Scribd Logo
Upload

Welcome to Scribd!

  • Ims04 Giuhat Sipera

    Uploaded by

    Hamdan Mahat
    44 views19 pages
    VoIP security requirements Industry approach and strategies IMS security requirements IMS vulnerabilities Attack examples. Traditional voice network is closed system VS Internet which is open Internal Web Servers E-mail Servers External Web Servers Core Network Bad Guys Internet denial of Service Attacks Viruses SPYware Blended attacks.

    Original Description:

    Original Title

    ims04-giuhat-sipera

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    VoIP security requirements Industry approach and strategies IMS security requirements IMS vulnerabilities Attack examples. Traditional voice network is closed system VS Internet which is open Internal Web Servers E-mail Servers External Web Servers Core Network Bad Guys Internet denial of Service Attacks Viruses SPYware Blended attacks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    44 views19 pages

    Ims04 Giuhat Sipera

    Uploaded by

    Hamdan Mahat
    VoIP security requirements Industry approach and strategies IMS security requirements IMS vulnerabilities Attack examples. Traditional voice network is closed system VS Internet which is open Internal Web Servers E-mail Servers External Web Servers Core Network Bad Guys Internet denial of Service Attacks Viruses SPYware Blended attacks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    IMS Security and Protection

    Micaela Giuhat VP Product Management Sipera Systems email: micaela@sipera.com

    Sipera Systems, Proprietary & Confidential

    Outline

    Open system security VoIP security requirements Industry approach and strategies IMS security requirements IMS vulnerabilities Attack examples Solution Summary

    Sipera Systems, Proprietary & Confidential

    Open Systems can be attacked


    Traditional voice network is closed system VS Internet which is open
    Internal Web Servers E-mail Servers

    External Web Servers

    Core Network

    Bad Guys Internet

    Denial of Service Attacks Viruses SPYware Blended Attacks E-mail SPAM


    3

    Sipera Systems, Proprietary & Confidential

    The Internet Security Industry


    Applications Protected Web Apps E-mail Database
    Internal Web Servers
    IPS

    E-mail Servers
    Network Security Logs Correlation SPAM Filter

    External Web Servers


    IDS

    Firewall

    Core Network

    Internet

    But Problems still persist

    Sipera Systems, Proprietary & Confidential

    Enter VoIP
    VoIP is different Real time Peer-to-peer Protocol rich Complex state machine (several dozen states)
    Internal Web Servers
    IPS

    E-mail Servers
    Network Security Logs Correlation SPAM Filter

    External Web Servers


    IDS

    Firewall

    Core Network

    Communication Servers

    Internet

    Feature rich (several

    hundred services) Separate signaling & media planes Low tolerance to false positives & negatives
    Sipera Systems, Proprietary & Confidential 5

    Current Industry Approach


    Approach is unworkable: 1. Not real time 2. Cannot handle encrypted traffic 3. Cant keep up with new feature addition
    Internal Web Servers
    IPS

    E-mail Servers
    Network Security Logs Correlation SPAM Filter

    External Web Servers


    IDS

    Firewall

    Core Network

    Communication Servers

    Internet

    Current Industry thinking is to add VoIP sensibilities to all the existing security boxes; Although nothing is actually available yet
    6

    Sipera Systems, Proprietary & Confidential

    Current Strategies
    Hard to manage Will not meet performance specifications Does not address multi vendor Cannot keep up with new features Not available yet
    Security Agent

    Protect against May block Good calls Windows OS vulnerabilities


    ALG is vulnerable

    FW/ALG

    Opens pinholes

    IDS/IPS

    VoIP Traffic analysis Signature/Anomaly Filtering Limited


    signatures

    Event Correlation Remediation

    PSTN GW

    Core switch Guard

    Scrub IP DoS/DDoS Traffic

    Cannot stop Spoofed Caller IDs

    Certs

    Authentication Encryption

    Sipera Systems, Proprietary & Confidential

    Desired Approach
    Integrated, real time VoIP security solution that comprehensively tackles all VoIP vulnerabilities, both Enterprise & Carrier
    Internal Web Servers
    IPS

    E-mail Servers
    Network Security Logs Correlation SPAM Filter

    External Web Servers


    IDS

    Firewall

    Core Network

    Communication Servers

    Internet

    IP Communications Security (IPCS) Solution

    Sipera Systems, Proprietary & Confidential

    Tolerance for False Negatives: Email Vs Voice


    Email Delivery Mode: Store Analyze Forward in near-real time Email Server Low volume Email attack
    False negative E-mail may not be extracted Immediately; can be deleted fairly easily; low annoyance level

    Security Device Security Device


    False negative Call delivered in real time; phone rings constantly; high annoyance level

    Low volume Voice attack

    Call Server

    Call Delivery Mode:

    Analyze

    Forward in real time

    Sipera Systems, Proprietary & Confidential

    Typical Solution vs. Desired Solution

    Anti-SPAM
    Network Level Correlation

    e-mail

    VoIP

    OS

    IP

    Web

    database

    VoIP Comprehensive VoIP Integrated Security Solution for VoIP Communications Applications (VoIP, IM, Video, VoIP Multi-Media) VoIP

    Intrusion Detection System


    Denial of Service Prevention

    OS

    IP

    Web

    IP

    Web

    database

    Intrusion Prevention System


    Firewall

    OS
    OS

    IP
    IP

    Web
    Web

    e-mail

    Sipera Systems, