[VOIPSEC] An issue of trust?

Andre Fucs de Miranda afucs-listas at mandicmail.com
Fri Jun 16 12:29:41 CDT 2006 

Gentlemen,

Security is not related to traffic, it's related to USER (pvt or business)
and regulation requirements; nothing more. The reality is that skype it's not
"secure" simply because you have no control over the encryption. Period. I'm
sorry; it could be using the best martian military grade encryption. Still I
have no reason to choose Skype or any other comercial or foreign company as a
trusted party.

I agree when you say that we are moving to a IMS-like technology and Skype is
just a step towards this. Probably, even Skype will change with time; they
already did that inserting video support.

We must understand the concept of security goes far beyond "privacy". Even
when the ITU describes the security objectives for a telecommunications
network, privacy is only one of the 9 objectives. They are described as:

"Telecommunications networks should provide privacy at the level set by the
security policies of the network".

No wonder why you don't expect that your telecom provider will offer you any
kind of encryption on your POTS loop and probably half of the GSM providers
in the world don't offer the available privacy features of the GSM
technology.

If you really wants encryption on your PSTN go buy yourself a Digital Voice
Encrypter If you don't trust them, change for ISDN and you may get more
crypto performance using the two data channels together. The same will happen
with IP.

I've noticed that we are facing a new "fear of IP" wave but both PSTN and
SS7, as IP, were not designed with this "privacy obsession". Privacy is just
part of equation that as usual includes accountability, availability and
integrity.

It mind sound as "high level risk analysis" but at the end of the story the
so famous AT&T M. Luther King Crash, probably US's worst phone catastrophe,
happened due to a software bug instead of phreakers and script kids.

