1 / 20

IP Telephony Security Issues Facing the Enterprise

IP Telephony Security Issues Facing the Enterprise. Brian Glinsman Executive Director, Product Management Texas Instruments VoIP Group. Agenda. What are the risks? VoIP security overview Security protocols and algorithms Security complexity Implementing VoIP security Summary/Q&A.

amandahamilton
Download Presentation

IP Telephony Security Issues Facing the Enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IP Telephony Security Issues Facing the Enterprise Brian Glinsman Executive Director, Product Management Texas Instruments VoIP Group

  2. Agenda • What are the risks? • VoIP security overview • Security protocols and algorithms • Security complexity • Implementing VoIP security • Summary/Q&A

  3. Enterprise Security Risks • Network intrusion and/or Sniffing • Hackers via public access portals • Internet feeds • Dial-up RAS servers • Remote users (VPN security) • E-mail/voice via the Internet • Wireless links (802.11.x, cell phones) • Wiring/telco closets and server/PBX rooms access • Physical Media • USB memory sticks, CD-RW, computer theft • Trash (paper, etc.) • People • Disgruntled/terminated employees • Industrial espionage

  4. VoIP Security Risks: Bearer Channel • Risk depends on security of the enterprise • If VoIP rides on top of an existing secure network/VPN ….And…. • The enterprise uses 100% switched ports (i.e., no hubs) ....Little risk today….. • Wireless LANs, unsecured wiring closets, open (non-tunneled) Internet use, and data broadcast all present security risks • Today’s biggest risks are IP phones with Ethernet hubs and any calls over open Internet connections

  5. VoIP Security Risks- Signaling • Secure access to MGC as well as protecting MGW streams is important • Carnegie Mellon - 3,700 attacks in 1998 to 110,000 attacks in 2002 on US-based telecom systems • UK experienced a 30% increase in attacks in 2001-2002 • 67% of telecom carrier companies in Australia have been affected with losses in the range of US$5.78bn • Most enterprise MGC are protected from denial of service and hackers via the data security protocols implemented in the network

  6. VoIP Security Overview • Signaling security • Preventing unauthorised use of network • Voice bearer security • Preventing eavesdropping • PacketCable security exemplifies complete end-to-end security system • Open standards Radius/IPSec secure signaling • MTA secures RTP/RTCP streams in shared HFC network • Other VoIP networks less standardized approach • VPNs (IPSec) secure complete network indiscriminately • Causes large processing overhead for real-time data streams (i.e. VoIP) • S-RTP is in draft form and specifies a standard bearer encryption mechanism

  7. Stages of Encryption • Key Exchange • Requires secure link, out of band • Based on public key or shared secret mechanisms • Complex protocols like Internet Key Exchange (IKE) • Authentication • Data origin and peer entity authentication • Each packet needs to be authenticated • Sequence number/timestamps go some way to assisting authentication (preventing replay attacks) • Message Authentication Code (MAC) appended to cyphertext block • Encryption • Coding bearer and signalling channels • Often requires frequent key generation/updates to enhance security

  8. Common Encryption Algorithms • DES/3DES • Commonly used symmetric encryption algorithm • 3DES uses 3 stages of DES to improve protection • Known to be broken (takes <1 hour today) • Has export restrictions • AES (Rijndael) • Keylengths of 128/192/256 bits • Runs much faster than 3DES – new NIST standard • Low overhead for DSP implementation (ideal for VoIP) • RC 6 • Much faster than 3DES – performance optimized • Variable key lengths up to 2040 bits

  9. Why VoIP & AES AES (Advance Encryption Standard) Facts • FIPS (Federal Information Processing Standard) 197 adopted 5/26/02 • Uses the Rijndael algorithm. • Low resource consumption (memory, CPU power) • 3 to 10 times less CPU power vs 3DES • More secure than DES by a factor of 10^21 • Easily implemented on RISC and DSP processors • Requires <10% additional resource to implement in a VoIP bearer channel • DES/3DES is much more CPU intensive • Trivial export restrictions • Minimal to no intellectual property issues

