Successfully reported this slideshow.
Your SlideShare is downloading. ×

Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
REALTIME SECURITY
SIP,WEBRTC AND STUFF
oej@edvina.net | @oej November 2020
“you are in a maze of twisty little
passages, a...
YES, ONE MORE TIME!
Olle - the stubborn evangelist.
3
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
OLLE E. JOHANSSO...
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
AGENDA
• Introduction - problem
overview
• SIP &TLS
• WebRTC
• Summary...
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Loading in …3
×

Check these out next

1 of 33 Ad

Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson

Download to read offline

Security and Real-time Communications – a maze of twisty little passages, that all look alike.
Olle E. Johansson, Consultant in network security and real-time communication – PKI, webrtc, SIP , XMPP. Kamailio and Asterisk expert.

Olle has worked with Internet and TCP/IP networking for almost 30 years and is a developer, project manager, documentation writer, trainer and a secret lover of X.509 and PKI. Olle is active in the IETF and has co-authored an RFC and contributed to many. He has spoken at many conferences and trained many, many Asterisk and Kamailio admins. Olle co-founded Astricon, the Asterisk conference. Outside of work he is an oral storyteller and spends a lot of time in his garden back home in Sweden.

After almost 20 years of working with real-time communication: SIP, XMPP, WebRTC, and other protocols and platforms. I haven’t built a standard compliant secure platform once with strong encryption and identity handling. I’ve been close, but no cigar.

Looking at the standard documents for SIP, there are a lot of missing pieces and most of the Open Source implementations are missing large amounts of code to implement both existing security specifications as well as the missing pieces. It’s a mess, and that doesn’t help those who are trying to implement secure real-time communications. We can do better and hopefully we will do better.

While WebRTC mandates encrypted communication channels, it doesn’t mean that all platforms are secure. Also there are as many definitions of “secure platform” as people implementing them.

There are hooks and new solutions to build from, but few implementers get the requirements, time and resources to do this.

Let’s discuss what the issues are, where privacy plays in, the missing support in the standard documents and where to go next.

We will also talk about why we think that the requirements for security are missing in almost every project and how we can change that.

Keywords:

– #MoreCrypto: PKI and TLS
– Oauth2 and OpenID connect, where do they fit in?
– SIP, The session initiation protocol
– WebRTC
– SRTP, Secure RealTime Protocol

Security and Real-time Communications – a maze of twisty little passages, that all look alike.
Olle E. Johansson, Consultant in network security and real-time communication – PKI, webrtc, SIP , XMPP. Kamailio and Asterisk expert.

Olle has worked with Internet and TCP/IP networking for almost 30 years and is a developer, project manager, documentation writer, trainer and a secret lover of X.509 and PKI. Olle is active in the IETF and has co-authored an RFC and contributed to many. He has spoken at many conferences and trained many, many Asterisk and Kamailio admins. Olle co-founded Astricon, the Asterisk conference. Outside of work he is an oral storyteller and spends a lot of time in his garden back home in Sweden.

After almost 20 years of working with real-time communication: SIP, XMPP, WebRTC, and other protocols and platforms. I haven’t built a standard compliant secure platform once with strong encryption and identity handling. I’ve been close, but no cigar.

Looking at the standard documents for SIP, there are a lot of missing pieces and most of the Open Source implementations are missing large amounts of code to implement both existing security specifications as well as the missing pieces. It’s a mess, and that doesn’t help those who are trying to implement secure real-time communications. We can do better and hopefully we will do better.

While WebRTC mandates encrypted communication channels, it doesn’t mean that all platforms are secure. Also there are as many definitions of “secure platform” as people implementing them.

There are hooks and new solutions to build from, but few implementers get the requirements, time and resources to do this.

Let’s discuss what the issues are, where privacy plays in, the missing support in the standard documents and where to go next.

We will also talk about why we think that the requirements for security are missing in almost every project and how we can change that.

Keywords:

– #MoreCrypto: PKI and TLS
– Oauth2 and OpenID connect, where do they fit in?
– SIP, The session initiation protocol
– WebRTC
– SRTP, Secure RealTime Protocol

Advertisement
Advertisement

More Related Content

Similar to Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson (20)

Advertisement

More from Alan Quayle (20)

Recently uploaded (20)

