[VOIPSEC] Actual Attacks

Simon Horne security at isvo.net
Thu Feb 24 10:39:47 CST 2005 

At 10:36 PM 24/02/2005, you wrote:
> > No problem, but I thought sRTP was designed to do key Exchanges (SA) "In
> > Band" with the option of "out of band". So really there is little
> > difference with encrypting the RTP payload
> > and using sRTP with 'out of band SA' (ok sRTP has other things but
> > basically).
>With SIP, you send keying in the SDP, which you protect with TLS and/or
>S/MIME.

As I understand it can also be sent in the header of sRTP.

> > >As long as hop-by-hop security is acceptable, we have this.
> > >S/MIME for end-to-end also works, but as with most cert based systems, is
> > >highly questionable usefulness because of the lack of a global PKI
> >
> > This was my point, end to end. There needs to be an authentication element
> > that is sent, which is unaffected by intermediaries, that utilises a PGP
> > "web of trust" model or certificate authority chains (not necessarily a
> > Global PKI) to authenticate the caller.
>
>"Web of Trust" is a failed concept.  It works, but we have not been able to
>successfully deploy in a large scale.

Give you that.

>Certificate authority chains work only within an enterprise.  We have not
>really made them work well outside of that.

I'm confused? How does SSL work in your web browser? Verisign, Thwate etc 
CA Chain certificates are loaded in you web browser and the Web Site 
certificates (from whoever) are authenticated against the CA Chains in your 
Web Browser. No Difference. Various vendor CA can be deployed within VOIP 
devices to validate various vendor certificates.

>However, S/MIME, in general, cannot be used in most domains because of SBCs
>and firewalls, so I don't think you will see it deployed.
>
>It's also not entirely clear to me that end to end is what you want.
>Actually, you usually want to make sure that whozit is actually whozit, and
>that requires that you go through the proxies that can authenticate whozit.
>You can't because there is no reasonable PKI per the above.  They can,
>because within a domain, it is possible to use good authentication.

Of course this would be true for a small Network but in a big open 
multi-vendor network, your intermediary security is less robust because you 
can't necessarily trust the callers network (if it has one). Users can 
exercise their own degree of Call Control (screening) by authenticating the 
incoming caller and implementing their own personal security policy. (ie. 
like only accepting calls from callers in a list)  If SPITers compromise 
you network they can't do much because they won't pass the Callee's Caller 
Authentication. If they
manage to compromise the PKI, their certificates can be easily revoked. 
assuming callee is OCSP-enabled they are only a pest for a little while.

>I personally think the signaling security is much more important than the
>media security, but both is best, we'd all agree.

I rather be able to screen my calls and have call encryption then worry 
about whether the signalling is secure. Of course I'm looking at it from a 
users point of view. :) But totally
agree that both should be addressed just as much.


Simon

More information about the Voipsec mailing list