SlideShare a Scribd company logo

Securing IP Fax - A New Standard Approach

Download as PPTX, PDF
J
James Rafferty

Securing IP Fax - A New Standard Approach Slightly revised version of presentation I made at SIPNOC 2014 in June, 2014

Technology
1 of 20
Securing IP Fax A New Standard Approach James Rafferty President, Human Communications SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 1
Overview • Background • What does Security mean for Fax? • What are the Threats? • IETF proposed solution • Impact for Customers • Summary SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 2
Background • Facsimile is an immensely popular solution – Has evolved from an office equipment approach to one which is widely distributed on networks using computer-based solutions – Network rapidly migrating to IP and the Cloud – T.38 IP fax over UDPTL is the widely deployed, standard solution • Issues: – UDPTL is specific to fax; missing security tools found for RTP • T.38 over RTP is also standard, but has minimal implementation – Previous attempts to adopt security for fax not adopted in the marketplace • Annexes found in ITU-T T.30 created in 1996, but not used – Realization of need for security now much more obvious • Real time fax now often going over IP networks • Concern by IT managers and service providers about securing all of their message traffic, including fax SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 3
What Does Security Mean for Fax? • Security solutions typically based on assessment of threats • Examples of Threats for Real Time Fax: – Preserve Confidentiality • Stop 3rd parties from being able to decode the contents of a fax if intercepted on the network – Maintain Integrity • Prevent 3rd parties from manipulating the contents of fax messages – Confirm Identity • Ensure that the identity of the fax sender can be verified SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 4
How to Address the Threats? • Often confusion between solutions and threats • Common Perception that encryption solves all security problems, but it’s more complicated than that – There’s no one single “magic bullet” that solves all security issues • Encryption useful, but threat model still needs to be understood to meet security goals SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 5
Threat: Breach Confidentiality • Much of the information conveyed by fax is private – Individual’s financial and health information – Business financial or other proprietary data • A confidentiality solution needs to keep the fax data confidential while it traverses the network Eavesdrop or steal content SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 6
Threat: Change the Content • Faxes are used to send images coded using particular compression methods • Not easy to do, but pages could be intercepted in route and then changed • Example: – Provide disinformation to disrupt competitor Inject New ContentSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 7
Threat: Spoof Identity • Internet services are under increased attack by rogue users who create SPAM, send fake messages and impersonate identities • We’ve all received emails that say they’re from somebody we know, but are really SPAM • How? The intruders are spoofing identities. Spoof Identity SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 8
Proposed Standard from IETF • 3GPP and IP Fax Community wanted to add security for T.38 IP Fax – Work originated due to demand from service providers for secure fax solutions • MMUSIC working group of IETF has been working on related draft since Summer, 2013 – draft-ietf-mmusic-udptl-dtls-07.txt • Co-authors Christer Holmberg, Ivo Sedlacek and Gonzalo Salgueiro • Wide variety of comments from both fax and Internet communities • Also vetted by the Fax over IP working group of the SIP Forum • Approval Status • Has passed working group last call; now being reviewed for approval (IESG) • Potential for publication as standards track document later this year • 3GPP will also reference in their upcoming specifications (Release 12) SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 9
Why DTLS? • Draft uses existing security standard DTLS • RFC 6347 – Datagram Transport Layer Security Version 1.2 • DTLS builds on well-known practices in the Transport Layer Security protocol (TLS) – TLS suitable for session protocols running over TCP – DTLS extends TLS concepts, but is adapted for use with datagram protocols (such as UDP) • DTLS can be used to secure media centric protocols such as RTP and UDPTL SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 10
Protocol Stack Layers T.38 IP Fax Protocol UDPTL DTLS UDP IP Adds Transport Security Layer to T.38 over UDPTL SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 11
Does New Spec Address the Threats? Let’s take a closer look SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 12
Protect Confidentiality • T.38 over UDPTL provides no protection vs. 3rd parties that want to eavesdrop on a fax • DTLS provides strong encryption; messages can’t be decoded without access to keys used in the selected Cipher Eavesdrop or steal content XSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 13
Protect Integrity • In T.38 over UDPTL, it is possible to modify the image content • Addition of DTLS layer provides data integrity – DTLS computes Message Authentication Codes (MACs) using hashing algorithms to protect against changes to message content – If message content changes, hash totals will be invalid Inject New Content XSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 14
Prevent Identity Spoofing • In T.38 over UDPTL, there is no protection vs. spoofed identities • New draft spec recommends using PKIX Certificates to authenticate the two sides (per RFC 5280) – checks name on certificate vs. domain name Spoof Identity X SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 15
Impact for Customers • Addition of Security for T.38 IP fax should be valuable to customers both in the enterprise and service provider markets • But: – Often slow rampup from standardization to deployment • Can be jumpstarted through support by industry groups • Vendors can gain an edge by deploying the standard solution early • Later, vendors will need to have interworking implementations of the standard SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 16
Accelerating the Rampup • 3GPP targets adding to IP Multimedia Subsystem / LTE standards as of Release 12 – This endorsement will help drive additional deployment on IMS / VoLTE networks, notably for service providers – Fax and SIP Trunking service providers are also likely adopters • Adoption Acceleration Opportunities via Forums – SIP Forum supports early adoption of standards via: • SIPit – Interop activities for SIP protocol in general • SIPConnect – interop and compliance activities for SIP Trunking • Fax over IP Working Group – members can monitor status of early implementations – Other forums such as I3 may also be interested SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 17
Enterprise to the Cloud and Beyond • New standard will be an excellent fit for Cloud implementations, managed within the Enterprise or via managed service providers • Will also have value for enterprise networks which interconnect premises, or hybrid networks between premise and the Cloud • Should also fit SIP Trunking use cases for IP Fax • Could result in future extensions to agreements such as SIP Connect SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 18
Summary • IETF is close to standardizing a new security standard for IP Fax • Should address the most likely threats that would compromise fax use over IP networks • Likely first implementers will be back to back deployments by single vendor • Endorsement by 3GPP will help drive mid to longer term deployments on IMS / LTE networks • New standard should also be good fit for Enterprise uses such as SIP Trunking and the Cloud • Participation in Forums can help accelerate the adoption rampup once the standard is approved SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 19
About James Rafferty • Versatile Product Management and Marketing Leader • Blog: http://blog2.humancomm.com • Twitter: @jrafferty11 • Email: jayAthumancommDotcom • LinkedIn: https://www.linkedin.com/pub/ja mes-rafferty/0/917/474 SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 20

