Real-Time-Communications Security-How to Deploy Presence and Instant Messaging Services

1,263 views

Published on

Presence- und Instant-Messaging-Programme wie AOL Instant Messenger sowie ICQ, Microsoft Messenger und Yahoo Messenger erfreuen sich einer stark steigenden Nutzung – insbesondere auch am Arbeitsplatz. Deren Nutzung führt jedoch zu erheblichen Bedro-hungsszenarien für die Unternehmenssicherheit. Richtig eingesetzt können IT-basierte Echt-zeitkommunikationssysteme jedoch signifikante Effizienzpotenziale für Unternehmen er-schließen.
Daher ist die Realisierung geeigneter Lösungsarchitekturen von zentraler Bedeutung bei der Einführung von IT-basierten Echtzeitkommunikationsdiensten in Unternehmensnetzen. Die-ser Vortrag erörtert die gegebenen Bedrohungen, untersucht Gegenmaßnahmen und skiz-ziert Architekturen für die sichere Nutzung solcher Dienste.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,263
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Real-Time-Communications Security-How to Deploy Presence and Instant Messaging Services

  1. 1. Dr. Oliver Pfaff Real-Time-Communications Security How to Deploy Presence and Instant Messaging Services? Siemens Security Forum March 2-5 , 2004; Munich
  2. 2. Introduction What Are Real-Time-Communications? <ul><li>Real-time-communications (RTC for short) allow users to interact in real-time. RTC services include: </li></ul><ul><ul><li>Voice conversation </li></ul></ul><ul><ul><li>File and application sharing </li></ul></ul><ul><ul><li>Instant messaging </li></ul></ul><ul><ul><li>... </li></ul></ul><ul><li>Various bodies such as the ITU (e.g. H.323) and IETF (e.g. SIP/SIMPLE, RTP) develop RTC technologies. </li></ul>File sharing Application sharing Voice conversation Instant messaging ... Presence <ul><li>The core RTC service of presence allows users to manage their ( online ) availability. </li></ul>
  3. 3. Introduction What Do Presence Services Provide? <ul><li>Presence services supply meta-information about a user‘s own presence as well as that of peers (aka: buddies) e.g.: </li></ul><ul><ul><li>Availability e.g. online /offline/busy/away/do-not-disturb </li></ul></ul><ul><ul><li>Communication means e.g. cellular phone and contact address e.g. +49.172.8250805 </li></ul></ul><ul><ul><li>Device capability: e.g. voice-only </li></ul></ul><ul><ul><li>Communication preferences: e.g. only-if-urgent </li></ul></ul><ul><li>Presence facilitates communications without requiring to know the whereabouts of peers (which communication device / address...). It is a core enabler for other RTC services: </li></ul><ul><ul><li>Instant messaging is a basic presence-enabled service that allows to synchronously exchange (textual) information between online users. User agents typically bundle presence and instant messaging. </li></ul></ul><ul><ul><li>Presence facilitates other synchronous communication services such as voice conversations and supports asynchronous communications, too. </li></ul></ul>
  4. 4. Introduction What is the Current Status? <ul><li>Personal use: </li></ul><ul><ul><li>Presence and instant messaging services already have about 200M users world-wide (expected to grow to 500M by 2006). Popular clients: </li></ul></ul><ul><ul><ul><li>AOL Instant Messenger (AIM) and ICQ ( I Seek U ) </li></ul></ul></ul><ul><ul><ul><ul><li>Instant messaging (text/voice), file transfer / sharing, inline image transfer and game requests (AIM only). </li></ul></ul></ul></ul><ul><ul><ul><li>Microsoft .NET Messenger (formerly MSN Messenger) </li></ul></ul></ul><ul><ul><ul><ul><li>Instant messaging (text/voice/video), file transfer, application sharing, whiteboard, and remote assistance. </li></ul></ul></ul></ul><ul><ul><ul><li>Yahoo! Messenger </li></ul></ul></ul><ul><ul><ul><ul><li>Instant messaging (text/voice/video), file transfer / sharing. </li></ul></ul></ul></ul><ul><li>Business use: </li></ul><ul><ul><li>Presence and instant messaging services currently reach enterprises: </li></ul></ul><ul><ul><ul><li>Raising productivity and reducing costs are key drivers of business use. </li></ul></ul></ul><ul><ul><ul><li>30% of the US information workers have at least one presence and instant messaging client (source: Microsoft). </li></ul></ul></ul>
