Professional Documents
Culture Documents
Outline
Open system security VoIP security requirements Industry approach and strategies IMS security requirements IMS vulnerabilities Attack examples Solution Summary
Core Network
E-mail Servers
Network Security Logs Correlation SPAM Filter
Firewall
Core Network
Internet
Enter VoIP
VoIP is different Real time Peer-to-peer Protocol rich Complex state machine (several dozen states)
Internal Web Servers
IPS
E-mail Servers
Network Security Logs Correlation SPAM Filter
Firewall
Core Network
Communication Servers
Internet
hundred services) Separate signaling & media planes Low tolerance to false positives & negatives
Sipera Systems, Proprietary & Confidential 5
E-mail Servers
Network Security Logs Correlation SPAM Filter
Firewall
Core Network
Communication Servers
Internet
Current Industry thinking is to add VoIP sensibilities to all the existing security boxes; Although nothing is actually available yet
6
Current Strategies
Hard to manage Will not meet performance specifications Does not address multi vendor Cannot keep up with new features Not available yet
Security Agent
FW/ALG
Opens pinholes
IDS/IPS
PSTN GW
Certs
Authentication Encryption
Desired Approach
Integrated, real time VoIP security solution that comprehensively tackles all VoIP vulnerabilities, both Enterprise & Carrier
Internal Web Servers
IPS
E-mail Servers
Network Security Logs Correlation SPAM Filter
Firewall
Core Network
Communication Servers
Internet
Call Server
Analyze
Anti-SPAM
Network Level Correlation
VoIP
OS
IP
Web
database
VoIP Comprehensive VoIP Integrated Security Solution for VoIP Communications Applications (VoIP, IM, Video, VoIP Multi-Media) VoIP
OS
IP
Web
IP
Web
database
OS
OS
IP
IP
Web
Web
10
11
Not addressed
IMS Aware Firewall (Policy based filters: URL/IMSI/MSISDN/AP/IP white/black lists, etc)
Vulnerabilities
Unauthorized use Privacy Attacks on Infrastructure Attacks on End-users IMS SPAM
Well Defined by 3GPP, Addressed by Core IMS infrastructure: SIM, HSS, AAA, PDG
Protection Techniques
Sipera Systems, Proprietary & Confidential 12
IMS/SIP/H.248/RTP/MPEG aware
Not addressed
Peer - Peer
Real time
IP Traffic
E-mail Web Database VoIP IMS IP TV
TCP/UDP/ICMP/FTP/HTTP/SQL aware Existing Internet Security Solutions Client - Server Non-Real time
Characteristics
Sipera Systems, Proprietary & Confidential 13
AS
ISC Mw Dh Cx
HSS
Cx Dx
SLF S-CSCF
Mi
Mw
I-CSCF BGCF
Mi Mj
SIP
H.248
DIAMETER
Mw
Mr Gq
P-CSCF
MRFC
Mg
MGCF
Mp Mp
Mn Mn
UE
14
IMS Vulnerabilities
HSS Apps Chrg
IMS & SIP enable a rich feature set of Converged Services .. but also open up the network to IP based vulnerabilities IMS & SIP vulnerabilities include:
OS level vulnerabilities IP Layer 3 vulnerabilities
SIP Server
P/S/I CSCF
SLF/PDF/IBCF/IWF
Call Server
MGCF MRFC BGCF SGF
IMS core
ABGF IBGF MGW MRFP T-MGF
IP-IP GW
Media Gateway
IMS Framework related vulnerabilities SIP/RTP/H.248/etc. protocol vulnerabilities VoIP/Video/PoC/etc. Application vulnerabilities VoIP SPAM
Sipera Systems, Proprietary & Confidential
15
Misconfigured/partially configured UEs and/or Network elements Non-GPRS access such as WLAN or BB can be attacked directly from the internet without a subscription SPAM
Sipera Systems, Proprietary & Confidential 16
Attack Types:
Flood Denial of Service
HSS Apps Chrg
Signaling Media
Zombie attackers
SIP Server
P/S/I CSCF
SLF/PDF/IBCF/IWF
Call Server
MGCF MRFC BGCF SGF
Blended attacks
Recruit zombies and use them to launch an attack
MMD core
ABGF IBGF MGW MRFP T-MGF
SPAM
SPAM over Internet Telephony (SPIT)
IP-IP GW
Media Gateway
17
Human attackers
HSS Apps Chrg
SIP Server
P/S/I CSCF
SLF/PDF/IBCF/IWF
Call Server
MGCF MRFC BGCF SGF
Spammer
IMS core
Zombie attackers
IP-IP GW
Media Gateway
IMS Vulnerability Protection System is distinct from the IMS core infrastructure
Sipera Systems, Proprietary & Confidential
18
Attack Summary
An IMS network built to 3GPP or TISPAN specifications compliance has numerous vulnerabilities An attack on the network could cause network-wide outages including bringing down HSSs, App Servers, SIP servers, Call Servers, Media Gateways and IP-IP Gateways Attacks towards specific targeted individual users could cause them extreme annoyance and disrupt their service in insidious ways Sipera Systems research team has identified over 90 distinct categories of attacks These attacks require hackers with varying levels of sophistication, but many attacks are possible even by so called script kiddies
19