As I mentioned previously, I was down at the AstriCon conference a few weeks back where I spoke about VoIP security in general and how it applies to Asterisk in particular. At the end of my presentation, I did put forward some suggestions for where the Asterisk community could potentially focus to improve the product’s security. While I intend to put the slides and hopefully the recording online at some point soon, I thought I’d share with you all what I laid out as my suggestions:
- TLS-encrypted SIP – Of course, this needs SIP over TCP first…
- Secure RTP (SRTP) – There’s a patch that’s been around for quite some time, but it needs to be integrated into the main release. However, it’s not much good without the next item…
- SRTP Key Exchange – First an implementation of ‘sdescriptions” (although again that needs TLS-encrypted SIP) and then later DTLS or potentially ZRTP.
- Figure out the phone configuration mess – So that the web servers on the phones can be disabled. Auto-configuration is a start, but how secure are the config files?
- Identity – If we are to not be drowning in SPIT, one mechanism that seems pretty sure to factor in would be a way to assert the real identity of the sender. Leading candidate today appears to be RFC 4474 (SIP Identity).
- Watch out for the APIs and the apps – Always fun when a rolodex app can crash your phone system!
- Toll fraud – What specific tools are in Asterisk to prevent toll fraud? Can they be enhanced?
- Testing with tools – There are a ton of VoIP security tools out there. Can Asterisk be tested with those tools?
That was my list that I spoke about at AstriCon. Do you agree? Disagree? What would your list include?
Technorati Tags: asterisk, astricon, digium, security, voip, voip security
Pingback: Liquidmatrix Security Digest » Security Briefing: October 9th
Hi, I’m the developer of the SRTP+SDESC+MIKEY patch for Asterisk. I’d like to point out that this patch implements both SRTP (2) and a secure SRTP key exchange (3).
This patch supports two different key negotiation algorithms both standardized by IETF, “sdescriptions” (SDESC) which requires transport encryption as you mentioned. The other algorithm is MIKEY which doesn’t require additional transport encryption since the messages already are integrity protected, and the keys encrypted. MIKEY supports multiple methods: pre-shared, Diffie Hellman (DH), DH-HMAC, Public-key (RSA), and RSA in reverse mode (RSA-R). The patch is based on the minisip libraries, and uses DH-HMAC for outgoing calls.
Mikael
Pingback: Sugerencias para la seguridad en Asterisk at Mi Brain-Training Personal
Mikael,
Many thanks for providing that information. I was not aware that the SRTP patch also included the key exchange methods. Thanks for that information.
MIKEY is an interesting one. It has a great amount of capabilities, but it is being implemented by VERY few vendors. Largely the response I get back when I ask about it is that it is “too complex” and perhaps offers too many choices. Vendors seem to focus on sdescriptions for its utter simplicity, but it does assume transport encryption (and also has problems with forking and early media which we’ve discussed before).
Thanks for the info on what the patch does,
Dan
hi,
I would be very interested in your presentation about Security @ Asterik. Is it possible to get your presenation for download?
thanks for your answer.
kind regards
Martin
Pingback: Voice of VOIPSA » Blog Archive » “Hacking and Attacking VoIP Systems” - Slides from my Astricon 2007 presentation about Asterisk and VoIP security