  5. 5. Consumer-Grade Solutions Basic Architecture [email_address] [email_address] Presence and instant messaging service ‘rtc.com‘ Presence and instant messaging user agents 1 2 4 3 4 3 1. Register at presence service (authenticate) 1 2 2. Process incoming / request subscriptions 3. Supply / receive presence information 3 4. Supply / receive instant messages 4
  6. 6. Consumer-Grade Solutions ...in Relation to Enterprises Corporate network ‘acme.com‘ Presence and instant messaging user agents Presence and instant messaging service ‘rtc.com‘ [email_address] [email_address] sue@ acme.com bob@ acme.com Proxy <ul><li>Presence and instant messaging services are delivered via HTTP. </li></ul><ul><li>User agents act as clients only. </li></ul><ul><li>Standard HTTP proxies provide sufficient connectivity. </li></ul>
  7. 7. Consumer-Grade Solutions IT-Security Status Quo ( Benchmark: Enterprise E-Mail Services ) <ul><li>Namespace integration: </li></ul><ul><ul><li>Integrate with the enterprise identity management. </li></ul></ul><ul><ul><li>Do not integrate with the enterprise identity management. </li></ul></ul><ul><li>Identity theft: </li></ul><ul><ul><li>Perform user authentication against IT-systems owned by the organization. </li></ul></ul><ul><ul><li>Require authentication against third party IT-systems via shared secrets. Thus, service providers can impersonate users. Moreover, attackers may impersonate users by exploiting authentication scheme limitations: </li></ul></ul><ul><ul><ul><li>User authentication: </li></ul></ul></ul><ul><ul><ul><ul><li>Shared secrets are transferred in cleartext-equivalent form as well as via simple challenge-response. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Cleartext identifiers maintain session state. </li></ul></ul></ul></ul><ul><ul><ul><li>Server authentication: </li></ul></ul></ul><ul><ul><ul><ul><li>None </li></ul></ul></ul></ul><ul><li>Legend: </li></ul><ul><li>Enterprise E-Mail services: italics, gray </li></ul><ul><li>Consumer presence and instant messaging services: normal, black </li></ul>
  8. 8. Consumer-Grade Solutions IT-Security Status Quo ( Benchmark: Enterprise E-Mail Services) <ul><li>Message protection: </li></ul><ul><ul><li>Provide the capability to protect messages between two adjacent tiers in an E-Mail system as well as to protect the information exchanged between sender and receiver. </li></ul></ul><ul><ul><li>Standard offerings do not provide transport or information-bound protection: data moves as cleartext across the perimeters of corporate networks and is exposed to services providers as well as attackers. </li></ul></ul><ul><li>Protection against viruses, worms, Trojan horses,.... </li></ul><ul><ul><li>Employ protection (e.g. content-dependent message filtering) upon MTA systems at network boundaries. </li></ul></ul><ul><ul><li>No similar protection due to the tunneling of network boundary systems (bypassing firewall controls). Thus, presence and instant messaging clients deliver entry points for viruses, worms, Trojan horses,… </li></ul></ul><ul><li>Legend: </li></ul><ul><li>Enterprise E-Mail services: italics, gray </li></ul><ul><li>Consumer presence and instant messaging services: normal, black </li></ul>
  9. 9. Consumer-Grade Solutions How to Prohibit Such Services? <ul><li>Strategies: </li></ul><ul><li>Out-ruling: </li></ul><ul><ul><li>Make such services illegal </li></ul></ul><ul><li>Prevention: </li></ul><ul><ul><li>Prohibit the installation of user agents </li></ul></ul><ul><ul><li>Block communications across Intranet boundaries </li></ul></ul>