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2Anne Starr
 
RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014Eleni Trouva
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
6 security130123
6 security1301236 security130123
6 security130123ICT PRISTINE
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2Anne Starr
 
RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014Eleni Trouva
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
6 security130123
6 security1301236 security130123
6 security130123ICT PRISTINE
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
VOIP security
VOIP securityVOIP security
VOIP securityRohit Gurjar
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)ryaekle
 
Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Eleni Trouva
 
L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6j otgo
 
Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Videoguy
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration EasyIntelePeer
 
Comppt22
Comppt22Comppt22
Comppt22Deliad
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network careerUniversitas Bina Darma Palembang
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
Slied13
Slied13Slied13
Slied13ringoattocin
 
Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014ICT PRISTINE
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Labfrcarlson
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowDan York
 
Tech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesTech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesJisc
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptOECLIB Odisha Electronics Control Library
 
IRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopIRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopEleni Trouva
 
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...BDDazza
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationRam Bharosh Raut
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
ETE405-lec4.pdf
ETE405-lec4.pdfETE405-lec4.pdf
ETE405-lec4.pdfmashiur
 
VoIP Research Paper
VoIP Research PaperVoIP Research Paper
VoIP Research PaperAashish Pande
 

More Related Content

What's hot

Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)ryaekle
 
Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Eleni Trouva
 
L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6j otgo
 
Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Videoguy
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration EasyIntelePeer
 
Comppt22
Comppt22Comppt22
Comppt22Deliad
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014ICT PRISTINE
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Labfrcarlson
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowDan York
 
Tech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesTech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesJisc
 
IRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopIRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopEleni Trouva
 
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...BDDazza
 

What's hot (20)

VOIP security
VOIP securityVOIP security
VOIP security
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)
 
Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012
 
L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6L30 ip technology-basics_v4-6
L30 ip technology-basics_v4-6
 
Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...Adding P2P support to WengoPhone, an open-source VoIP and ...
Adding P2P support to WengoPhone, an open-source VoIP and ...
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration Easy
 
Comppt22
Comppt22Comppt22
Comppt22
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedure
 
Slied13
Slied13Slied13
Slied13
 
Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Lab
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To Know
 
Tech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network servicesTech 2 Tech - an overview of Janet Network services
Tech 2 Tech - an overview of Janet Network services
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
 
IRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopIRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE Workshop
 
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
What is internet architecture? - (Darren's Study Guide: CompTIA A+, 220-1001 ...
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Vpn ppt
Vpn pptVpn ppt
Vpn ppt
 

Similar to Securing IP Fax - A New Standard Approach

ETE405-lec4.pdf
ETE405-lec4.pdfETE405-lec4.pdf
ETE405-lec4.pdfmashiur
 
IOT_module_3.pdf
IOT_module_3.pdfIOT_module_3.pdf
IOT_module_3.pdfAmitH42
 
Voip Eddie Jan2010
Voip Eddie Jan2010Voip Eddie Jan2010
Voip Eddie Jan2010ekaypour
 
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056mashiur
 
Prof Olivier Bonaventure EU Presentation on MPTCP
Prof Olivier Bonaventure EU Presentation on MPTCPProf Olivier Bonaventure EU Presentation on MPTCP
Prof Olivier Bonaventure EU Presentation on MPTCPGraham G. Turnbull
 
A short introduction to TETRA Industry Group and the benefits of TETRA
A short introduction to TETRA Industry Group and the benefits of TETRAA short introduction to TETRA Industry Group and the benefits of TETRA
A short introduction to TETRA Industry Group and the benefits of TETRALeonardo
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPSean Flores
 
MULTIMEDIA SERVICES OVER IP NETWORKS
MULTIMEDIA SERVICES OVER IP NETWORKSMULTIMEDIA SERVICES OVER IP NETWORKS
MULTIMEDIA SERVICES OVER IP NETWORKSYatish Bathla
 
ITN_Module_17.pptx
ITN_Module_17.pptxITN_Module_17.pptx
ITN_Module_17.pptxssuserf7cd2b
 
8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lteCPqD
 
Energize your Unified Communications with SIP
Energize your Unified Communications with SIPEnergize your Unified Communications with SIP
Energize your Unified Communications with SIPXO Communications
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutionseroglu
 
Zuniga-Privacy-ECSG-update
Zuniga-Privacy-ECSG-updateZuniga-Privacy-ECSG-update
Zuniga-Privacy-ECSG-updateBrandon Height
 
Chapter 8 Presentaion
Chapter 8 PresentaionChapter 8 Presentaion
Chapter 8 PresentaionAmy McMullin
 
Benefits of SIP Trunking
Benefits of SIP TrunkingBenefits of SIP Trunking
Benefits of SIP TrunkingIntelePeer
 
IMTC Connect 2015, SIP Parity Activity Group Update
IMTC Connect 2015, SIP Parity Activity Group UpdateIMTC Connect 2015, SIP Parity Activity Group Update
IMTC Connect 2015, SIP Parity Activity Group UpdateCharles Eckel
 
M1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxM1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxAngel Garcia
 

Similar to Securing IP Fax - A New Standard Approach (20)

ETE405-lec4.pdf
ETE405-lec4.pdfETE405-lec4.pdf
ETE405-lec4.pdf
 
VoIP Research Paper
VoIP Research PaperVoIP Research Paper
VoIP Research Paper
 
IOT_module_3.pdf
IOT_module_3.pdfIOT_module_3.pdf
IOT_module_3.pdf
 
Voip Eddie Jan2010
Voip Eddie Jan2010Voip Eddie Jan2010
Voip Eddie Jan2010
 
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056
 
Prof Olivier Bonaventure EU Presentation on MPTCP
Prof Olivier Bonaventure EU Presentation on MPTCPProf Olivier Bonaventure EU Presentation on MPTCP
Prof Olivier Bonaventure EU Presentation on MPTCP
 
A short introduction to TETRA Industry Group and the benefits of TETRA
A short introduction to TETRA Industry Group and the benefits of TETRAA short introduction to TETRA Industry Group and the benefits of TETRA
A short introduction to TETRA Industry Group and the benefits of TETRA
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
 
data communication
data communicationdata communication
data communication
 
Pro Viva Emmanuel
Pro Viva EmmanuelPro Viva Emmanuel
Pro Viva Emmanuel
 
MULTIMEDIA SERVICES OVER IP NETWORKS
MULTIMEDIA SERVICES OVER IP NETWORKSMULTIMEDIA SERVICES OVER IP NETWORKS
MULTIMEDIA SERVICES OVER IP NETWORKS
 
ITN_Module_17.pptx
ITN_Module_17.pptxITN_Module_17.pptx
ITN_Module_17.pptx
 
8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte8 the path to voice over lte - vo lte
8 the path to voice over lte - vo lte
 
Energize your Unified Communications with SIP
Energize your Unified Communications with SIPEnergize your Unified Communications with SIP
Energize your Unified Communications with SIP
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
 
Zuniga-Privacy-ECSG-update
Zuniga-Privacy-ECSG-updateZuniga-Privacy-ECSG-update
Zuniga-Privacy-ECSG-update
 
Chapter 8 Presentaion
Chapter 8 PresentaionChapter 8 Presentaion
Chapter 8 Presentaion
 
Benefits of SIP Trunking
Benefits of SIP TrunkingBenefits of SIP Trunking
Benefits of SIP Trunking
 
IMTC Connect 2015, SIP Parity Activity Group Update
IMTC Connect 2015, SIP Parity Activity Group UpdateIMTC Connect 2015, SIP Parity Activity Group Update
IMTC Connect 2015, SIP Parity Activity Group Update
 
M1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxM1-C17-Armando una red.pptx
M1-C17-Armando una red.pptx
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Securing IP Fax - A New Standard Approach

  • 1. Securing IP Fax A New Standard Approach James Rafferty President, Human Communications SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 1
  • 2. Overview • Background • What does Security mean for Fax? • What are the Threats? • IETF proposed solution • Impact for Customers • Summary SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 2
  • 3. Background • Facsimile is an immensely popular solution – Has evolved from an office equipment approach to one which is widely distributed on networks using computer-based solutions – Network rapidly migrating to IP and the Cloud – T.38 IP fax over UDPTL is the widely deployed, standard solution • Issues: – UDPTL is specific to fax; missing security tools found for RTP • T.38 over RTP is also standard, but has minimal implementation – Previous attempts to adopt security for fax not adopted in the marketplace • Annexes found in ITU-T T.30 created in 1996, but not used – Realization of need for security now much more obvious • Real time fax now often going over IP networks • Concern by IT managers and service providers about securing all of their message traffic, including fax SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 3
  • 4. What Does Security Mean for Fax? • Security solutions typically based on assessment of threats • Examples of Threats for Real Time Fax: – Preserve Confidentiality • Stop 3rd parties from being able to decode the contents of a fax if intercepted on the network – Maintain Integrity • Prevent 3rd parties from manipulating the contents of fax messages – Confirm Identity • Ensure that the identity of the fax sender can be verified SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 4
  • 5. How to Address the Threats? • Often confusion between solutions and threats • Common Perception that encryption solves all security problems, but it’s more complicated than that – There’s no one single “magic bullet” that solves all security issues • Encryption useful, but threat model still needs to be understood to meet security goals SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 5
  • 6. Threat: Breach Confidentiality • Much of the information conveyed by fax is private – Individual’s financial and health information – Business financial or other proprietary data • A confidentiality solution needs to keep the fax data confidential while it traverses the network Eavesdrop or steal content SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 6
  • 7. Threat: Change the Content • Faxes are used to send images coded using particular compression methods • Not easy to do, but pages could be intercepted in route and then changed • Example: – Provide disinformation to disrupt competitor Inject New ContentSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 7
  • 8. Threat: Spoof Identity • Internet services are under increased attack by rogue users who create SPAM, send fake messages and impersonate identities • We’ve all received emails that say they’re from somebody we know, but are really SPAM • How? The intruders are spoofing identities. Spoof Identity SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 8
  • 9. Proposed Standard from IETF • 3GPP and IP Fax Community wanted to add security for T.38 IP Fax – Work originated due to demand from service providers for secure fax solutions • MMUSIC working group of IETF has been working on related draft since Summer, 2013 – draft-ietf-mmusic-udptl-dtls-07.txt • Co-authors Christer Holmberg, Ivo Sedlacek and Gonzalo Salgueiro • Wide variety of comments from both fax and Internet communities • Also vetted by the Fax over IP working group of the SIP Forum • Approval Status • Has passed working group last call; now being reviewed for approval (IESG) • Potential for publication as standards track document later this year • 3GPP will also reference in their upcoming specifications (Release 12) SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 9
  • 10. Why DTLS? • Draft uses existing security standard DTLS • RFC 6347 – Datagram Transport Layer Security Version 1.2 • DTLS builds on well-known practices in the Transport Layer Security protocol (TLS) – TLS suitable for session protocols running over TCP – DTLS extends TLS concepts, but is adapted for use with datagram protocols (such as UDP) • DTLS can be used to secure media centric protocols such as RTP and UDPTL SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 10
  • 11. Protocol Stack Layers T.38 IP Fax Protocol UDPTL DTLS UDP IP Adds Transport Security Layer to T.38 over UDPTL SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 11
  • 12. Does New Spec Address the Threats? Let’s take a closer look SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 12
  • 13. Protect Confidentiality • T.38 over UDPTL provides no protection vs. 3rd parties that want to eavesdrop on a fax • DTLS provides strong encryption; messages can’t be decoded without access to keys used in the selected Cipher Eavesdrop or steal content XSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 13
  • 14. Protect Integrity • In T.38 over UDPTL, it is possible to modify the image content • Addition of DTLS layer provides data integrity – DTLS computes Message Authentication Codes (MACs) using hashing algorithms to protect against changes to message content – If message content changes, hash totals will be invalid Inject New Content XSIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 14
  • 15. Prevent Identity Spoofing • In T.38 over UDPTL, there is no protection vs. spoofed identities • New draft spec recommends using PKIX Certificates to authenticate the two sides (per RFC 5280) – checks name on certificate vs. domain name Spoof Identity X SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 15
  • 16. Impact for Customers • Addition of Security for T.38 IP fax should be valuable to customers both in the enterprise and service provider markets • But: – Often slow rampup from standardization to deployment • Can be jumpstarted through support by industry groups • Vendors can gain an edge by deploying the standard solution early • Later, vendors will need to have interworking implementations of the standard SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 16
  • 17. Accelerating the Rampup • 3GPP targets adding to IP Multimedia Subsystem / LTE standards as of Release 12 – This endorsement will help drive additional deployment on IMS / VoLTE networks, notably for service providers – Fax and SIP Trunking service providers are also likely adopters • Adoption Acceleration Opportunities via Forums – SIP Forum supports early adoption of standards via: • SIPit – Interop activities for SIP protocol in general • SIPConnect – interop and compliance activities for SIP Trunking • Fax over IP Working Group – members can monitor status of early implementations – Other forums such as I3 may also be interested SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 17
  • 18. Enterprise to the Cloud and Beyond • New standard will be an excellent fit for Cloud implementations, managed within the Enterprise or via managed service providers • Will also have value for enterprise networks which interconnect premises, or hybrid networks between premise and the Cloud • Should also fit SIP Trunking use cases for IP Fax • Could result in future extensions to agreements such as SIP Connect SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 18
  • 19. Summary • IETF is close to standardizing a new security standard for IP Fax • Should address the most likely threats that would compromise fax use over IP networks • Likely first implementers will be back to back deployments by single vendor • Endorsement by 3GPP will help drive mid to longer term deployments on IMS / LTE networks • New standard should also be good fit for Enterprise uses such as SIP Trunking and the Cloud • Participation in Forums can help accelerate the adoption rampup once the standard is approved SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 19
  • 20. About James Rafferty • Versatile Product Management and Marketing Leader • Blog: http://blog2.humancomm.com • Twitter: @jrafferty11 • Email: jayAthumancommDotcom • LinkedIn: https://www.linkedin.com/pub/ja mes-rafferty/0/917/474 SIPNOC 2014 - Securing IP Fax Copyright - James Rafferty - 2014 20