Threats, Vulnerabilities and Attacks in Voice over IP

1
Threats, Vulnerabilities and Attacks in Voice
over IP

• Tero Rontti
• Codenomicon Ltd.

Thrill to the excitement of the chase! Stalk
bugs with care, methodology, and reason. Build
traps for them. ....Testers!Break that
software (as you must) anddrive it to the
ultimate- but dont enjoy the programmers
pain. from Boris Beizer
2
Codenomicon Ltd.

• Developer of robustness testing tools that
  eliminate security problems in software
• RD started in 1996 in PROTOS
• Responsible for finding thousands of security
  vulnerabilities in hundreds of commercial
  products
• Company founded in 2001

• Commercial robustness testing tools for SIP,
  IMS, MGCP, SIGCOMP, RTP/RTCP, H.323, IPv4, IPv6,
  RADIUS, DIAMETER, TACACS, HTTP, SSL/TLS, SSH,
  FTP, NTP, DNS, SMTP, SNMP, BGP, OSPF, IS-IS, PIM,
  RIP, RSVP, MPLS, LDAP, GTP, MODBUS, X.509,
  Bluetooth, Images, Audio, Compression, Multimedia

3
From Closed PSTN to Open IP-Telephony

• Opening the traditionally closed communication
  networks introduces new threats to telephony such
  as hackers and worms
• This sets new requirements for security,
  reliability and robustness for both the existing
  PSTN and to the new IP Telephony
• For security, the best practices from both of
  these worlds need to be explored to find means of
  surviving and winning in this new complex setting

4
Security in VoIP

• VoIP is software, and software has its risks, ...
• ... but it also can be maintained easily when
  deployed and implemented correctly
• VoIP is more secure than PSTN, ...
• ... but VoIP threatens the security and
  reliability of closed and vulnerable PSTN
  networks
• VoIP is a perfect platform for viruses and worms,
  ...
• ... and the number of devices deployed is a
  direct metric to the attractiveness for hackers
  and attackers
• VoIP has more interconnections and threats, ...
• ... and between interconnections, trust is
  essential, in the same fashion as with SS7
• VoIP has all the tools for building it securely,
  ...
• ... but who is responsible for security and how
  is it enforced

5
End-point Identity and Call-Path

• Caller Identity Who are you?
• Trust Control Where does the call traverse?
• Confidentiality
• Who can see the traffic?
• Integrity
• Can the signaling be changed en-route?
• Can media streams be injected by third party?
• Man-in-the-Middle?
• Availability
• Can any critical services, such as charging
  gateway be shut down, and what happens then?
• Destination Identity Who are you calling,
  really? What is the cost?

6
VoIP Security Covers All Areas of Security
Research

• Confidentiality
• Solutions Encryption, Closed networks, VPNs
• Integrity and Authentication
• Solutions Signing, Trust, Roaming, Electronic ID
• Availability (resource consumption, denial of
  service)
• Solutions More processing power, System limits
• Complexity
• Solutions Standardization, Minimizing feature
  sets, Restricting services
• Software Quality
• Solutions Certification, Interoperability,
  Robustness, Negative Testing

7
Security Tools Mechanisms for VoIP

• Encryption (e.g. TLS or S/MIME to signaling, and
  SRTP or ZRTP for media)
• But who needs it really?
• Signing
• Will there ever be a global PKI?
• Authentication
• But do we authenticate users or organizations or
  devices or all?
• IDS, IPS, and other network monitoring in many
  forms
• But first we need to know the attacks!
• Vulnerability Scanners and Virus Scanners
• But first we need known vulnerabilities!
• Robustness and Quality
• But how do we motivate software developers to do
  this? Certification?

8
Threats, Attacks and Vulnerabilities

• Threat is the potential for a passive or active
  circumstance or event that can cause physical or
  financial damage
• Attack is the actual hostile event usually
  executed using an automated exploit script, or
  virus or worm
• Threats and Attacks are enabled by
  vulnerabilities in software, and can be divided
  in three categories
• Configuration Vulnerabilities (in both
  installation and use)
• Design Vulnerabilities (in both software and
  protocols)
• Implementation Vulnerabilities (i.e. bugs and
  programming flaws)

9
Security Requirements and Threats in VoIP

• Confidentiality is threatened by e.g.
  unauthorized access of eavesdropping
• Integrity is threatened by impersonations and
  data alterations
• Availability and Quality are threatened by
  service disruption

10
Security Attacks in VoIP
Security and Reliability Goals and Requirements

• Whereas various malware usually disturb all
  security requirements, there are also other
  attacks
• Active attacks require change to network
• Passive does not require change
• Also natural events can attack against the
  security requirements

Quality of Service
Confidentiality
Integrity
Availability
Security Attacks and Events in VoIP (A)ctive,
(P)assive, (E)vent
Malware Exploit, Worm, Virus or Trojan (A)
Packet Loss (E)
Wiretap and Traffic Analysis (P)
Malformed Traffic DoS (A)
Broadcast/Multicast DoS (A)
Resource Consumption DoS (A)
Registration Hijack (A)
Message Manipulation (P)
Natural Disaster (E)
Re-routing (P)
Jitter (E)
Password Guessing (P)
Packet Corruption (E)
Configuration Manipulation (A)
Power Failure (E)
Disk Failure (E)
Delay (E)
Spoofing (P)
Man-in-the-Middle (P)
Data Injection (P)
11
Security Vulnerabilities in VoIP

• The actual vulnerabilities can be divided to
  design, implementation and configuration flaws
• Many of these flaws can enable one or several
  different attacks
• It is important to understand the flaw behind the
  risks

Security and Reliability Goals and Requirements
Quality of Service
Confidentiality
Integrity
Availability
Vulnerabilities (flaw or weakness) in VoIP
(D)esign, (I)mplementation, (C)onfiguration
Low Bandwidth (C)
Insufficient Integrity Checks (D)
Low Resources (C)
File/Resource Manipulation Flaws (I)
String/Array Manipulation Flaws (I)
Insufficient Encryption (D)
Weak Authentication (D/C)
Physical Connection Quality (I)
Bad Passwords (C)
Heterogeneous Network (D/C)
Execution Flaws (I)
Packet Collision (I)
Lacking Fall-back System (D)
12
Black-box testing categories
13
Whats all the fuzz about
Positive tests to proveconformance and
performance

• Robustness/Fuzz Testing
• To guarantee
• Safety
• Security
• Dependability
• Bug symptoms
• Crashes
• Performance degradation
• Other unexpected behaviour

Negative tests, robustness tests
Infinity of possible tests
14
PROTOS Research Creating a Baseline for Security
15
Conclusions

• SW Security SW Quality
• Security problems are created during development
• Testing prevents security problems in software
• 99.99 reliable 100 vulnerable
• You need to find and fix all problems
• Attacker needs to find only one
• Test as early and as often as possible
• Cost of repair is lower if robustness problems
  are found early
• Robustness testing should be used in regression
  testing
• Three simple steps of risk analysis
• Draw the big picture, identify critical spots,
  value
• Study the perimeters, openness, protocols
• Test, analyze, secure, reiterate ...

16
Codenomicon Ltd. - Robustness Testing Tools!

• info_at_codenomicon.comhttp//www.codenomicon.com