Advertisement

Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson

  1. 1. REALTIME SECURITY SIP,WEBRTC AND STUFF oej@edvina.net | @oej November 2020 “you are in a maze of twisty little passages, all alike” the adventure game. 1 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. “OH NO, NOT AGAIN” MARWIN, the paranoid android 2
  2. 2. YES, ONE MORE TIME! Olle - the stubborn evangelist. 3 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. OLLE E. JOHANSSON • History:Asterisk developer • Contributor to Kamailio, Janus, Baresip and other projects • Consultant, trainer, amateur gardener, dog owner, storyteller • SIP,WebRTC, XMPP, MQTT, IP (4&6), PKI,TLS… 4
  3. 3. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. AGENDA • Introduction - problem overview • SIP &TLS • WebRTC • Summary 5 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WARNING Massive slide re-use. Some of these are between 5-10 years old but still valid. Change does not happen over night, folks. If you are concerned about security: DON’T GIVE UP! 6
  4. 4. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHAT IS REALTIME COMMUNICATION SECURITY? According to @oej 7 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. From this... …to this 8
  5. 5. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. Talk Video Chat Application sharing 3D holographic 7.1 conferences 9 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. CONVERSATIONS BETWEEN TWO OR MORE PEOPLE 10
  6. 6. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. OUT OF SCOPETODAY. Tommy the system intruder Christina the network sniffer Adrian the BOT network manager Marwin the fraudster 11 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. IN SCOPE You Me 12
  7. 7. WHAT ISTHE PROBLEM? The usual security issues... 13 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHO’STALKING? You Me Identity 14
  8. 8. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHO IS LISTENING? You Me Confidentiality 3rd party 15 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. DIDYOU REALLY WRITETHAT? You Me Integrity 16
  9. 9. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. YOU CAN’T DOTHAT. You Me Authorization 17 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHO AM I? Me IP Phone Softphone Chat client Car Pad Set-top-box Laptop Cell phone 18
  10. 10. YOU ANDYOUR DEVICES Me IP Phone Softphone Chat client Car Pad Set-top-box Laptop Cell phone 19 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. THE IP REALTIME WORLD DATACOM TELECOM 20
  11. 11. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. NETWORK SECURITY You Me Our problem 21 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TELECOM SECURITY MODEL You Me In the telco we trust. 22
  12. 12. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. END2END ORTHROUGH PROXY SERVER? Do you want someone else to handle your keys? Do you want to set up a secure session between you and me? If so, how? You Me 23 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. THIS APPLIESTO MANY PROTOCOLS SIP XMPP WEBRTC ? 24
  13. 13. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. THETOOLBOX TLS SIGNALLING DTLS/SRTP MEDIA SIP IDENTITY S/MIME INTEGRITY HTTP DIGEST AUTH MSRP/TLS CHAT IDENTITY Oauth2, GNAP MLS (Coming) 25 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHAT’STHE ISSUE WITH REALTIME SECURITY? Almost No one asks for it. Therefore no one implements it. Which means lack of experience. 26
  14. 14. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHAT I FAILTO UNDERSTAND. Why does nobody care, really? 27 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FINAL QUESTION: What’s a secure session for you? 28
  15. 15. THE IDENTITY - WHO AREYOU? And can you prove that claim? 29 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP AUTHENTICATION • History: HTTP Digest MD5 auth or TLS client certs • Improvement: SHA256 and SHA512 • Next step: Oauth2/OpenID connect authentication using JWTTokens How do you migrate to stronger auth? How do we separate device and person? 30
  16. 16. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FIKA BREAK This is a good moment to take a break, refill your tea cup and stand up. 31 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FIKA BREAK 32
  17. 17. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FIKA BREAK 33 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FIKA BREAK 34
  18. 18. TLS -TRANSPORT LAYER SECURITY. 35 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS IN ONE PICTURE Server Network Link Application Client Identity check Algorithm agreement Key Set up Encryption of data Without prior agreement Certificate validation 36
  19. 19. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS & S/MIME USAGE IN SIP • TLS is used in SIP for • authentication of servers and clients • initiating encryption of a session • digital signatures on SIP messages to ensure integrity and provide authentication • S/MIME is used for message integrity and authentication Authentication Who are you? Prove it! Encryption Providing confidentiality Integrity Making sure that the receiver get what the 37 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS & S/MIME USAGE IN WEBRTC • TLS is mandatory in webrtc for • authentication of web servers • encryption of the HTTP session • DTLS is used for • initiating encryption of a session - but not for encrypting the session • but the DTLS certificates are not validated by default! Authentication Who are you? Prove it! Encryption Providing confidentiality Integrity Making sure that the receiver get what the sender sent 38
