Category:HowTo:SRTP

From Snom User Wiki

Jump to: navigation, search

By Ahmar Ghaffar

Contents

Introduction

With most major telecommunications carriers currently in the process of readying Voice-over-IP (VoIP) services for mass deployment, it’s clear that IP telephony is finally headed for prime time. However, the promise of mass VoIP consumption also increases the risk for widespread security violations, spawning a new sense of urgency to plug potential security holes now before hackers wreak havoc on corporate voice networks. Until now, VoIP security has been easily overlooked by the charm of this new technology and the extensive features it promises to provide. Security hasn’t been a particularly volatile subject since in the past most IP voice traffic remained on local and wide area enterprise networks, which were more or less secure and protected from the public internet. But as VoIP usage is becoming widespread and Internet telephony is coming into play, enterprises and home users are becoming subject to the same security risks that have affected data networks for decades, hence opening the door into a whole new realm of security risks. This is largely due to the fact that next-generation voice networks are IP based and all IP protocols for sending voice traffic contain flaws.

Who is at risk?

An Internet environment can be considered particularly hostile for VoIP deployments for a number of reasons. Most important is that attacks are not traceable and the whole network is exposed to all sorts of spoofing and sniffing. There have never been enough safeguards and protection in an Internet environment for it to be considered safe, and the potential immunity to danger of devices communicating on the Internet makes security threats commonplace. This signifies that any VoIP device communicating insecurely in an internet environment is at the risk of security breaches. What sorts of vulnerabilities exist? Let's start with the basics. Because most VoIP traffic over the Internet is unencrypted, anyone with network access can listen in on conversations. Eavesdropping is one of the most common threats in a VoIP environment. Unauthorized interception of audio streams and decoding of signaling messages can enable the eavesdropper to tap audio conversations in an unsecured VoIP environment. In simple words imagine John in the mailroom overhear your CEO and HR director discuss the latest round of layoffs. Or how about listening to Bob giving his credit card number to an airline booking attendant? All he needs is a packet capture tool (freely available on the internet) and start capturing voice traffic on the network. Then he can save it in a nice wav file and take it home. Convenient isn’t it?

RTP Stream Analysis

But that's just the start. Hackers can spoof SIP messages and IP addresses and hijack whole conversations. The attacker could masquerade as a user, forging the real identity of the client implying that the receiver cannot be sure of the identity of the transmitter. Sounds interesting? Or imagine a man-in-the-middle attack where your customer ends up talking to an organized crime syndicate masquerading as your telesales group. Your customer's credit cards, personal information, maybe even Social Security number, gone in a flash. And better still he thinks he talked to your telesales group whereas they never actually got to talk to him. Or what about denial of service? An attacker can bombard a VoIP server or voice-gateway device on the Internet with inauthentic packets. This sort of attack will flood the server with requests and make the services it provides unavailable to legitimate users. A hacker could easily flood your SIP server with bogus requests, making it impossible to send or receive calls. Or how about replay attacks? Imagine a hacker spamming a 4MB file to 4,000 phones? Or transmitting 500 bogus voice mail messages instantly? It can be done. Or imagine having your phone ring forever. You pick up, no answer, hang up, and it rings again. The only way to stop it is to remove the battery. Or throw it out of the window?

What are the alternatives?

VoIP traffic can be classified into call signalling, call control, and media communications. Depending on the VoIP protocol and policies used, these communications may use either one channel or many different channels. Channels are TCP/UDP connections between two network elements. On security point of view, all these connections may need to be secured, i.e. authenticated and encrypted. Some of the mechanisms which may provide security in a VoIP environment are:

  • Authorization
  • Authentication
  • Transport Layer Security (TLS)
  • Media encryption (SRTP)

VoIP call signaling and call control can be secured by implementing some form of Authorization, Authentication or Transport Layer Security (TLS/SSL) mechanism.

Authorization

Authorization implies that the devices might be configured in a way to allow traffic from only a select group of IP addresses. This mechanism somewhat shields the device from denial-of-service attacks. Authentication Authentication may require two communicating VoIP devices to authenticate each other before the actual communication starts. This mutual authentication might be based on a shared secret which is known a prior, making it difficult if not impossible for an attacker to masquerade identities.

Transport Layer Security (TLS)

Transport Layer Security can provide a secure communication channel between two communicating entities. The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. A device incorporating TLS can be configured to allow only secure SIP signaling with other devices. This mandates that the client first sets up a TLS/SSL connection to the server and then exchanges encrypted SIP messages with it on the secure connection. Since this secure communication is based on a shared secret known only to the server and the client, this mechanism makes it very difficult and again if not impossible for an eavesdropper to view, manipulate, or replay the messages exchanged.

Media Encryption (SRTP)

Media communications can also be secured by incorporating some form of encryption mechanisms. VoIP phones may encrypt audio streams via SRTP (Secure Real-time Transport Protocol). SRTP is a security profile for RTP that adds confidentiality, message authentication, and replay protection to that protocol. SRTP is ideal for protecting Voice over IP traffic because it can be used in conjunction with header compression and has no effect on IP Quality of Service. It creates a unique key stream for each RTP packet, therefore making it almost impossible for eavesdroppers to retrieve the original RTP stream from the encrypted SRTP stream. SRTP also provides replay protection which is undoubtedly important for multimedia data. Otherwise, it would be possible for an adversary to perform simple manipulations on data that subverted security. For example, in a voice application, the phrase "yes" could be substituted for "no" if replay protection is not present.

SRTP achieves high throughput and low packet expansion by using fast stream ciphers for encryption, an implicit index for synchronization, and universal hash functions for message authentication. SRTP shows to be a suitable choice for the most general scenarios as well as the most demanding ones.

SRTP header

The main security goals of SRTP are to ensure:

  • the confidentiality of the RTP payload,
  • the integrity protection of the entire RTP packet, including protection against replayed RTP packets, and
  • implicit authentication of the header

By using 'seek able' stream ciphers, SRTP avoids the denial of service attacks that are possible on stream ciphers that lack this property


What do we offer?

snom 3x0/snom8xx

Secure audio stream using snom phones

This new range of snom phones provides secure SIP signaling via TLS and audio stream encryption incorporating SRTP (Secure Real-time Transport Protocol). SRTP is a security profile for RTP that adds confidentiality, message authentication, and replay protection to that protocol. SRTP is ideal for protecting Voice over IP traffic because it can be used in conjunction with header compression and has no effect on IP Quality of Service. These factors provide significant advantages, especially for voice traffic using low-bit rate voice codecs such as G.729. snom phones provide TLS-based SIP signaling (SIPS) with a SIP proxy server and audio stream encryption using secure RTP based on 128-bit AES. SIPS not only prevents message manipulation and eavesdropping, it also assures the proxy server of the identity of the client snom phone. Hence identity spoofing threats are also subdued by this mechanism. snom phones uses AES in counter mode (AES-CM) for secure RTP. AES-CM creates a unique key stream for each RTP packet, making it almost impossible for eavesdroppers to retrieve the original RTP stream from the encrypted SRTP stream.

A Secure VoIP system

A secure VoIP system

Using snom phones in conjunction with a TLS/SRTP enabled PBX provides a secure VoIP environment that is not vulnerable to security risks involved in internet telephony. This telephony setup not only maintains the integrity of the SIP signaling messages exchanged, but also provides encrypted audio streams, providing high-end security against eavesdroppers and tapping. TLS/SRTP feature of the snom phones is interoperable with a number of PBX vendors including PBXnSIP, Asterisk and Ingate.

This category currently contains no pages or media.

Personal tools
Interoperability