[VOIPSEC] VoIP Attack : How feasible
Geoff Devine
gdevine at cedarpointcom.com
Tue Jul 25 10:53:42 CDT 2006
John DePietro writes:
> I my opinion even though TLS (SIPS, HTTPS, S/MIME) and SRTP provide
> better end-to-end security; are optional for wireless standards
> (3GPP, 3GPP2 and WIMAX), they do not fit as economically as IPSEC
> from a network equipment deployment perspective, yet!
My ongoing issue with TLS is the technical difficulty of making TCP
redundant in a fully scaled carrier-class environment. If you don't
make it redundant, you end up having storms of TCP SYN and TLS
authentication messages whenever you have a node failure or an access
network failure. This blows any five 9's availability requirement out
of the water. I believe the 3GPP approach is the correct one... put SIP
on a diet so it fits within an MTU and you can use UDP. Run transport
mode IPSec which is very straightforward to make redundant. Sadly,
SIGCOMP is an unfortunately complex way of putting SIP on a diet. We
need to invent a better "binary SIP" compression standard.
I think TLS is somewhat better when used inside the core where you have
a much smaller number of connections/sockets and don't face the
initialization/restart storm problem. TCP is a little worrying to use
in the core since a few dropped packets can cause flow control to be
invoked on mission-critical signaling. SCTP is a better transport and
is less prone to this problem.
SRTP is fairly straightforward to make redundant in a carrier-class
media gateway. The only tricky bit is dealing with RTP sequence number
wrap for a codec that uses silence suppression/voice activity detection.
Geoff Devine
Chief Architect
Cedar Point Communications
More information about the Voipsec
mailing list