The document discusses security issues in VOIP. It begins with an introduction to VOIP and its increasing popularity. It then outlines the VOIP architecture, covering signaling protocols H.323 and SIP. It describes common VOIP threats like denial of service, eavesdropping, and call fraud. Specific VOIP attacks are explained at the signaling and media layers. The document concludes with an overview of security solutions for VOIP including authentication, confidentiality, and media encryption.
PLNOG14: Fortinet, Carrier and MSSP - Robert DąbrowskiPROIDEA
Robert Dąbrowski - Fortinet
Language: English
The presentation covers types of projects as well as specific examples of FORTINET activity in the telecommunications sector.
It showcases technologies, their development and advancement driven by the needs of service providers for securing the ISP infrastructure and MSSP service distribution.
Register to the next PLNOG edition today: krakow.plnog.pl
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisP1Security
HLR and HSS are the most important Telecom Equipment in an Operator Core
Network.
We are going to see that this so-called “Critical Infrastructure” is not
as robust as you could think, by exploring the some weaknesses of the
HLR/HSS equipment.
Plan:
* Virtualization of HLR/HSS, for instrumentation purposes
* HLR/HSS system analysis
* SS7/Diameter network fuzzing
* HLR/HSS binaries reverse
Philippe Langlois - LTE Pwnage - P1securityP1Security
Today, we’re entering the realm of LTE super high speed always-on connectivity and with that comes the victory of TCP/IP in front of the old ITU/3GPP protocols. And with this comes many side effects: software gets standardized, everything runs on top of ATCA (Advanced Telecom Computing Architecture) hardware running mostly Linux -give or take 6 or 8 proprietary FPGA-based sister cards, TFTP-booted with decade old VxWorks that routinely show hardcoded DES credentials and funny “behaviour”. Easily 20 GB of fat C++ binaries, some for x86, PPC, MIPS, some with up to 200 Mbytes file sizes for one single EXE! It’s called a vulnerability research and reverse engineering paradise… or hell.
All the protocols now run on top of IP, which ends up having 12 layers thanks to encapsulation and still the weight of legacy in bugs quantity and diversity. We’ll see how the porting of SS7 MAP on top of IP (SIGTRAN, Diameter) has given rise to funny Denial of Service (DoS) attacks against telecom core elements (DSR, STP), with trashy-crashy anti-forensics consequences for DPI and tracking (Hey @grugq!!).
We’ll look into specific vulnerabilities, and talk about the very particular way that Network Equipment Vendors deal with security in the telecom domain.
We will demo a virtualized Huawei HSS from our testbed and show some of the vulnerabilities and attacks directly on the equipment itself. We will finally talk about telco equipment and product security reviews and the fallacy of (some) certification and (many) standardization attempts. We will then see how to conduct a practical and fast telecom product security life cycle with automation and open source tools.
Diameter protocol has been introduced to replace in many aspects SS7/SIGTRAN in the LTE and VoLTE networks, and such as these 2G/3G networks, Diameter also has its dedicated global roaming network named IPX (IP eXchange) that allows international roaming for LTE users..
Back in the days Diameter was already used by the PCRF in 2G/3G networks for charging purposes, but its usage has been extended to completely replace the signalization role of SS7/SIGTRAN in LTE networks. SS7/SIGTRAN security flows are now public after several publications, but what about Diameter security ? By replacing old and insecure protocols, does Diameter come with built-in security?
During the presentation, we will study how the IPX infrastructure operates and how security is taken into account nowadays regarding the newest 4G telecom technologies. Getting into different point of view allowed us to find major Diameter vulnerabilities via the IPX, which affect almost all the network elements HSS, MME, GMLC, PCRF, PDN GW, including DNS serving telecom TLDs. Understanding the mistakes that led to a former generation of telecom networks we came out with insecure protocols will maybe help us to push security by design in the future.
Nevertheless, as a telecom provider we will provide recommendations to secure LTE infrastructures and share technical countermeasures we have implemented against different Diameter attacks and fraud scenarios to protect our network and customers. Along with recommendations, we will present some ways on how to self audit and do self monitoring of your network, as we consider that telecom providers need to take back the control of their networks!
Troopers website link: https://www.troopers.de/events/troopers16/653_assaulting_ipx_diameter_roaming_network/
PLNOG14: Fortinet, Carrier and MSSP - Robert DąbrowskiPROIDEA
Robert Dąbrowski - Fortinet
Language: English
The presentation covers types of projects as well as specific examples of FORTINET activity in the telecommunications sector.
It showcases technologies, their development and advancement driven by the needs of service providers for securing the ISP infrastructure and MSSP service distribution.
