Slashdot Mirror
VoIP Security
An anonymous reader writes "Whitedust are running an interesting article on the security aspects of VoIP. From the article: "The fact that VoIP operates across standard networks makes it vulnerable to all manner of IP hacking - including man in the middle attacks,sniffing, session hijacking, etc." Considering it's recent growth, how secure is VoIP?" PCM2 sent us a wired bit about Phil Zimmerman of PGP working on a privacy system for Voice over IP calling
I have never worried about man in the middle attacks on the internet. To be successful, it requires very good access to my ISP or the backbone carrier's network which is hard to do. Even if they can get that access all they can do is listen to my calls, have a chat with me and the other person or maybe hang up the call. Any attacker listening to my calls is going to get very bored very quickly. If they do the later two, it could cause them to get caught because I'll complain about the problem.
The only security problem I see is if the attacker can learn information that lets him make calls billed to my account. This becomes the VOIP vendors problem anyway. When I notice something wrong with the bill I'll do a chargeback on my credit card for the bill and simply change VOIP providers. If this happens a lot, the VOIP vendor will do something about their security problem.
Or am I missing something?
Cant we just stick to regular telephones? I dont want my 911 call to be interrupted by a denial of service attack...
Indeed. I have spoken about this before. In fact from TFA:
Considerating the stability and reliability of the tradional telephony networks - a product of decades of work - it seems foolhardy to replace it.
I couldn't agree more! All the power to people who use VoIP or cell phones as a primary line. But anyone who completely abandons POTS at this point is jumping off the diving board with no idea of how deep the water is. POTS is damn near 100% reliable (short of drunk guy hitting pole outside your house), it survives power outages and I don't think it can be brought down by a buggy TV in your neighbors house. A friend of mine lost Roadrunner and TW's digitial phone service for two days because of a TV next door that was leaking RF onto the coax network.
More to the point, if these services are going to be sold as a replacement for your POTS line then they damn well ought to be regulated like your POTS line -- with requirements for reliability and appeals processes if you get hosed.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Of course, now ask how many cable compaines are actually deploying fully PacketCable-compliant systems with all the security turned on the way it was designed to be.
Can't something like OTR (Off The Record messaging - http://www.cypherpunks.ca/otr/) be applied to SIP or IAX conversations? I know it was designed for slow, IM-type packet traffic, but the crypto is there. It can't be that hard :)
Since when have good old fashioned telephone systems been secure? I can't count the number of times I've picked up a neighbor's conversation from their cordless phone. Although I'll agree that the scope of the attack may be broader with VOIP (after all, my neighbors phone only puts out enough power to be picked up within a certain proximity), I think an expectation of privacy on any current phone system is a flawed assumption at best.
>POTS is damn near 100% reliable
My phone company charges $12 for my no-frills service. Somehow the bill I pay is $45 after all the fees and taxes. Those extra charges are the main reason I'm considering bailing from POTS to VoIP. They'll catch up sooner or later, but for a time, I can keep some of my money.
Heck I might have some cash to enter the sucker mill^H^H cell phone subscriber pool.
Considering I can walk up to 90% of the houses on the street. open up the phone box, and plug a lineman's handset (or anything else) into the phone line...how secure is the PSTN?
If you think the PSTN is really secure, you might want to look through some old issues of 2600...
-- OpenVerse Visual Chat: http://openverse.com
Folks, you have to remember that this article talks about the so-called nomadic voIP-services.
I've been using VoIP for the better part of two years now, and it's maintained by my ISP. I run it over the Ethernet hookup I have, and as far as functionality is concerned I hardly notice the difference from POTS.
Outages? I've had two. Once when my apartment lost power (thus the VoIP-box lost power) and once when some major link in my ISP's chain went down. As a matter of fact, I've had FEWER problems with VoIP than POTS. My ISP/Telco also didn't charge for the days (two) of outages, of course.
As for packet priority, I can max my line, and since the phone is a non-nomadic VoIP the sound is still crystal clear since the ISP uses traffic-shaping (or something) to always put priority on the VoIP-packets.
I enjoy large posteriors and I cannot prevaricate.
I wonder how long it will be until things like VoIP encryption is illegal to implement on the user-to-user end. Once the government catches wind via some wacked-out organization, they're going to be pushing legislation to ban such products - all in the name of preventing terrorism, of course.
Heck, my opinion is it's only because of the history of the open nature of computing that this industry is allowed to have encryptions like SSL where the government can't tap the line.
And if you don't believe me, see the recent treaty discussions going on in the senate right now that requires participating nations to take up laws which include wiretapping.
A community-oriented lyrics site
I have implemented this in a VOIP system before. It's really a nice solution because you can use a symmetric cipher that retains the size of the original packets and you can encrypt just the payload. You decrypt it right before it hits POTS and all of the other pieces of your network like packet scheduling or whatever -- anything that just looks at headers -- can operate unchanged.
I would have thought the obvious solution would be something like SIP over SSL {which should be easy enough to set up, if Asterisk doesn't already have such a feature}, but maybe I'm missing something obvious about SSL that would preclude it.
PGP-type encryption would be good {key servers, if you use them properly, are incredibly powerful: post your out-of-date private keys and now nothing you ever signed using any of them can be authenticated!}, but it isn't transparent.
Whatever solution is adopted, it must be network-transparent, and the user must have the right to view the source code. The Authorities no doubt would love us to be using something they can tap, on the basis of "protecting" us from terrorists and drug dealers; but if terrorists and drug dealers are known not to be using the system because they know it can be tapped, then there's no point tapping it in the first place!
Je fume. Tu fumes. Nous fûmes!
VoIP is *more* secure then your PSTN... with the PSTN any doofis with a butt-set can climb the pole outside your house... or worse yet go OUTSIDE your house and tap into your line.
