1 / 20

Experiences of using a secure VoIP user agent on PDAs

Experiences of using a secure VoIP user agent on PDAs. Johan Bilien (bilien@kth.se) Erik Eliasson (eliasson@imit.kth.se) Jon-Olov Vatn (vatn@imit.kth.se) Royal Institute of Technology (KTH) Stockholm, Sweden. Secure VoIP on PDAs. HP iPAQ h5550 Built-in WLAN and Bluetooth

chun
Download Presentation

Experiences of using a secure VoIP user agent on PDAs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Experiences of using a secure VoIP user agent on PDAs Johan Bilien (bilien@kth.se)Erik Eliasson (eliasson@imit.kth.se) Jon-Olov Vatn (vatn@imit.kth.se) Royal Institute of Technology (KTH) Stockholm, Sweden

  2. Secure VoIP on PDAs • HP iPAQ h5550 • Built-in WLAN and Bluetooth • Built-in microphone and speaker can be used • Add-on camera • SIP User Agent (UA) • Minisip (www.minisip.org) • Security enhancements Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  3. Security scope WLAN link (potentially with WPA) Only first/last hop Enforce access control Mobile VPN solutions Good for communication within an organization Public communication (end-to-end security) Secure telephony between two arbitrary parties AP AP Securing public (mobile) IP telephony a.org b.org GW GW Internet bob@b.org alice@a.org These are complementary techniques. We focus on public communication. Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  4. Is she really talking to Bob? Is charging being done correctly? Can incoming calls be blocked selectively (avoiding spamming)? Can Trudy listen to our call? Can Trudy find out who Alice calls (or who is calling Alice)? Can Trudy detect where Alice is (location privacy)? Can Alice make anonymous calls? What security does VoIP provide to a user? Alice (a user) associates the term secure VoIP with properties such as: Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  5. End-to-end security: which layer? • Network layer: IPSEC / IKE • NAT/firewall traversal problem • Requires strong interaction between the application and the operating system • Application layer: SRTP / MIKEY • Transparent to the lower layers • Very few implementations yet (but we have one!) • Optimized for media protection Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  6. Secure RTP • IETF standard (RFC 3711, March 2004) • Secures RTP and RTCP streams, by adding: • Encryption (AES used in stream cipher mode) • Integrity (HMAC-SHA1) • Low overhead Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  7. Multimedia Internet KEYing • IETF draft – approved by the IESG • Mutual authentication and key exchange for secure multimedia exchange • Requires only one round-trip • Embedded in session establishment (SIP, RTSP) • Three alternative authentication modes: • Shared key • Public key encryption • Signed Diffie-Hellman Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  8. Entities: User agents Alice and Bob SIP servers (proxies) Register current location Forward Invite messages DNS servers SRV Records (SIP) Certificate authorities (CAs) Needed if certificate-based authentication is desired AP AP Media VoIP architecure: Internet Internet calls CA DNS SIP SIP DNS CA a.org a.org a.org b.org Internet bob@b.org alice@a.org Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  9. SIP/PSTN provider PSTN-GW Security No security support no confidentiality at all Security support confidentiality over Internet Routing Does not route IP-IP for free need two SIP servers/identities CA DNS SIP Possibly secure a.org AP alice@a.org VoIP architecure: Internet  PSTN calls 012-45678 SIP/PSTN provider c.com CA SIP DNS GW a.org PSTN Internet 876-54321@c.com Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  10. No security at SIP/PSTN provider Add B2B UA at Alice’s organization (a.org) a.org can add security support to B2B UA Partial security of PSTN-calls End-to-end security for Internet Internet calls Secure AP AP VoIP architecure:Intermediate solution 012-45678 SIP/PSTN provider c.com SIP DNS GW PSTN CA DNS SIP B2B a.org a.org Internet alice@a.org bob@b.org (876-54321@c.com) Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  11. Open Source (GPL) Security implementation open for review! Released April 5 2004 www.minisip.org ~350 downloads (as of May 6 2004) Distributed as: Source code RedHat RPM-package Debian .deb-package