson
 
2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIP2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIPOlle E Johansson
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6Olle E Johansson
 
Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Olle E Johansson
 
RFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeRFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeOlle E Johansson
 

More from Olle E Johansson (20)

Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)
 
CRA - overview of vulnerability handling
CRA - overview of vulnerability handlingCRA - overview of vulnerability handling
CRA - overview of vulnerability handling
 
Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)
 
The birth and death of PSTN
The birth and death of PSTNThe birth and death of PSTN
The birth and death of PSTN
 
WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019
 
Kamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffKamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuff
 
Kamailio on air
Kamailio on airKamailio on air
Kamailio on air
 
Webrtc overview
Webrtc overviewWebrtc overview
Webrtc overview
 
Realtime communication over a dual stack network
Realtime communication over a dual stack networkRealtime communication over a dual stack network
Realtime communication over a dual stack network
 
The Realtime Story - part 2
The Realtime Story - part 2The Realtime Story - part 2
The Realtime Story - part 2
 
Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016
 
Sips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolSips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocol
 
SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)
 
Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
 
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
 
2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIP2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIP
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6
 
Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.
 
RFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeRFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the time
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Morecrypto in the world of SIP - the Session Initiation Protocol

  • 1. #MoreCrypto and SIP A small step to make it harder 
 to listen to SIP based activity. V1.5 - SIP - oej@edvina.net - slideshare.net/oej 2014-02-09
  • 2. The problem We have built an information network
 that is too easy to monitor. We simply
 trusted everyone too much in a naive way. Sadly, we can’t do
 that any more.
  • 3. #MoreCrypto The Internet mirrors society When the Internet was small, there was a select group
 of people using it. They felt is was a safe place.
  • 4. #MoreCrypto As the Internet grew and reflects more of society,
 we forgot to harden it. It’s time now.
  • 5. #MoreCrypto The engineers are working The IETF recently decided to focus a lot of energy to add more confidentiality and
 security in general to the technology
 we use every day. The IETF is the organisation that defined
 most of the standards we use today to communicate.
  • 7. #MoreCrypto Changing the Internet
 is too hard. We are not using the security tools we have in the way they are meant to be used today. In some cases, like e-mail and IP telephony, most of us do not use any security tools at all.
  • 8. #MoreCrypto How do we change? The users must require change. Otherwise,
 very few things happen. But developers can change implementations too.
 
 It is up to you and me.
  • 9. #MoreCrypto What needs to be done? A lot of changes needs to be done in how we build
 services, operate them and use them. More crypto Easy to use authentication Enhanced privacy Stronger confidentiality …and much more
  • 10. #MoreCrypto TLS is an important tool TLS Transport
 Layer
 Security TLS provides confidentiality, identity
 and integrity to Internet communication. TLS is used in HTTPS:// web pages, but can also be used from applications on a computer as well as a cell phone. TLS is based on SSL, that was a provider-specific technology. TLS is maintained by the IETF and is still being improved.
  • 11. #MoreCrypto Start simple. Use connection encryption wherever possible. Use HTTPS and serve information over HTTPS In short:
 #MoreCrypto
  • 12. #MoreCrypto Why? More crypto on the Internet raise the cost of listening in to our information flows, our conversations. It does not solve all the issues, we have a lot of work
 ahead of us. Using more TLS is not very complicated and can be used in most applications today.
  • 13. #MoreCrypto The work continues Mobile
 apps Web IP
 Telephony E-mail Cloud
 Services Internet of things The Digital home Chat Video
 Services Require
 #MoreCrypto!
  • 14. NEW! OPPURTUNISTIC
 SECURITY Secure network traffic, regardless of what the user says. Do whatever you can to make it harder to listen in.
  • 15. #MoreCrypto Re-learning Authenticated TLS Opportunistic encryption 
 of sessions Secure signalling
 hop by hop. Not secure, but 
 harder to listen in SDES key exchange + SRTP Not secure, but 
 harder to listen to media DTLS key exchange + SRTP Secure if end2end
  • 16. #MoreCrypto Opportunistic Security In SIP Clients - UAs and Proxys - should prefer
 TLS over TCP and UDP. Let’s forget about
 the SIPS uri.
 It just doesn’t work or help. All servers - SBC, B2BUA, PBX, Proxys
 should have TLS working. Certificates are available for free! Use SRTP wherever possible.
  • 17. #MoreCrypto Let’s make this happen. Default to trying TLS before
 any other SIP transport Always offer SRTP,
 Maybe combination Rtp + SRTP Always install TLS
 certificates in servers Use SIP outbound over
 TLS from UAs
  • 18. #MoreCrypto A final word "The point is not to make enforcement of the law more difficult; legal intercept is a necessary part of living in a society. 
 
 Casual retention of everyone’s data, ripe for misuse, however, is not, and that’s what the industry — from Google and Yahoo!, to the IETF and Tim Berners-Lee — are pushing back on." Mark Nottingham, 
 chair of the IETF HTTPbis wg http://www.mnot.net/blog/2014/03/17/trying_out_tls_for_http_urls