  20. 20. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP TLS CONNECTIONS • The SIP UA Client sets up connection to server (proxy or UAS) onTLS port • TLS negotiation happens before SIP starts, • Server always provide certificate • Client challenges certificate to make sure that server has private key for certificate’s public key • Client may check the validity of the server cert before accepting connection to proceed • What trust store does the client (phone) use? 39 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS CLIENT AUTHENTICATION • Server may request client certificate and challenge certificate • This may replace WWW digest auth and provide an accepted identity of the SIP user • Problematic if there’s an untrusted SIP proxy in the path 40
  21. 21. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS TRUST • If you only need a basic encrypted session, i.e. some confidentiality, there’s no need to check the certificates - but you can’t really trust that the session is confidential • If you want more than simple confidentiality, you need to make sure the software on both sides handle verification of the certificates •Are they signed by a trusted third party? •Is the subject of the certificate authorized to use your system? •Does the certificate allow usage for SIP session setups? •Are they still valid? 41 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIPS: - WAS A BAD IDEA. Just forget it. SIP doesn’t work like the web. 42
  22. 22. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. A SIP REGISTRATION AND CALL SIP client/server (phone) SIP serverHello, here’s my current location SIP Contact URI (IPv6 or IPv4 address + port) Incoming callIncoming call sent to Contact URI Contact URI Two separate Connections/Flows 43 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. …WITH TLS SIP client/server (phone) SIP server Hello, here’s my current location SIP Contact URI (IPv6 or IPv4 address + port) Incoming call Incoming call TLS TLS The phone needs to be a TLS server with a certificate Contact URI The cert needs to match the Contact URI. Which is changing unless you use GRUU Contact URI 44
  23. 23. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP MATCHING SERVER CERTIFICATE sip:alice@example.com SIP server cn: example.com san: ww.example.com SIP server cn: namn.se san: example.com SIP server cn: example.com DNS SRV for example.com points to sip01.siphosting.com FAIL OK!OK! SIP server cn: *.example.com Fail Wildcards are not allowed. With no SAN, CN is used. But only with no SAN. RFC 5922 - SIP domain certificates 45 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. IN XMPP AN OPEN CONNECTION = “AVAILABLE” XMPP client XMPP server Incoming message TLS A client without a connection is off line. OneTCP/TLS connection. 46
  24. 24. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP XMPP STYLE = SIP OUTBOUND SIP client/server (phone) SIP server Incoming call TLS Reuse the same connection, managed by the client! REGISTER INVITE As long as we have at least one connection, the UA is ”online” and available. RFC 5626 47 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP OUTBOUND AND IP FLOWS SIP ”it’s really hard to notice that aTCP connection is dead” Panagiotis Stathopoulos at #Fosdem 2016 UA SIP SIP SIP edge proxys SIP location server 48
  25. 25. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SECURITY? NO GUARANTEES, EVER SIP SIP UA UA The user can only control and verify the first hop 49 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. CLIENT CERTIFICATES CAN BE TRICKY SIP SIP UA THIS SERVER (THE REGISTRAR) CAN’TVERIFY THE CLIENT CERTIFICATE. TLS hop 50
  26. 26. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. IN SHORT FOR SIP: WITHOUT OUTBOUND, YOU’RE A NO GO Managing client certs is a pain and a high cost. Keep your connections happy and users secure! 51 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WORK TO DO Kill SIPS: Finally. Get rid of it. Clarify SIP/TLS usage. Mandate outbound for phones. Standardize SIP client certificates. Standardise DANE usage in SIP. Work on Peer-to- peer security for all protocols. 52
  27. 27. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SUMMARY “you are in a maze of twisty little passages, all alike” the adventure game. 53 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHAT CAN YOU DO NOW? 54
  28. 28. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FIRST STEPS • UseTLS as first hop protection - just do it.Always. • Add SIP client certs to provisioning if you can • Demand properTLS implementation from phone vendors • Require DTLS key exchange and SRTP (like in WebRTC) • Require vendors to leave the MD5 auth and SDES key exchange behind and move to stronger solutions 55 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FOR WEBRTC PLATFORMS • Depends on your usage and users • If you want improved security: • Normal web security advice apply for the web and app part • Tie the DTLS cert to a real identity (IDP) • always validate certs 56
  29. 29. IN SHORT: CLEARTEXT IS A BAD IDEA Classic SIP: No confidentiality, bad auth SIP +TLS oppurtunistic crypto: Basic confidentiality for signalling SIP +TLS oppurtunistic crypto + SRTP Basic confidentiality for calls SIP + MutualTLS+ SRTP Secure conversations - + + + 57 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHATEVER YOU DO: • Listen to Sandro: Always test your security! 58
  30. 30. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. STAY UPTO DATE. Security is never done. 59 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. BUILD WITH SECURITY. DON’T WAITTO ADD IT AFTERWARDS. 60
  31. 31. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. DON’T EVER STOP. IT SECURITY IS A PROCESS. 61 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. MONEY TALKS PUT PRESSURE ONYOUR VENDORS. 62
  32. 32. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. IF NEEDED, GET HELP. IT SECURITY NEEDS AN EXTRA PAIR OF EYES. 63 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. STAY CURIOUS. 64
  33. 33. THANKYOU. @oej | oej@edvina.net 65

×