[VOIPSEC] An issue of trust?

Hank Cohen hcohen at hifn.com
Fri Jun 16 02:07:38 CDT 2006 

I wonder if we are loosing sight of the purpose of security.

Why do we expect better security for our VoIP calls than for PSTN calls?
Clearly there is no cryptographic security in the PSTN.  Also clearly
the service providers aren't to be trusted very far.  The point is that
we are willing to take the chance because it is fairly difficult to gain
physical access to install a bug or tap and because the service
providers haven't developed a track record of allowing criminals to tap
lines.  (I defer the question of criminality w.r.t. the
constitutionality of wiretaps under Presidential order.)  

To evaluate the security measures required and what price we are willing
to pay we must understand the threat that we want to defend against.  We
should ask, "What are the threats to VoIP traffic that are different
from PSTN traffic?"

My belief is that it is easier for hackers and script kiddies to gain
access to IP calls and that it is these threats that we must defend
against.  We haven't seen many exploits against VoIP yet but we all know
that the system is vulnerable and would prefer to harden it up before
some clever hacker develops an effective exploit and then distributes
the tools to the script kiddies and common criminals.

End to end cryptographic tunnels are very effective and will definitely
protect our calls. I assume that the endpoints are secure but as the
recent thread on the security of softphones indicates this might not be
a well founded assumption.  In any case if VoIP over broadband is ever
to take off in the consumer market it must be as easy to use as a
telephone and I don't think Skype is there yet.  (I might be wrong
though, I'm not  a Skype user.)  Certainly a computer based softphone
and Zphone is not as easy to use as the telephone.  In fact no piece of
software running on a PC or even a Mac is as easy to use as the
telephone.  Also any call with at least one end in the PSTN can not be
encrypted end to end.  Anyway I am assuming that  the mass market will
look more like Vonage or IMS than like Skype or Zphone.  In that case
the cryptography must be provided by the gateway vendor and service
provider.  And that is where legal intercept becomes an issue.  Although
Phil Zimmerman may be able to duck scrutiny from the Department of
Justice it is unlikely that Vonage can, nor ATT, nor Siemens nor,
ultimatley, can Skype.

So I guess that I don't think that we need absolute end to end security
for calls.  What we need is to protect calls that go over risky
networks, and that basically means the IP portion.  And it is not
necessary that the user have access to the key exchange.  The security
needs to be there to keep criminals out not to subvert the legitimate
needs of law enforcement (again I pass on the question of the
criminality of government.)

Regards,
Hank Cohen
Hifn

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org 
> [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Tyler Johnson
> Sent: Thursday, June 15, 2006 5:35 PM
> To: Ron_Cramer at cargill.com; Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] An issue of trust?
> 
> You can't. That's why you have to implement security at the 
> application 
> layer. That means end to end encryption of media an 
> signaling. However, US 
> regulations for CALEA break that. If you do hop to hop 
> security you really 
> don't have any assurance of security beyond the next hop 
> unless you are in a 
> limited federation, but that doesn't scale to the whole Internet.
> 
> I think the bottom line is to work to get coherent policy 
> implemented at the 
> federal level in the U.S.
> 
> The other possibility is to think about a new protocol that 
> is designed with 
> security from the ground up, with wiretap in mind. H.325 offers an 
> opportunity here, I think. I don't think it's going to work 
> to reverse 
> engineer this into SIP or H.323.
> 
> 
> ----- Original Message ----- 
> From: <Ron_Cramer at cargill.com>
> To: <Voipsec at voipsa.org>
> Sent: Thursday, June 15, 2006 6:46 PM
> Subject: Re: [VOIPSEC] An issue of trust?
> 
> 
> > It appears I should clarify my question in regards to a 
> Telecom Service 
> > Provider
> > vs an Internet Service Provider.
> >
> > Based on my experience, many enterprises would choose to 
> trust telecom 
> > service providers
> > to keep data traffic private on a traditional layer 2 
> service such as 
> > frame relay or voice
> > services on POTS.  And, would choose not to trust Internet based 
> > communication, but to
> > mitigate the Internet based risk with firewalls, encryption 
> tunnels, etc.
> >
> > Part of the logic used to differentiate between these two 
> choices was that 
> > the traditional layer 2
> > services provided separation between the virtual private 
> networks of the 
> > many customers serviced
> > by the Telecom Provider.  Since the packets are being 
> forwarded at layer 2 
> > the Telecom Provider
> > had no awareness of anything related to the Internet 
> Protocol.  This also 
> > meant that the
> > Telecom Service Providers customers could not use IP based 
> attacks against 
> > the carrier infrastructure.
> >
> > As Telecom Service Providers move to offer IP-ware services 
> - MPLS, VoIP 
> > or whatever
> > the Telecom Service Providers are vulnerable to IP based 
> attacks.  I know 
> > there
> > are many papers that state MPLS *can* be deployed with the 
> same level of 
> > security
> > as a layer 2 service, but how can I *trust* the Telecom 
> Service Provider 
> > will invest
> > the effort to operate a secure MPLS network.  Or, VoIP, or whatever?
> >
> > Thanks and regards,
> >
> > Ron
> >
> >
> >
> > -----Original Message-----
> > From: Cramer, Ron - Ron_Cramer at cargill.com
> > Sent: Thursday, June 15, 2006 1:19 PM
> > To: 'Voipsec at voipsa.org'
> > Subject: An issue of trust?
> >
> >
> > The issue of trust for your Telecom service provider,
> > either traditional or VoIP based seems to be a fundamental
> > component for secure communications.
> >
> > Can anyone identify an industry standard that an
> > Enterprise can use to establish trust with a Telecom
> > vendor?  Something with well established decision
> > criteria, not just a high level guide to performing a
> > risk assessment.
> >
> > Thanks in advance,
> >
> > Ron
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> > 
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
>

More information about the Voipsec mailing list