[VOIPSEC] An issue of trust?

Randell Jesup rjesup at wgate.com
Sat Jun 17 02:03:27 CDT 2006 

"Hank Cohen" <hcohen at hifn.com> writes:
>Why do we expect better security for our VoIP calls than for PSTN calls?
>Clearly there is no cryptographic security in the PSTN.  Also clearly
>the service providers aren't to be trusted very far.  The point is that
>we are willing to take the chance because it is fairly difficult to gain
>physical access to install a bug or tap and because the service
>providers haven't developed a track record of allowing criminals to tap
>lines.  (I defer the question of criminality w.r.t. the
>constitutionality of wiretaps under Presidential order.)  

This is a good point.  As you mention later, VoIP doesn't have the
sort of physical security that the PSTN has (and as you say, the PSTN's
physical security doesn't protect you against the government - or someone 
with a lineman's set).

Note also that when there's little "cost" associated with security,
people do expect it - witness that almost all cordless phones have at
least minimal security (for the radio link).

>My belief is that it is easier for hackers and script kiddies to gain
>access to IP calls and that it is these threats that we must defend
>against.  We haven't seen many exploits against VoIP yet but we all know
>that the system is vulnerable and would prefer to harden it up before
>some clever hacker develops an effective exploit and then distributes
>the tools to the script kiddies and common criminals.

Darn straight.  Not only direct attacks, but indirect attacks via service
providers (and, ironically, via the same mechanisms that CALEA and the
like force service providers to add and make easy to access).

>In any case if VoIP over broadband is ever
>to take off in the consumer market it must be as easy to use as a
>telephone and I don't think Skype is there yet.  (I might be wrong
>though, I'm not  a Skype user.)  Certainly a computer based softphone
>and Zphone is not as easy to use as the telephone.  In fact no piece of
>software running on a PC or even a Mac is as easy to use as the
>telephone.

Yup.  That's part of why ATAs are popular, and why our videophone
(hardphone) has a cell/POTS-type handset/keypad, and doesn't have a zillion
options.

>Also any call with at least one end in the PSTN can not be
>encrypted end to end

PSTN gateways usually don't do encryption, since they're so focused on
density (channels/device).  (Do any of them do encryption?)  In the medium
to long term, increasing number of calls (especially to/from/in certain
countries) will be IP<->IP.

>.  Anyway I am assuming that  the mass market will
>look more like Vonage or IMS than like Skype or Zphone.  In that case
>the cryptography must be provided by the gateway vendor and service
>provider.  And that is where legal intercept becomes an issue.  Although
>Phil Zimmerman may be able to duck scrutiny from the Department of
>Justice it is unlikely that Vonage can, nor ATT, nor Siemens nor,
>ultimatley, can Skype.

Agreed, mostly.  The interesting part will come with how user-supplied 
endpoints (soft or hard) will be dealt with.  Will SIPPhone or FWD be
required to refuse service to secure end-to-end phones?  Or be forced
to run all streams through security-blocking proxies?  (Which will
seriously degrade service quality, and fundamentally there are too many
ways to get around this if customers/UA-makers want to.)

>So I guess that I don't think that we need absolute end to end security
>for calls.  What we need is to protect calls that go over risky
>networks, and that basically means the IP portion.  And it is not
>necessary that the user have access to the key exchange.  The security
>needs to be there to keep criminals out not to subvert the legitimate
>needs of law enforcement (again I pass on the question of the
>criminality of government.)

I'm not sure I'd agree with much, if any of your conclusions, however.
Partly this is due to the last issue you mention, but also that "legitimate
needs of law enforcement" creates the very holes that hackers and script
kiddies (and corporate espionagers) will eventually exploit.

-- 
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
"The fetters imposed on liberty at home have ever been forged out of the weapons
provided for defence against real, pretended, or imaginary dangers from abroad."
		- James Madison, 4th US president (1751-1836)

More information about the Voipsec mailing list