Best regards

--
Andre Fucs
http://www.fucs.org/portugues/

---- Mensagem Original ----
From: "Hank Cohen"
To: "Tyler Johnson" , Ron_Cramer at cargill.com, Voipsec at voipsa.org
Sent: Sex, Junho 16, 2006 4:07 am
Subject: Re: [VOIPSEC] An issue of trust?
> I wonder if we are loosing sight of the purpose of security.
>
> Why do we expect better security for our VoIP calls than for PSTN calls?
> Clearly there is no cryptographic security in the PSTN.  Also clearly
> the service providers aren't to be trusted very far.  The point is that
> we are willing to take the chance because it is fairly difficult to gain
> physical access to install a bug or tap and because the service
> providers haven't developed a track record of allowing criminals to tap
> lines.  (I defer the question of criminality w.r.t. the
> constitutionality of wiretaps under Presidential order.)
>
> To evaluate the security measures required and what price we are willing
> to pay we must understand the threat that we want to defend against.  We
> should ask, "What are the threats to VoIP traffic that are different
> from PSTN traffic?"
>
> My belief is that it is easier for hackers and script kiddies to gain
> access to IP calls and that it is these threats that we must defend
> against.  We haven't seen many exploits against VoIP yet but we all know
> that the system is vulnerable and would prefer to harden it up before
> some clever hacker develops an effective exploit and then distributes
> the tools to the script kiddies and common criminals.
>
> End to end cryptographic tunnels are very effective and will definitely
> protect our calls. I assume that the endpoints are secure but as the
> recent thread on the security of softphones indicates this might not be
> a well founded assumption.  In any case if VoIP over broadband is ever
> to take off in the consumer market it must be as easy to use as a
> telephone and I don't think Skype is there yet.  (I might be wrong
> though, I'm not  a Skype user.)  Certainly a computer based softphone
> and Zphone is not as easy to use as the telephone.  In fact no piece of
> software running on a PC or even a Mac is as easy to use as the
> telephone.  Also any call with at least one end in the PSTN can not be
> encrypted end to end.  Anyway I am assuming that  the mass market will
> look more like Vonage or IMS than like Skype or Zphone.  In that case
> the cryptography must be provided by the gateway vendor and service
> provider.  And that is where legal intercept becomes an issue.  Although
> Phil Zimmerman may be able to duck scrutiny from the Department of
> Justice it is unlikely that Vonage can, nor ATT, nor Siemens nor,
> ultimatley, can Skype.
>
> So I guess that I don't think that we need absolute end to end security
> for calls.  What we need is to protect calls that go over risky
> networks, and that basically means the IP portion.  And it is not
> necessary that the user have access to the key exchange.  The security
> needs to be there to keep criminals out not to subvert the legitimate
> needs of law enforcement (again I pass on the question of the
> criminality of government.)
>
> Regards,
> Hank Cohen
> Hifn
>
>> -----Original Message-----
>> From: Voipsec-bounces at voipsa.org
>> [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Tyler Johnson
>> Sent: Thursday, June 15, 2006 5:35 PM
>> To: Ron_Cramer at cargill.com; Voipsec at voipsa.org
>> Subject: Re: [VOIPSEC] An issue of trust?
>>
>> You can't. That's why you have to implement security at the
>> application
>> layer. That means end to end encryption of media an
>> signaling. However, US
>> regulations for CALEA break that. If you do hop to hop
>> security you really
>> don't have any assurance of security beyond the next hop
>> unless you are in a
>> limited federation, but that doesn't scale to the whole Internet.
>>
>> I think the bottom line is to work to get coherent policy
>> implemented at the
>> federal level in the U.S.
>>
>> The other possibility is to think about a new protocol that
>> is designed with
>> security from the ground up, with wiretap in mind. H.325 offers an
>> opportunity here, I think. I don't think it's going to work
>> to reverse
>> engineer this into SIP or H.323.
>>
>>
>> ----- Original Message -----
>> From:
>> To:
>> Sent: Thursday, June 15, 2006 6:46 PM
>> Subject: Re: [VOIPSEC] An issue of trust?
>>
>>
>> > It appears I should clarify my question in regards to a
>> Telecom Service
>> > Provider
>> > vs an Internet Service Provider.
>> >
>> > Based on my experience, many enterprises would choose to
>> trust telecom
>> > service providers
>> > to keep data traffic private on a traditional layer 2
>> service such as
>> > frame relay or voice
>> > services on POTS.  And, would choose not to trust Internet based
>> > communication, but to
>> > mitigate the Internet based risk with firewalls, encryption
>> tunnels, etc.
>> >
>> > Part of the logic used to differentiate between these two
>> choices was that
>> > the traditional layer 2
>> > services provided separation between the virtual private
>> networks of the
>> > many customers serviced
>> > by the Telecom Provider.  Since the packets are being
>> forwarded at layer 2
>> > the Telecom Provider
>> > had no awareness of anything related to the Internet
>> Protocol.  This also
>> > meant that the
>> > Telecom Service Providers customers could not use IP based
>> attacks against
>> > the carrier infrastructure.
>> >
>> > As Telecom Service Providers move to offer IP-ware services
>> - MPLS, VoIP
>> > or whatever
>> > the Telecom Service Providers are vulnerable to IP based
>> attacks.  I know
>> > there
>> > are many papers that state MPLS *can* be deployed with the
>> same level of
>> > security
>> > as a layer 2 service, but how can I *trust* the Telecom
>> Service Provider
>> > will invest
>> > the effort to operate a secure MPLS network.  Or, VoIP, or whatever?
>> >
>> > Thanks and regards,
>> >
>> > Ron
>> >
>> >
>> >
>> > -----Original Message-----
>> > From: Cramer, Ron - Ron_Cramer at cargill.com
>> > Sent: Thursday, June 15, 2006 1:19 PM
>> > To: 'Voipsec at voipsa.org'
>> > Subject: An issue of trust?
>> >
>> >
>> > The issue of trust for your Telecom service provider,
>> > either traditional or VoIP based seems to be a fundamental
>> > component for secure communications.
>> >
>> > Can anyone identify an industry standard that an
>> > Enterprise can use to establish trust with a Telecom
>> > vendor?  Something with well established decision
>> > criteria, not just a high level guide to performing a
>> > risk assessment.
>> >
>> > Thanks in advance,
>> >
>> > Ron
>> >
>> > _______________________________________________
>> > Voipsec mailing list
>> > Voipsec at voipsa.org
>> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>> >
>>
>>
>> _______________________________________________
>> Voipsec mailing list
>> Voipsec at voipsa.org
>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
>>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list