With VoIP you have to actually be on the network.. and not just on the network.. but IN the packet stream.
Hacker A who is on a server off the switch can't listen to your conversation... they woudl have to interrupt the packet stream flowing through the router.
We work with a bunch of local phone vendors who always dictate that for site to site voip to be used, we need to setup a site to site VPN (or point to point circuit). It is my suspicion that they do this so that
1. they don't have to be bothered with trying to figure out what ports to forward on the firewall and
2. they have so much difficulty in troubleshooting their own systems that they love to blame everything on us.
In any event, I picked up the new o'reilly book on voip and they talk a lot about avoiding vpn as it creates lag. They also indicate that sending all of your QOS flagged traffic down a VPN tunnel eliminates the ability of the upstreams to "see" the QOS flags as they are encrypted. Anyone else have experience with this?
IPSec is a poorly designed entity. Among other things, it pulls crypto and complex key storage systems into Ring 0, breaks under interesting situations (try sending an ICMP ECHO REQUEST from and to ISAKMP-enabled hosts with key autodiscovery... key exchange will not work as ICMPs are mishandled; some implementations triggered an infinite loop at the protocol level that was only saved by giving up after a timeout), has oracle attacks against it (ICMPs emitted in response to errors in the tunnel mode are not sent encrypted), and has two subtly different sub-protocols which do different things (ESP and AH), each of which can operate in two modes (transport and tunnel) and exceptionally little design rationale.
Also IPsec doesn't authenticate the user, just the machine.
"Who could blame him [Phil Zimmerman] for laying low for a while after the Justice Department launched a three-year criminal investigation of him in 1993? Officials accused him of violating a ban on exporting cryptography when he made PGP available for download on the internet. The government finally dropped its investigation in 1996."
The Justice Department officials who "investigated" Zimmerman (persecuted him) set back the availability of privacy tech by at least half a decade, right when the Internet exploded into everyone's private and professional lives. They never found anything bad on Zimmerman, and crypto export restrictions were sensibly lifted in light of the extremely favorable cost:benefit to American economic security (the basis of all national security). But those officials, who did such damage, suffered no repercussions for their fruitless persecution of Zimmerman.
How long, after Zimmerman's VoIP privacy tech gets some buzz, will it take for some new Justice Department freak to target Zimmerman this time? With the context of "cyberterrorists", portrayed as "out of government reach" with Internet cryptophones, so easily saleable to the American public terrorized daily by government actions in the Terror War? Zimmerman's willingness to reenter that war, after being burned, shows that he's the kind of patriot that the government can only pretend to be when naming laws and missiles.
--
make install -not war
I implemented something like this on the Mac. Latency is of course the issue - it's a given... minimizing it is a tradeoff in CPU performance (Ie: smaller datum chunks = less latency, but more CPU demand). On G3, am getting 90 - 100 ms average, max theoritical limit is 85 ms, and 25% CPU usage using CoreAudio. Not that shabby actualy...
Most was written in Cocoa...
AES Rulz, but adds more CPU demand.. If coded properly, the additional encryption factor can parhaps add another 10 - 20 ms to the delay... still not bad. It beats the pants off of Skype, which sits about 250 - 550 ms depending on connection.
Choose your encryption method carefully.... so far, only AES and RC4 are suitable for VIOP real time encryption. I'm sure there are others I don't know about...
Usually much stronger encryption is used in call setup and authentication.
AIX is also becoming popular because it seperates signalling from the voice path - ALWAYS a good idea... ASK ATT about why "out of band" signalling is important as Capn Crunch once demonstrated with the blue box.
I care about security as much as the next guy but comparing POTS or even centrix security to VoIP is ridiculous. What about physical security that many have mentioned? I want to maintain 99.999 without having to worry about some jagoff with a backhoe whether he is driven by some virulent strain of Islam or is just a stupid ass. Much less a single leaky capacitor that has no backup system in place. So far it seems that even above ground, in my area, the ISPs have put more into redundant paths than the PSTN.
Hell, we ran into a single point of failure 120 miles away at a NOC on a cellular data network back haul router. Which took 6 hours to pinpoint by AT&T -> Sprint -> SBC -> Cingular -> AT&T/Cingular -> AT&T finger-pointing. At which point it was determined that the endpoint (AT&T GPRS private APN firewall router middleman) was flaky.... but they were totally able to loop up the T1 from the TELCO which proved there was no problem, bah!
The tech support were friendly but clueless and equipped with all the right info from the first minutes of the outage by myself...which WE detected 30 min after it happened through our own standard public safety system troubleshooting, and they were still totally unaware of it. Yeah 30 minutes is quite a lag time but consider I had to dial in from 3 towns away(26,400) after 10 minutes on the phone to verify dispatch wasn't just crazy. It took 10 minutes for them to notice the problem and qualify it for emergency service.
Yet a simple ISP with some nagios running would've found it faster but had dual paths to prevent (more than 30 seconds of) downtime. We intentionally took down our Internet link in an infrastructure replacement and the poor guy in the ISP NOC dug through outdated contact info for a while until he called his boss and eventually my cellphone to report the outage THAT'S SERVICE. He was actually concerned when he called too, could've been related to his boss but still. *I* had to calm *him* down, and there was definitely a sigh of relief on his end when I explained. I felt bad for not notifying him. He insisted I call back when we were done to verify connectivity. Where do you find that type of service?
TELCO didn't see the problem, or go to the trouble of calling us if they had. When we called them they were courteously-flippant and blamed us at every turn until they found they were wrong. Guilty until proved innocent is definitely their modus operandi.
Maybe my region is better, but I'm pretty much in Podunk. My vote is for VoIP. I realize that the cost is much more significant for the telco to do the same thing with available technology and infrastructure, that is my point exactly.