  10. 10. Consumer-Grade Solutions Does Communication Blocking Work? <ul><li>Blocking presence and instant messaging services at firewalls is difficult: </li></ul><ul><li>HTTP-based exchanges: </li></ul><ul><ul><li>Target address information is provided by HTTP Host request headers: </li></ul></ul><ul><ul><ul><li>Blocking target hosts or target service ports can be defeated by means of user agent auto-reconfiguration (e.g. via additional proxies in the Internet, supplementary target service ports). </li></ul></ul></ul><ul><ul><li>Request / response contents are provided by HTTP message bodies: </li></ul></ul><ul><ul><ul><li>Protocol analysis can be defeated by means such as protocol modifications, encoding, encryption etc. </li></ul></ul></ul><ul><ul><li>Status: not prohibited by typical HTTP proxies and content security plug-ins. </li></ul></ul><ul><li>HTTP-over-SSL / TLS exchanges: </li></ul><ul><ul><li>Target address information is provided by HTTP CONNECT requests (assumption: SSL / TLS is not terminated at the network boundary): </li></ul></ul><ul><ul><ul><li>Cf. above remarks on additional proxies and port-agility. </li></ul></ul></ul><ul><ul><li>Status: services do not (yet) employ HTTP-over-SSL / TLS. </li></ul></ul>
  11. 11. Consumer-Grade Solutions How to React? <ul><li>Reactions depend on the considered scenario: </li></ul><ul><li>Employees want to communicate with (non-business) partners outside the enterprise : </li></ul><ul><ul><li>Explicitly out-rule consumer presence and instant messaging services. </li></ul></ul><ul><ul><ul><li>Not only because of possible security breaches but also because of causing &quot;instant distractions&quot; for employees. </li></ul></ul></ul><ul><ul><li>Prevent them: prohibit the installation of user agents, block communications across Intranet boundaries. </li></ul></ul><ul><li>Employees want to communicate with (project) partners in the enterprise : </li></ul><ul><ul><li>Provide an enterprise presence and instant messaging service (intra-enterprise). </li></ul></ul><ul><li>Employees want to communicate with (business) partners outside the enterprise : </li></ul><ul><ul><li>Interconnect the enterprise presence and instant messaging service with partners (inter-enterprise). </li></ul></ul>
  12. 12. Enterprise-Grade Solutions Fundamental Properties <ul><li>Facilitate intra-enterprise communications in the first place: </li></ul><ul><ul><li>Systems are based on network services (in the Intranet) as well as user agents (upon the system of the user). </li></ul></ul><ul><ul><li>Hub-and-spoke architectures are employed. </li></ul></ul><ul><ul><li>Traversing firewalls is not required for basic network topologies. </li></ul></ul><ul><ul><li>May be extended to provide inter-enterprise communications. </li></ul></ul><ul><li>Communications are based on SIP and SIMPLE: </li></ul><ul><ul><li>User agents and network services are based on SIP client / server functionality. </li></ul></ul><ul><ul><li>User agents do comprise a communication client and server: </li></ul></ul><ul><ul><ul><li>Sending information is done as a communication client. </li></ul></ul></ul><ul><ul><ul><li>Retrieving information is done as a communication server. </li></ul></ul></ul><ul><ul><ul><li>Note: this is a contrast to consumer-grade solutions where information is received via polling (when user agents are deployed in an Intranet). </li></ul></ul></ul>
  13. 13. Enterprise-Grade Solutions Basic Architecture on Base of SIP/SIMPLE 1.1 SIP REGISTER... 1.3 SIP REGISTER...Authorization... Sue signs in to RTC services [email_address] Presence and instant messaging service ‘rtc.acme.com‘ [email_address] SIP UAC SIP UAS SIP UAS SIP UAC SIP UAC SIP UAS 1.2 SIP 401 Unauthorized...WWW-Authenticate.... 1.4 SIP 200 OK.... Corporate network ‘acme.com‘
  14. 14. Enterprise-Grade Solutions Basic Architecture on Base of SIP/SIMPLE [email_address] Presence and instant messaging service ‘rtc.acme.com‘ [email_address] Corporate network ‘acme.com‘ Sue obtains her roaming data (e.g. contact list) SIP UAC SIP UAS SIP UAS SIP UAC SIP UAC SIP UAS 2.1 SIP SUBSCRIBE... 2.2 SIP 200 OK.... 2.3 SIP NOTIFY... Roaming data 2.4 SIP 200 OK....
  15. 15. Enterprise-Grade Solutions Basic Architecture on Base of SIP/SIMPLE [email_address] Presence and instant messaging service ‘rtc.acme.com‘ [email_address] Corporate network ‘acme.com‘ Bob wants to subscribe to the presence of Sue SIP UAC SIP UAS SIP UAS SIP UAC SIP UAC SIP UAS 3.1 SIP SUBSCRIBE... 3.2 SIP 200 OK.... 3.3 SIP NOTIFY... 3.4 SIP 200 OK....
