Blue Box Special Edition #23 is now available for download. In this podcast I sat down with Bob Bradley from Sonus Networks to talk about their products and solutions, how they secure customers networks and how they are different from other similar products in the market. I believe you’ll find it an interesting and useful introduction to the company.
If any of you reading this are at the Mobile World Congress (formerly “3GSM”) in Barcelona, Spain, this week, VOIPSA Secretary (and Blue Box co-host) Jonathan Zar is there as well. If you are there, please do drop him an email as (schedule permitting) he is always interested to meet up with others interested in VoIP security.
After a bit of a production hiatus, Jonathan and I are back with Blue Box Podcast #75 where we talk about the VoIP security news back in early January. We talked about the Asterisk vulnerability out then, the SANS white paper on VoIP security, several other news items and a ton of listener comments. More information is available in the show notes.
As we’ve discussed both here and on Blue Box, the issue of securing the keys for Secure RTP is one of the remaining challenges to have secure voice transmission in the open standards world of SIP. Out of the large number of proposals to secure the key exchange, “DTLS” emerged as the choice of the IETF… but it still had the issue that an endpoint needed to be sure of the authenticity of the other endpoint’s certificate. SIP Identity (RFC 4474) and a draft “Identity-Media” from Dan Wing addressed the authenticity issue but broke in some common network configurations. Now Kai Fisher has put out an Internet Draft called “End-to-End Security for DTLS-SRTP” that proposes a mechanism to address that. In the post to the SIP mailing list, Kai explains the motivation:
I have submitted a draft proposing a solution to secure a DTLS-SRTP handshake and hence SRTP end-to-end (in terms of end-domain to end-domain). As discussed during the last IETF meetings and analyzed by Dan’s Identity-Media draft, current solutions like SIP Identity do not protect the authenticity of the fingerprint end-to-end in certain inter-domain scenarios. For example, a modification of SDP m-/c-lines or the From header field by intermediaries breaks the SIP-Identity or Identity-Media signature and causes a re-signing by a domain different to the originating one. The draft proposes a solution for such scenarios without the need to re-sign during domain traversal and which preserves the original identity information.
The abstract to the draft provides more info:
The end-to-end security properties of DTLS-SRTP depend on the authenticity of the certificate fingerprint exchanged in the signalling channel. In current approaches the authenticity is protected by SIP-Identity or SIP-Identity-Media. These types of signatures are broken if intermediaries like Session Border Controllers in other domains change specific information of the SIP header or the SIP body. The end-to-end security property between the originating and terminating domain is lost if these intermediaries re-sign the SIP message and create a new identity signature using their own domain credentials.
This document defines a new signature type ‘Fingerprint-Identity’ which is exchanged in the signalling channel. Fingerprint-Identity covers only those elements of a SIP message necessary to authenticate the certificate fingerprint and to secure media end-to-end. It is independent from SIP-Identity and SIP-Identity-Media and can be applied in parallel to them.
More details can, of course, be found in the draft. As noted in the post to the SIP mailing list, Kai is looking for feedback. This is an important issue to get done – and to get done correctly – so we strongly urge people to take a look at the document and provide feedback if you see ways the proposal can be improved.
Many of you probably have seen Sipera’s Top 5 VoIP Security threats for 2008.
VoIP-News has an article about that list, but they have added quite of few links that provide further information.
[If anyone saw the previous post before it got deleted, I apologize. I didn’t recognize the list until after I published the post]
Want to get together with others and discuss in further detail what we can do about Spam for Internet Telephony (SPIT)? A new session has been approved for the IETF 71 meeting coming up in Philadelphia in March called “Reducing Unwanted Communications using SIP” a.k.a. “RUCUS” (Hey, it’s not a real IETF group until it has a cute acronym!) Hannes Tschofenig, who submitted the proposal, has created a RUCUS web page and is looking for feedback. The page says in part:
The topic of dealing with unwanted traffic in SIP has surfaced several times in the IETF in the context of preventing Spam for Internet telephony. Previous attempts to have a structured discussion about this topic have (among other reasons) failed due to the strong focus on selected solution approaches.
Prior work in SIP on identity management has an important role in this activity since a strong identity mechanism in SIP has been seen as a prerequisity for establishing authorization policies. Hence, the “Discussion and Analysis of SIP Identity” (DASI) BoF is relevant for this event. Even though there is no direct dependency between the two activities the number of interested participants will quite likely overlap.
This BoF focuses on the discussion of architectural aspects. The underlying theme is that the work on building blocks is more fruitful once the larger framework is understood. A number of solutions components have been submitted to the IETF, have been published in the academic literature and found their way into other standardization bodies. Reduce unwanted communication requires authorization decisions to be made. These decisions can be made based on individual sessions but also on the interaction at a higher granularity (e.g., the interaction with a specific VoIP provider network). Examples of questions with relevance for an architecture might be:
– Where does information for decision making come from?
– What are useful information items for decision making?
– Where are policy decision points located? What about the placement of
policy enforcement points?
– Are privacy aspects to consider with the exchange of information?
– How does the underlying trust model look like?
– What assumptions are certain mechanisms based on?
– Can individual proposals be combined in a reasonable way?
It is not the aim of the BoF to discuss specific solution approaches since it is likely that multiple techniques have to be used in concert.
If you are attending IETF 71 in Philadelphia in March, do plan on joining in the RUCUS! (I’ll be there.)
The UK’s National Codes Centre recently ran a competition for amateur codebreakers to try their hands on breaking one of the original WW2 codes (Lorenz Cipher) using modern PC hardware. The National Codes Centre at Bletchley Park (known as “Station X” during the war) is a museum and heritage site for early computing as well as codebreaking. In a nice irony, the winner of the competition was a German programmer, Joachim Schueth, who ran his software on a 1.4 GHz laptop with NetBSD as the O/S, beating the original Colossus codebreaker by a factor of hours. The original Colossus could break the code in 3 hours and 15 minutes, whereas Schueth’s code took just 46 seconds.
On the performance difference, Schueth himself said: â€œMy laptop digested ciphertext at a speed of 1.2 million characters per second â€“ 240 times faster than Colossus. If you scale the CPU frequency by that factor, you get an equivalent clock of 5.8 MHz for Colossus. That is a remarkable speed for a computer built in 1944. Even 40 years later many computers did not reach that speed. So the Cipher Challenge would have been very much closer had it taken place 20 years ago.â€ That’s right, not GHz, but MHz. The original Colossus was not so much a Pentium, but rather a Z80.
At Bletchley Park, they have a working Colossus which was lovingly rebuilt over many years by a team of enthusiasts, with help from some of the original designers. The Colossus MKII can be seen working by visitors to Bletchley Park.