Register to the next PLNOG edition today: krakow.plnog.pl
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisP1Security
HLR and HSS are the most important Telecom Equipment in an Operator Core
Network.
We are going to see that this so-called “Critical Infrastructure” is not
as robust as you could think, by exploring the some weaknesses of the
HLR/HSS equipment.
Plan:
* Virtualization of HLR/HSS, for instrumentation purposes
* HLR/HSS system analysis
* SS7/Diameter network fuzzing
* HLR/HSS binaries reverse
Philippe Langlois - LTE Pwnage - P1securityP1Security
Today, we’re entering the realm of LTE super high speed always-on connectivity and with that comes the victory of TCP/IP in front of the old ITU/3GPP protocols. And with this comes many side effects: software gets standardized, everything runs on top of ATCA (Advanced Telecom Computing Architecture) hardware running mostly Linux -give or take 6 or 8 proprietary FPGA-based sister cards, TFTP-booted with decade old VxWorks that routinely show hardcoded DES credentials and funny “behaviour”. Easily 20 GB of fat C++ binaries, some for x86, PPC, MIPS, some with up to 200 Mbytes file sizes for one single EXE! It’s called a vulnerability research and reverse engineering paradise… or hell.
All the protocols now run on top of IP, which ends up having 12 layers thanks to encapsulation and still the weight of legacy in bugs quantity and diversity. We’ll see how the porting of SS7 MAP on top of IP (SIGTRAN, Diameter) has given rise to funny Denial of Service (DoS) attacks against telecom core elements (DSR, STP), with trashy-crashy anti-forensics consequences for DPI and tracking (Hey @grugq!!).
We’ll look into specific vulnerabilities, and talk about the very particular way that Network Equipment Vendors deal with security in the telecom domain.
We will demo a virtualized Huawei HSS from our testbed and show some of the vulnerabilities and attacks directly on the equipment itself. We will finally talk about telco equipment and product security reviews and the fallacy of (some) certification and (many) standardization attempts. We will then see how to conduct a practical and fast telecom product security life cycle with automation and open source tools.
Diameter protocol has been introduced to replace in many aspects SS7/SIGTRAN in the LTE and VoLTE networks, and such as these 2G/3G networks, Diameter also has its dedicated global roaming network named IPX (IP eXchange) that allows international roaming for LTE users..
Back in the days Diameter was already used by the PCRF in 2G/3G networks for charging purposes, but its usage has been extended to completely replace the signalization role of SS7/SIGTRAN in LTE networks. SS7/SIGTRAN security flows are now public after several publications, but what about Diameter security ? By replacing old and insecure protocols, does Diameter come with built-in security?
During the presentation, we will study how the IPX infrastructure operates and how security is taken into account nowadays regarding the newest 4G telecom technologies. Getting into different point of view allowed us to find major Diameter vulnerabilities via the IPX, which affect almost all the network elements HSS, MME, GMLC, PCRF, PDN GW, including DNS serving telecom TLDs. Understanding the mistakes that led to a former generation of telecom networks we came out with insecure protocols will maybe help us to push security by design in the future.
Nevertheless, as a telecom provider we will provide recommendations to secure LTE infrastructures and share technical countermeasures we have implemented against different Diameter attacks and fraud scenarios to protect our network and customers. Along with recommendations, we will present some ways on how to self audit and do self monitoring of your network, as we consider that telecom providers need to take back the control of their networks!
Troopers website link: https://www.troopers.de/events/troopers16/653_assaulting_ipx_diameter_roaming_network/
Worldwide attacks on SS7/SIGTRAN networkP1Security
Publication performed by Alexandre De Oliveira and Pierre-Olivier Vauboin during Hackito Ergo Sum 2014
Mobile telecommunication networks are complex and provide a wide range of services, making them a tempting target for fraudsters and for intelligence agencies. Moreover, the architecture, equipment and protocols used on these networks were never designed with security in mind, availability being the first concern. Today, even though some telecom operators are investing money into securing their network, events confirm that for most of them maturity in term of security is yet to come, as recently shown with the example of massive traffic interception on compromised SCCP and GRX providers like Belgacom’s BICS. Here we present the most typical and legitimate telecom callflows from making a mobile phone call to sending a SMS. Then we describe the protocol layers involved and how to abuse them, which fields can be manipulated in order to attack both the operator infrastructure and its subscribers. Finally, we show a real life example of scan performed from an international SS7 interconnection and practical attacks on subscribers such as spam, spoofed SMS and user location tracking.
Squire Technologies: Media Gateway Presentation.
