Security and Real-time Communications – a maze of twisty little passages, that all look alike.
Olle E. Johansson, Consultant in network security and real-time communication – PKI, webrtc, SIP , XMPP. Kamailio and Asterisk expert.
Olle has worked with Internet and TCP/IP networking for almost 30 years and is a developer, project manager, documentation writer, trainer and a secret lover of X.509 and PKI. Olle is active in the IETF and has co-authored an RFC and contributed to many. He has spoken at many conferences and trained many, many Asterisk and Kamailio admins. Olle co-founded Astricon, the Asterisk conference. Outside of work he is an oral storyteller and spends a lot of time in his garden back home in Sweden.
After almost 20 years of working with real-time communication: SIP, XMPP, WebRTC, and other protocols and platforms. I haven’t built a standard compliant secure platform once with strong encryption and identity handling. I’ve been close, but no cigar.
Looking at the standard documents for SIP, there are a lot of missing pieces and most of the Open Source implementations are missing large amounts of code to implement both existing security specifications as well as the missing pieces. It’s a mess, and that doesn’t help those who are trying to implement secure real-time communications. We can do better and hopefully we will do better.
While WebRTC mandates encrypted communication channels, it doesn’t mean that all platforms are secure. Also there are as many definitions of “secure platform” as people implementing them.
There are hooks and new solutions to build from, but few implementers get the requirements, time and resources to do this.
Let’s discuss what the issues are, where privacy plays in, the missing support in the standard documents and where to go next.
We will also talk about why we think that the requirements for security are missing in almost every project and how we can change that.
Keywords:
– #MoreCrypto: PKI and TLS
– Oauth2 and OpenID connect, where do they fit in?
– SIP, The session initiation protocol
– WebRTC
– SRTP, Secure RealTime Protocol
08448380779 Call Girls In Civil Lines Women Seeking Men
Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson
1. REALTIME SECURITY
SIP,WEBRTC AND STUFF
oej@edvina.net | @oej November 2020
“you are in a maze of twisty little
passages, all alike”
the adventure game.
1
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
“OH NO, NOT AGAIN”
MARWIN, the paranoid android
2
2. YES, ONE MORE TIME!
Olle - the stubborn evangelist.
3
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
OLLE E. JOHANSSON
• History:Asterisk developer
• Contributor to Kamailio,
Janus, Baresip and other
projects
• Consultant, trainer, amateur
gardener, dog owner,
storyteller
• SIP,WebRTC, XMPP, MQTT,
IP (4&6), PKI,TLS…
4
3. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
AGENDA
• Introduction - problem
overview
• SIP &TLS
• WebRTC
• Summary
5
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WARNING
Massive slide re-use. Some
of these are between 5-10
years old but still valid.
Change does not happen
over night, folks. If you are
concerned about security:
DON’T GIVE UP!
6
4. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WHAT IS REALTIME
COMMUNICATION SECURITY?
According to
@oej
7
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
From this... …to this
8
5. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
Talk
Video
Chat
Application sharing
3D holographic 7.1 conferences
9
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
CONVERSATIONS
BETWEEN
TWO OR
MORE PEOPLE
10
6. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
OUT OF SCOPETODAY.
Tommy the system intruder
Christina the network sniffer
Adrian the BOT
network manager
Marwin
the fraudster
11
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
IN SCOPE
You Me
12
7. WHAT ISTHE PROBLEM?
The usual security issues...
13
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WHO’STALKING?
You Me
Identity
14
8. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WHO IS LISTENING?
You Me
Confidentiality
3rd party
15
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
DIDYOU REALLY WRITETHAT?
You Me
Integrity
16
9. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
YOU CAN’T DOTHAT.
You Me
Authorization
17
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WHO AM I?
Me
IP Phone
Softphone
Chat client
Car
Pad
Set-top-box
Laptop
Cell phone
18
10. YOU ANDYOUR DEVICES
Me
IP Phone
Softphone
Chat client
Car
Pad
Set-top-box
Laptop
Cell phone
19
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
THE IP REALTIME WORLD
DATACOM TELECOM
20
11. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
NETWORK SECURITY
You Me
Our problem
21
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
TELECOM SECURITY MODEL
You Me
In the telco
we trust.
