Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson

1. REALTIME SECURITY SIP,WEBRTC AND STUFF oej@edvina.net | @oej November 2020 “you are in a maze of twisty little passages, all alike” the adventure game. 1 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. “OH NO, NOT AGAIN” MARWIN, the paranoid android 2

2. YES, ONE MORE TIME! Olle - the stubborn evangelist. 3 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. OLLE E. JOHANSSON • History:Asterisk developer • Contributor to Kamailio, Janus, Baresip and other projects • Consultant, trainer, amateur gardener, dog owner, storyteller • SIP,WebRTC, XMPP, MQTT, IP (4&6), PKI,TLS… 4

3. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. AGENDA • Introduction - problem overview • SIP &TLS • WebRTC • Summary 5 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WARNING Massive slide re-use. Some of these are between 5-10 years old but still valid. Change does not happen over night, folks. If you are concerned about security: DON’T GIVE UP! 6

5. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. Talk Video Chat Application sharing 3D holographic 7.1 conferences 9 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. CONVERSATIONS BETWEEN TWO OR MORE PEOPLE 10

6. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. OUT OF SCOPETODAY. Tommy the system intruder Christina the network sniffer Adrian the BOT network manager Marwin the fraudster 11 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. IN SCOPE You Me 12

8. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHO IS LISTENING? You Me Conﬁdentiality 3rd party 15 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. DIDYOU REALLY WRITETHAT? You Me Integrity 16

9. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. YOU CAN’T DOTHAT. You Me Authorization 17 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHO AM I? Me IP Phone Softphone Chat client Car Pad Set-top-box Laptop Cell phone 18

11. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. NETWORK SECURITY You Me Our problem 21 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TELECOM SECURITY MODEL You Me In the telco we trust. 22

12. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. END2END ORTHROUGH PROXY SERVER? Do you want someone else to handle your keys? Do you want to set up a secure session between you and me? If so, how? You Me 23 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. THIS APPLIESTO MANY PROTOCOLS SIP XMPP WEBRTC ? 24

13. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. THETOOLBOX TLS SIGNALLING DTLS/SRTP MEDIA SIP IDENTITY S/MIME INTEGRITY HTTP DIGEST AUTH MSRP/TLS CHAT IDENTITY Oauth2, GNAP MLS (Coming) 25 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHAT’STHE ISSUE WITH REALTIME SECURITY? Almost No one asks for it. Therefore no one implements it. Which means lack of experience. 26

14. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHAT I FAILTO UNDERSTAND. Why does nobody care, really? 27 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FINAL QUESTION: What’s a secure session for you? 28

15. THE IDENTITY - WHO AREYOU? And can you prove that claim? 29 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP AUTHENTICATION • History: HTTP Digest MD5 auth or TLS client certs • Improvement: SHA256 and SHA512 • Next step: Oauth2/OpenID connect authentication using JWTTokens How do you migrate to stronger auth? How do we separate device and person? 30

16. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FIKA BREAK This is a good moment to take a break, reﬁll your tea cup and stand up. 31 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FIKA BREAK 32

18. TLS -TRANSPORT LAYER SECURITY. 35 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS IN ONE PICTURE Server Network Link Application Client Identity check Algorithm agreement Key Set up Encryption of data Without prior agreement Certiﬁcate validation 36

19. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS & S/MIME USAGE IN SIP • TLS is used in SIP for • authentication of servers and clients • initiating encryption of a session • digital signatures on SIP messages to ensure integrity and provide authentication • S/MIME is used for message integrity and authentication Authentication Who are you? Prove it! Encryption Providing confidentiality Integrity Making sure that the receiver get what the 37 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS & S/MIME USAGE IN WEBRTC • TLS is mandatory in webrtc for • authentication of web servers • encryption of the HTTP session • DTLS is used for • initiating encryption of a session - but not for encrypting the session • but the DTLS certificates are not validated by default! Authentication Who are you? Prove it! Encryption Providing confidentiality Integrity Making sure that the receiver get what the sender sent 38

20. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP TLS CONNECTIONS • The SIP UA Client sets up connection to server (proxy or UAS) onTLS port • TLS negotiation happens before SIP starts, • Server always provide certificate • Client challenges certificate to make sure that server has private key for certificate’s public key • Client may check the validity of the server cert before accepting connection to proceed • What trust store does the client (phone) use? 39 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS CLIENT AUTHENTICATION • Server may request client certificate and challenge certificate • This may replace WWW digest auth and provide an accepted identity of the SIP user • Problematic if there’s an untrusted SIP proxy in the path 40

21. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. TLS TRUST • If you only need a basic encrypted session, i.e. some confidentiality, there’s no need to check the certificates - but you can’t really trust that the session is confidential • If you want more than simple confidentiality, you need to make sure the software on both sides handle verification of the certificates •Are they signed by a trusted third party? •Is the subject of the certificate authorized to use your system? •Does the certificate allow usage for SIP session setups? •Are they still valid? 41 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIPS: - WAS A BAD IDEA. Just forget it. SIP doesn’t work like the web. 42

22. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. A SIP REGISTRATION AND CALL SIP client/server (phone) SIP serverHello, here’s my current location SIP Contact URI (IPv6 or IPv4 address + port) Incoming callIncoming call sent to Contact URI Contact URI Two separate Connections/Flows 43 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. …WITH TLS SIP client/server (phone) SIP server Hello, here’s my current location SIP Contact URI (IPv6 or IPv4 address + port) Incoming call Incoming call TLS TLS The phone needs to be a TLS server with a certiﬁcate Contact URI The cert needs to match the Contact URI. Which is changing unless you use GRUU Contact URI 44

23. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP MATCHING SERVER CERTIFICATE sip:alice@example.com SIP server cn: example.com san: ww.example.com SIP server cn: namn.se san: example.com SIP server cn: example.com DNS SRV for example.com points to sip01.siphosting.com FAIL OK!OK! SIP server cn: *.example.com Fail Wildcards are not allowed. With no SAN, CN is used. But only with no SAN. RFC 5922 - SIP domain certiﬁcates 45 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. IN XMPP AN OPEN CONNECTION = “AVAILABLE” XMPP client XMPP server Incoming message TLS A client without a connection is off line. OneTCP/TLS connection. 46

24. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP XMPP STYLE = SIP OUTBOUND SIP client/server (phone) SIP server Incoming call TLS Reuse the same connection, managed by the client! REGISTER INVITE As long as we have at least one connection, the UA is ”online” and available. RFC 5626 47 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SIP OUTBOUND AND IP FLOWS SIP ”it’s really hard to notice that aTCP connection is dead” Panagiotis Stathopoulos at #Fosdem 2016 UA SIP SIP SIP edge proxys SIP location server 48

25. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SECURITY? NO GUARANTEES, EVER SIP SIP UA UA The user can only control and verify the ﬁrst hop 49 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. CLIENT CERTIFICATES CAN BE TRICKY SIP SIP UA THIS SERVER (THE REGISTRAR) CAN’TVERIFY THE CLIENT CERTIFICATE. TLS hop 50

26. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. IN SHORT FOR SIP: WITHOUT OUTBOUND, YOU’RE A NO GO Managing client certs is a pain and a high cost. Keep your connections happy and users secure! 51 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WORK TO DO Kill SIPS: Finally. Get rid of it. Clarify SIP/TLS usage. Mandate outbound for phones. Standardize SIP client certiﬁcates. Standardise DANE usage in SIP. Work on Peer-to- peer security for all protocols. 52

27. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. SUMMARY “you are in a maze of twisty little passages, all alike” the adventure game. 53 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHAT CAN YOU DO NOW? 54

28. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FIRST STEPS • UseTLS as ﬁrst hop protection - just do it.Always. • Add SIP client certs to provisioning if you can • Demand properTLS implementation from phone vendors • Require DTLS key exchange and SRTP (like in WebRTC) • Require vendors to leave the MD5 auth and SDES key exchange behind and move to stronger solutions 55 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. FOR WEBRTC PLATFORMS • Depends on your usage and users • If you want improved security: • Normal web security advice apply for the web and app part • Tie the DTLS cert to a real identity (IDP) • always validate certs 56

29. IN SHORT: CLEARTEXT IS A BAD IDEA Classic SIP: No confidentiality, bad auth SIP +TLS oppurtunistic crypto: Basic confidentiality for signalling SIP +TLS oppurtunistic crypto + SRTP Basic confidentiality for calls SIP + MutualTLS+ SRTP Secure conversations - + + + 57 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. WHATEVER YOU DO: • Listen to Sandro: Always test your security! 58

30. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. STAY UPTO DATE. Security is never done. 59 Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved. BUILD WITH SECURITY. DON’T WAITTO ADD IT AFTERWARDS. 60

33. THANKYOU. @oej | oej@edvina.net 65

Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson

You are reading a preview.

Check these out next

Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson

More Related Content

Slideshows for you (13)

Similar to Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson (20)

More from Alan Quayle (20)

Recently uploaded (20)