  16. 16. Enterprise-Grade Solutions Basic Architecture on Base of SIP/SIMPLE [email_address] Presence and instant messaging service ‘rtc.acme.com‘ [email_address] Corporate network ‘acme.com‘ SIP UAC SIP UAS SIP UAS SIP UAC SIP UAC SIP UAS 4.3 SIP NOTIFY...Presence data 4.4 SIP 200 OK.... Sue grants Bob ‘s subscription 4.1 SIP SERVICE... Authorization data 4.2 SIP 200 OK.... Bob obtains Sue ‘s presence information
  17. 17. Enterprise-Grade Solutions Basic Architecture on Base of SIP/SIMPLE [email_address] Presence and instant messaging service ‘rtc.acme.com‘ [email_address] Corporate network ‘acme.com‘ Bob says ‚hello‘ SIP UAC SIP UAS SIP UAS SIP UAC SIP UAC SIP UAS 4.1 SIP MESSAGE...Data 4. 3 SIP 200 OK.... 4.2 SIP MESSAGE...Data 4. 4 SIP 200 OK....
  18. 18. Enterprise-Grade Solutions Inter-Enterprise Communications Corporate network ‘acme.com‘ bob@ acme.com Presence and instant messaging user agents Presence and instant messaging service ‘rtc.acme.com‘ sue@ acme.com Proxy Presence and instant messaging user agents Presence and instant messaging service ‘rtc.foo.com‘ Proxy ann@ foo.com tom@ foo.com Corporate network ‘foo.com‘
  19. 19. Enterprise-Grade Solutions IT-Security Status Quo <ul><li>Namespace integration: </li></ul><ul><ul><li>Presence and instant-messaging systems do (have to) integrate with the enterprise identity management. </li></ul></ul><ul><li>Identity theft: </li></ul><ul><ul><li>Presence and instant-messaging systems do perform user authentication against IT-systems owned by the organization. </li></ul></ul><ul><li>Message protection: </li></ul><ul><ul><li>Presence and instant-messaging systems do typically provide the capability to protect messages between two adjacent systems tiers. </li></ul></ul><ul><ul><li>Issue: information-bound, end-to-end protection between sender and receiver (esp. in architectures employing server-side presence agents). </li></ul></ul><ul><li>Protection against viruses, worms, Trojan horses,.... </li></ul><ul><ul><li>As usual with enterprise applications (product and deployment-specific). </li></ul></ul>
  20. 20. Conclusions <ul><li>Presence represents an important new paradigm in IT-based communications. </li></ul><ul><ul><li>Presence-enabled services have the potential to raise productivity and reduce costs. </li></ul></ul><ul><li>Consumer-grade solutions are not suitable for corporate communications since they do not deliver a suitable level of IT-security. </li></ul><ul><ul><li>Their employment and use should be out-ruled and prohibited. </li></ul></ul><ul><li>Enterprise-grade solutions are suitable for corporate communications since they are capable to deliver an adequate level of IT-security as well as integration with the corporate infrastructure. </li></ul>
  21. 21. Abbreviations <ul><li>AIM AOL Instant Messenger </li></ul><ul><li>ICQ I Seek U </li></ul><ul><li>MSN Microsoft Network </li></ul><ul><li>RTP Real-time Transport Protocol </li></ul><ul><li>SIMPLE SIP for Instant Messaging and Presence Leveraging </li></ul><ul><li>SIP Session Initiation Protocol </li></ul><ul><li>UA User Agent </li></ul><ul><li>UAC User Agent Client </li></ul><ul><li>UAS User Agent Server </li></ul>
  22. 22. Author Information <ul><li>Dr. Oliver Pfaff </li></ul><ul><li>Siemens AG </li></ul><ul><li>Information and Communication Networks </li></ul><ul><li>Charles-de-Gaulle-Str. 2 </li></ul><ul><li>D-81730 Munich </li></ul><ul><li>E-Mail: oliver.pfaff@siemens.com </li></ul><ul><li>Office: +49.89.722.53227 </li></ul><ul><li>Mobile: +49.172.8250805 </li></ul>

×