The SVI_MG SS7 Media Gateway enables cost effective, scaleable SS7 and PSTN network breakout to VoIP / 4G / LTE networks, allowing carriers to realise the cost and performance benefits of integrating into an SS7 network.
The SVI_MG range of Media Gateways are a fully featured, carrier-grade product with a flexible and powerful routing engine, offered in 2 models 1000 and 8000 to satisfy clients deployment requirements and budget.
Worldwide attacks on SS7/SIGTRAN networkP1Security
Publication performed by Alexandre De Oliveira and Pierre-Olivier Vauboin during Hackito Ergo Sum 2014
Mobile telecommunication networks are complex and provide a wide range of services, making them a tempting target for fraudsters and for intelligence agencies. Moreover, the architecture, equipment and protocols used on these networks were never designed with security in mind, availability being the first concern. Today, even though some telecom operators are investing money into securing their network, events confirm that for most of them maturity in term of security is yet to come, as recently shown with the example of massive traffic interception on compromised SCCP and GRX providers like Belgacom’s BICS. Here we present the most typical and legitimate telecom callflows from making a mobile phone call to sending a SMS. Then we describe the protocol layers involved and how to abuse them, which fields can be manipulated in order to attack both the operator infrastructure and its subscribers. Finally, we show a real life example of scan performed from an international SS7 interconnection and practical attacks on subscribers such as spam, spoofed SMS and user location tracking.
Squire Technologies: Media Gateway Presentation.
The SVI_MG SS7 Media Gateway enables cost effective, scaleable SS7 and PSTN network breakout to VoIP / 4G / LTE networks, allowing carriers to realise the cost and performance benefits of integrating into an SS7 network.
The SVI_MG range of Media Gateways are a fully featured, carrier-grade product with a flexible and powerful routing engine, offered in 2 models 1000 and 8000 to satisfy clients deployment requirements and budget.
This presentation contain basic knowledge about how voIP work and what are the security threat in voIP. It will also contain how we can prevent attack on voIP system.
Rise of multimedia and network technologies, multimedia has become an indispensable feature on the Internet.
Animation, voice and video clips become more and more popular on the Internet. Multimedia networking products like Internet telephony, Internet TV, video conferencing have appeared on the market
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The Voice over Internet Protocol (VoIP). The VoIP is relatively new and is gaining more and more popularity as it offers a
wide range of features and is much more cost effective as compared to the traditional PSTN. But the VoIP brings with it certain
security threats which need to be resolved in order to make it a more reliable source of communication. Session Initiation Protocol
(SIP) today is considered the standard protocol for multimedia signaling, and the result is a very generic protocol. SIP is specified by
the IETF in RFC 3261. From a structural and functional perspective, SIP is application layer signaling text-based protocol used for
creating, modifying, and terminating multimedia communications sessions among Internet endpoints. Unfortunately, SIP-based
application services can suffer from various security threats as Denial of Service (DoS). attacks on a SIP based VoIP infrastructure that
can severely compromise its reliability. In contrast, little work is done to analyze the robustness and reliability of SIP severs under
DoS attacks. In this survey, we are discussing the DoS flooding attack on SIP server. Firstly, we present a brief overview about the SIP
protocol. Then, security attacks related to SIP protocol. After that, detection techniques of SIP flooding attack and various exploited
resources due to attack were discussed and finally the paper reviews previous work done on SIP based DoS attacks.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Security Issues In Voip
1. Security Issues in VOIP
Practical VOIP (IK2554)
Waqas Daar (daar@kth.se)
KTH, Royal Institute of Technology
Stockholm, Sweden
2. Presentation Outline
Introduction
VOIP Architecture
• H.323
• SIP
VOIP Threats
VOIP Attacks
Security Solutions
Conclusion
23/05/2008 2
3. Introduction
Voice over IP is a technology that is used to transmitt voice
from Packet switched network to Circuit swtiched network and
vice versa.
VOIP popularity is growing day by day.
• Cost Reduction
• Mobility
• Offering services like audio video conferencing, Instant
messaging etc.
23/05/2008 3
4. VOIP Architecture
VOIP technology is used to establish and managing
communication sessions for transmission of audio or video over
IP network.
VOIP signaling protocols are used to setup, tear down calls,
carry information required to locate users, and negotiate
capabilities.
• H.323
• Session Initiation Protocol (SIP)
23/05/2008 4
5. H.323
H.323 is the ITU-T standard for audio and video transmission
over packet base network. H.323 was initially targeted
multimedia conferencing over LAN.
H.323 is an umbrella protocol, which contains several other
protocols.
• H.225
• H.245
H.323 uses Real Time Protocol (RTP) for media transmission.