22
12. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
END2END ORTHROUGH
PROXY SERVER?
Do you want
someone else to handle your keys?
Do you
want to set up
a secure session between you
and me? If so, how?
You Me
23
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
THIS APPLIESTO MANY
PROTOCOLS
SIP
XMPP
WEBRTC
?
24
13. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
THETOOLBOX
TLS
SIGNALLING
DTLS/SRTP
MEDIA
SIP IDENTITY
S/MIME
INTEGRITY
HTTP DIGEST
AUTH
MSRP/TLS
CHAT
IDENTITY
Oauth2, GNAP
MLS
(Coming)
25
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WHAT’STHE ISSUE
WITH REALTIME SECURITY?
Almost No one
asks for it.
Therefore no one
implements it.
Which means lack of
experience.
26
14. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WHAT I FAILTO
UNDERSTAND.
Why does nobody
care, really?
27
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
FINAL QUESTION:
What’s a secure
session for you?
28
15. THE IDENTITY
- WHO AREYOU?
And can you prove that claim?
29
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
SIP AUTHENTICATION
• History: HTTP Digest MD5 auth or
TLS client certs
• Improvement: SHA256 and SHA512
• Next step: Oauth2/OpenID connect
authentication using JWTTokens
How do you migrate to
stronger auth?
How do we separate
device and person?
30
16. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
FIKA BREAK
This is a good moment to take
a break, refill your tea cup and
stand up.
31
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
FIKA BREAK
32
18. TLS -TRANSPORT LAYER
SECURITY.
35
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
TLS IN ONE PICTURE
Server
Network
Link
Application
Client
Identity check
Algorithm agreement
Key Set up
Encryption of data
Without prior agreement
Certificate validation
36
19. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
TLS & S/MIME
USAGE IN SIP
• TLS is used in SIP for
• authentication of servers and
clients
• initiating encryption of a session
• digital signatures on SIP messages
to ensure integrity and provide
authentication
• S/MIME is used for message
integrity and authentication
Authentication
Who are you? Prove it!
Encryption
Providing confidentiality
Integrity
Making sure that the
receiver get what the
37
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
TLS & S/MIME
USAGE IN WEBRTC
• TLS is mandatory in webrtc for
• authentication of web servers
• encryption of the HTTP session
• DTLS is used for
• initiating encryption of a session
- but not for encrypting the session
• but the DTLS certificates are not
validated by default!
Authentication
Who are you? Prove it!
Encryption
Providing confidentiality
Integrity
Making sure that the
receiver get what the
sender sent
38
20. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
SIP TLS CONNECTIONS
• The SIP UA Client sets up connection to server (proxy or
UAS) onTLS port
• TLS negotiation happens before SIP starts,
• Server always provide certificate
• Client challenges certificate to make sure that server has
private key for certificate’s public key
• Client may check the validity of the server cert before
accepting connection to proceed
• What trust store does the client (phone) use?
39
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
TLS CLIENT
AUTHENTICATION
• Server may request client certificate and
challenge certificate
• This may replace WWW digest auth and
provide an accepted identity of the SIP user
• Problematic if there’s an untrusted SIP
proxy in the path
40
21. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
TLS TRUST
• If you only need a basic encrypted session, i.e. some confidentiality,
there’s no need to check the certificates - but you can’t really trust that
the session is confidential
• If you want more than simple confidentiality, you need to make sure the
software on both sides handle verification of the certificates
•Are they signed by a trusted third party?
•Is the subject of the certificate authorized to use your
system?
•Does the certificate allow usage for SIP session setups?
•Are they still valid?
41
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
SIPS: - WAS A BAD IDEA.
Just forget it.
SIP doesn’t work like the web.
42
22. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
A SIP REGISTRATION AND
CALL
SIP client/server
(phone)
SIP serverHello, here’s my current location
SIP Contact URI
(IPv6 or IPv4 address + port)
Incoming callIncoming call
sent to Contact URI
Contact
URI
Two separate
Connections/Flows
43
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
…WITH TLS
SIP client/server
(phone)
SIP server
Hello, here’s my current location
SIP Contact URI
(IPv6 or IPv4 address + port)
Incoming call
Incoming call
TLS
TLS
The phone needs
to be a TLS server with a
certificate
Contact
URI
The cert needs to match
the Contact URI.