  10. VoIP Security: PacketCable Primarily a CPE-based system using these standards: • RTP Encryption • NULL, AES in CBC mode (required), RC4, DES • Cipher Block Chaining - block mode operation • RTP Authentication • NULL, MMH2 or MMH4 • Multi Modular Hash – Fast authentication based on hash function • RTCP Encryption • NULL, AES in CBC mode (required), DES • RTCP Authentication • SHA1 (required), MD5 • Secure Hash Algorithm – encoded passwords • Keys for encryption and authentication derived from random secret pad generated at each endpoint

  11. Signaling Security: IPSec • IPSec provides security services at the IP layer by enabling system to: • select required security protocols • determine algorithms to use for the services • put in place any cryptographic keys required to provide the requested services • IPSec can be used to protect one or more "paths" between a pair of hosts, a pair of security gateways, or between a security gateway and a host

  12. IPSec • Provides: • access control • connectionless integrity • data origin authentication • rejection of replayed packets (a form of partial sequence integrity) • confidentiality (encryption) • limited traffic flow confidentiality • Because these services are provided at the IP layer, they can be used by any higher layer protocol, e.g., TCP, UDP, ICMP, BGP • Costly resource for high QoS streams • Good for non-bearer security

  13. SRTP: Securing the Bearer Channel • IETF draft for the security of RTP/RTCP streams • Intended to secure RTP/RTCP streams • Not a network security architecture as with PacketCable security • Provides privacy, replay protection, message and header authentication • High throughput with low header overhead • Uses AES encryption • Currently mandates stream cipher • Causes problems with protocols that repeat packets with same timestamp (RFC2833) – easily solved in standard • Recovery from lost and out of order packets difficult and unpredictable in terms of processing resources required to recover

  14. Complexity of SRTP • Uses core AES algorithm in different modes: • Counter (required – see later issue about stream ciphers) • F8 mode (optional, driven by 3G wireless requirements) • Authentication uses SHA1- 4 byte HMAC (Hashed MAC) • Same algorithms for RTCP as RTP, however Initialization Vector (IV) calculation different • Requires sequence # roll over counter logic to uniquely derive and index for each packet (SRTCP adds 32 bit counter for this purpose) • Replay protection required for RTP & RTCP • Master key can change within session

  15. VoIP Security: Lessons Learned PacketCable RC4 stream cipher • Key security requirement is to NOT re-use keystream (known issue with WEP in 802.11) • Key stream was indexed by RTP time stamp • Some payloads (e.g., RFC2833) send multiple packets with same time stamp • Difficult to recover from lost packets, out of order packets • Key stream needs to be incremented/decremented to match time stamp, costing (undeterminsitic) MIPS • Software architecture complexity • Decryption module access to jitter buffer to be able to move keystream when packets are lost • Random PAD for MMH made recovery of key stream difficult

  16. Where to Implement VoIP Bearer Encryption Media Gateways • Beware of tandem encryption if endpoints have own encryption protocols • Can reduce encrypted streams entropy making attacks by brute force or analysis for repeated encrypted blocks easier (also waste of resource) • Scalability issues if encryption functions not distributed • Dedicated encryption devices need high bandwidth interfaces for high channel density • Requires more complexity in system bus/network interface design

  17. Where to Implement VoIP Bearer Encryption Small End Point Devices (1 to 4 channels) • Less scalability at lower channel densities allows more flexible implementation (DSP or microprocessor available) • Host processor implementation makes OTS algorithms available • Dedicated encryption hardware can be embedded into CPE SoC • Dedicated external encryption devices (ASIC/FPGA) can be used with relative ease

  18. Where to Implement VoIP Bearer Encryption • Bearer security implemented in MGW at the enterprise • Scalability and cost drives security into the media processor • Need to implement on DSPs that also handle voice functions • New VoIP DSP function includes encryption and authentication • Companion encryption devices (ASIC, DSP) may help scalability at cost of system complexity • Requires very high bandwidth for high density to receive, encrypt, and transmit • 672ch G.711 10ms VIF requires >85 Mbps full duplex security streams

  19. Summary • Security is an end-to-end network issue • Only minor areas touched on here • Deterministic performance required for VoIP • CPE and CO VoIP gateways have different implementation considerations • AES good choice for bearer channel security • IPSec good choice for signaling and bearer channel encryption setup • SRTP needs minor changes to allow compatibility with VoIP bearer channel encryption requirements • For >8 channels, bearer encryption processing should be co-located with voice processing

  20. www.ti.com/voip

More Related