23/05/2008 5
6. H.323 (cont.)
H.323 network elemets
• H.323 terminal end points (TE)
• H.323 Gatekeeper (GK)
• H.323 Gateway (GW)
• H.323 Multi Control Unit (MCU)
H.323 network consist of a number of zones and each zone
must contain a H.323 Gatekeeper(GK).
23/05/2008 6
9. Session Initiation Protocol (SIP)
SIP is an application layer protocol, which is used to establish,
maintain and terminate multimedia session.
SIP is a text base protocol.
SIP uses Session Description Protocol (SDP) for setting up
parameters for actual media transmission.
RTP is used for actual media transmission.
23/05/2008 9
10. SIP Components
Two general categories of SIP are
• User Agent (UA)
• SIP User Agent Client
• SIP User Agent Server
• SIP Servers
• Proxy Server
• Redirect Server
• Registrar Server
23/05/2008 10
12. VOIP Threats
Denial of Service
Evasdropping
Call Fraud
Call Redirection
SPAM
23/05/2008 12
13. VOIP Threats (cont,)
Denial of Service
• Suffers availability of VOIP system.
Eavesdropping
• In VOIP eavesdropping is a type of an attack, if an attacker able to
eavesdropp a communication. Then he can launch different type of
an attack like Man in the Middle attack etc.
Call Fraud
Call Redirection
SPAM
23/05/2008 13
14. VOIP Attacks
Signaling Layer Attacks
• SIP Registration Hijacking
• Impersonating a Server
• SIP Message Modification
• SIP Cancel / SIP BYE attack
• SIP DOS attack
Media Layer Attacks
• Eavesdropping
• RTP insertion attack
• SSRC collision attacks
23/05/2008 14
15. Signaling Layer Attacks
SIP Registration attack
• Attacker impersonates a valid UA to a registrar himself as a valid user
agent. so attacker can recieve calls for a legitmate user.
Impersonating a Server
• When an attacker impersonates a remote server and user agent request
are served by the attacker machine.
SIP Message Modification
• If an attacker launches a man in the middle attack and modify a message.
Then attacker could lead the caller to connect to malicious system.
SIP CANCEL / SIP BYE
SIP Denial of Service
• In SIP attacker creates a bogus request that contained a fake IP address
and Via field in the SIP header contains the identity of the target host.
23/05/2008 15
16. Media Layer Attaks
Eavesdropping
SSRC collision
• If an attacker eavesdropp the conversation and uses one’s peer SSRC to
send RTP packet to other peer, it causes to terminate a session.
23/05/2008 16
17. Security Solutions
Two types of security solutions
• End-toEnd security
• In SIP end points can ensure end-to-end security to those messages
which proxy does not read, like SDP messages could be protected
using S/MIME.
• Media is transferred directly, so end-to-end security is achieved by
SRTP.
• Hop-by-hop security
• TLS, IPSec.
23/05/2008 17
18. Authentication
Authentication means to identify a person.
If we take SIP as signaling protocol in VOIP, it defines two
mechanisim for authentication
• HTTP digest authentication
• S/MIME
HTTP Digest Authentication
• HTTP digest mechanisim used between users to proxies, users to
users but not between proxies to proxies.
S/MIME
• S/MIME uses X.509 certificates to authenitcate end users in the
same way that web browsers uses them.
23/05/2008 18
20. Confidentiality
Confidentiality is a term defined to make communication
session private. Confidentiality is achieved by encryption.
Two ways of achieving
• Tranport Layer Security (TLS)
• IPSec
IPSec uses to protect SIP messages at network layer. IPSec
Encapsulation Protocol (ESP) or Authentication Header (AH)
must provide confidentiality on hop-by-hop basis.
TLS provide transport layer security over TCP. Normally SIP
URI is in the form of sip:abc@example.com, but if we are using
TLS then SIP URI will be sips:abc@example.com and signaling
must be send encrypted.
23/05/2008 20
21. Media Encryption
In VOIP media is send directly between users using RTP.
Encryption of media is achieved by
• IPSec
• Secure RTP (SRTP)
• It provides a framework for encryption and message authentication of RTP
and RTCP.
• Cipher Algorithum: AES
• Authenitcation is an optional feature.
• SRTP uses Security Description for Media Streams (SDES) algorithum to
negotiate session keys in SDP.
• MIKKEY
• Mikkey provides its own authentication and integrity mechanisim.
• Mikkey messages carried in a SDP with a=key-mgmt attritbute.
• ZRTP
• ZRTP also describes an extension header for RTP to establish a
session key for SRTP.
23/05/2008 21