Which is changing unless you use GRUU
Contact
URI
44
23. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
SIP MATCHING SERVER
CERTIFICATE
sip:alice@example.com
SIP server
cn: example.com
san: ww.example.com
SIP server
cn: namn.se
san: example.com
SIP server
cn: example.com
DNS SRV for example.com points to
sip01.siphosting.com
FAIL
OK!OK!
SIP server
cn: *.example.com
Fail
Wildcards are
not allowed.
With no SAN, CN is used.
But only with no SAN.
RFC 5922 - SIP domain certificates
45
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
IN XMPP AN OPEN
CONNECTION = “AVAILABLE”
XMPP client
XMPP
server
Incoming message
TLS
A client without a
connection is off line.
OneTCP/TLS connection.
46
24. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
SIP XMPP STYLE
= SIP OUTBOUND
SIP client/server
(phone)
SIP server
Incoming call
TLS
Reuse the same connection,
managed by the client!
REGISTER
INVITE
As long as we have at
least one connection, the UA is
”online” and available.
RFC 5626
47
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
SIP OUTBOUND AND IP
FLOWS
SIP
”it’s really hard to notice that aTCP connection is dead”
Panagiotis Stathopoulos at #Fosdem 2016
UA
SIP
SIP
SIP edge proxys
SIP location server
48
25. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
SECURITY?
NO GUARANTEES, EVER
SIP SIP
UA UA
The user can only control and
verify the first hop
49
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
CLIENT CERTIFICATES
CAN BE TRICKY
SIP SIP
UA
THIS SERVER (THE REGISTRAR)
CAN’TVERIFY THE CLIENT
CERTIFICATE.
TLS hop
50
26. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
IN SHORT FOR SIP: WITHOUT
OUTBOUND, YOU’RE A NO GO
Managing client certs is a
pain and a high cost.
Keep your
connections happy and users
secure!
51
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WORK TO DO
Kill SIPS:
Finally. Get rid of it. Clarify SIP/TLS
usage. Mandate outbound for
phones.
Standardize SIP client
certificates.
Standardise DANE usage in
SIP.
Work on Peer-to-
peer security for all
protocols.
52
27. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
SUMMARY
“you are in a maze of twisty
little passages, all alike”
the adventure game.
53
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WHAT CAN
YOU DO
NOW?
54
28. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
FIRST STEPS
• UseTLS as first hop protection - just do it.Always.
• Add SIP client certs to provisioning if you can
• Demand properTLS implementation from phone
vendors
• Require DTLS key exchange and SRTP (like in
WebRTC)
• Require vendors to leave the MD5 auth and SDES key
exchange behind and move to stronger solutions
55
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
FOR WEBRTC PLATFORMS
• Depends on your usage and users
• If you want improved security:
• Normal web security advice apply for the
web and app part
• Tie the DTLS cert to a real identity (IDP)
• always validate certs
56
29. IN SHORT: CLEARTEXT IS A
BAD IDEA
Classic SIP:
No confidentiality, bad auth
SIP +TLS oppurtunistic crypto:
Basic confidentiality for signalling
SIP +TLS oppurtunistic crypto + SRTP
Basic confidentiality for calls
SIP + MutualTLS+ SRTP
Secure conversations
-
+
+
+
57
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
WHATEVER YOU DO:
• Listen to Sandro:
Always test
your security!
58
30. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
STAY UPTO
DATE.
Security is never done.
59
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
BUILD WITH
SECURITY.
DON’T WAITTO
ADD IT
AFTERWARDS.
60
31. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
DON’T
EVER
STOP.
IT SECURITY
IS A PROCESS.
61
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
MONEY
TALKS
PUT PRESSURE
ONYOUR
VENDORS.
62
32. Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
IF
NEEDED,
GET HELP.
IT SECURITY
NEEDS AN EXTRA
PAIR OF EYES.
63
Ⓒ Edvina AB, Sollentuna Sweden.All rights reserved.
STAY
CURIOUS.
64