Microsoft Windows version to come Source modules MIKEY First published implementation SIP SDP SRTP/RTP STUN (NAT traversal) Sound I/O Minisip SIP User Agent Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  12. Platforms • Minisip runs on: • HP iPAQ h5550 (or similar) and PC hardware • Linux operating system (Familiar Linux recommended on iPAQs, www.handhelds.org) • Microsoft Windows (CE) support required for large scale PDA tests Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  13. Implementation • Developed in C++ • Written in separate modules that can be used by other applications • Portability • GUI and Sound IO is not (yet) ported to Microsoft Windows and Windows CE • Dependencies • OpenSSL (various security functions) • GUI: Qt or GTK on Linux Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  14. Campus environment • IEEE 802.11b coverage, no link-layer security • SIP soft-phones (minisip) • Laptops with USB headsets, GNU/Linux • HP iPAQ h5550, Familiar Linux • SIP servers • SIP Express Router (www.iptel.org) • Asterisk for outgoing PSTN calls (www.asterisk.org) • SIP/PSTN provider – Digisip (www.digisip.com) • DNS (BIND), PKI (OpenSSL) Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  15. Current model SIP phones store root CA certificates Root CAs certify SIP providers (no name subordination) SIP providers certify their users (Common Name = SIP URI) Future models Top-down Similar to the current model, but with name subordination Could utilize DNSSEC Up-Cross-Down Less dependent on external CAs Who should certify the users? Public Key Trust Models Root Certificate Authorities CA CA CA a.org b.org CA CA alice@a.org bob@b.org Rootcertificates Rootcertificates Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  16. Secure VoIP first experiences: Delays No significant delays: • At call establishment: in the worst case roughly100 ms (Diffie-Hellman) on an average PC*1 • No additional round-trip • Pre-computation of some parameters • For the media processing: throughput of 20 Mbit/s on an average PC*2 • Fast encryption scheme  Can be used on small devices *1: see J. Bilien et al. ”Call establishment delay for secure VoIP”, WiOpt’04, Cambridge UK, March 2004 *2: see I. Caballero ”Secure Mobile VoIP”, Master Thesis, KTH, Stockholm Sweden, June 2003 Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  17. Secure VoIP first experiences:User interaction • Secure call policies: • Opportunistic or required? • Very few secure UAs • No secure PSTN gateway • The UA should be able to fall back on non-secure calls • Certificate management is not user-friendly • Hard certificates (e.g. SIM card) • Will users ignore security alerts? • Accept unsecure calls? (Opportunistic – policy matter) • Accept/install non-verified certificates? (Potentially scary!) Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  18. Secure VoIP first experiences:User interaction [2] • Incoming call management: • Authentication allows incoming call management policies • Unsolicited calls can be blocked (white-lists) • How to establish the first contact? • What user interface should be used to enter these policies? CPL? • User interface representation of “security” • Messages, symbols, color indicators in the GUI • Hands-free (e.g. USB headset) to enable screen interaction • Sound signals, vibration Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  19. Experiences not related tosecurity • HP iPAQ h5550 • Battery time concerns • Hibernation state not possible (can not receive calls) • We are currently not using WLAN power-save mode • Possible to utilize iPAQ buttons and buzzer • Good audio quality (better than GSM phone) • Campus WLAN environment • Web-login mechanism to block unauthorized users • Cumbersome interaction using PDAs • Losing connectivity when moving  have to login Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

  20. Future work • Security • Secure PSTN gatewayMIKEY/SRTP may require dedicated hardware support • MIKEY re-keying effects on media stream • Secure Session Mobility • PKI trust models • Push-To-Talk • Video media stream • Large scale tests on students using iPAQs with Microsoft Windows CE supported by HP donation • UPnP support for NAT traversal complementing STUN Experiences of using a secure VoIP user agent on PDAs Bilien, Eliasson, Vatn

More Related