[VOIPSEC] Using SRTP for University project

Randell Jesup rjesup at wgate.com
Mon Mar 27 23:47:41 CST 2006 

"Hadriel Kaplan" <HKaplan at acmepacket.com> writes:
>> An end system has no way of knowing what devices are handling the
>> call message.  So you are in fact in a world of hurt if you want a
>> secure end-to-end phone call when the message is routed through
>> unknown and unknowable intermediate systems.
>
>Yup, of course.  An end system only knows its local tls hop, and has to
>trust that the intermediate systems follow sips rules.  The rub is
>definitely that they rely on transitive trust, and if the chain-of-trust is
>broken they're in trouble.  My only point was if the chain is broken they're
>in trouble anyway, because their signaling says a lot, and can be
>manipulated, spoofed, rejected etc. (of course that's a generalization, but
>I think you get my point)  If you don't want it going through intermediate
>systems, don't send it through the first one you don't control.
[snip]
>> If you are going to rely on sips for security, then you need to
>> explain how one can control or even detect which proxies handle the
>> calls, at minimum.  I haven't heard such an explanation.  
>
>There is no way to detect the proxies or control them (part of the point is
>their owners don't want you to).  You have to trust the owner.  If you don't
>trust them, then I don't know why you'd want to use them.

There's trust, and then there's trust.  For example: I trust my phone
provider to route my calls to my bank and not a scammer, but I don't
trust them to stop a government agency from wiretapping me, even without
a warrant...  And even here, while I trust them to not route me to a
scammer on purpose, I might not trust their network security - they might
have been hacked and their servers compromised.  If the signalling is
in-the-clear across (or in) ANY of their networks/servers, it's only as
secure as their entire network.  One keylogger/trojan/virus on the wrong
IT admin's machine, or 0-day MS exploit, and... poof.  When I call my
bank's customer service, and have to give my account, SS#, password, etc
in order to talk to a human, that could all be tapped by a scammer.
Or critical business negotiations might be tapped by a rival or competitor.

So establishing end-to-end trust where possible is important, even if it's
imperfect.  Each link should be authenticated and encrypted if possible,
and there should be end-to-end authentication/encryption.  Media proxies
(SBCs) want to modify SDP (IP's, ports, etc).  Given that, unless you
provide a way for proxies to add their requests without modifying the part
with the original SDP (and that would be lots of fun for compatibility...),
you'll have to either live without media proxies/SBCs or give up
authentication/protection of the entire SDP - but you can still
authenticate the endpoint, modulo the entire PKI/ZRTP/keychain/etc
certificate mess.

-- 
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
"The fetters imposed on liberty at home have ever been forged out of the weapons
provided for defence against real, pretended, or imaginary dangers from abroad."
		- James Madison, 4th US president (1751-1836)

More information about the Voipsec mailing list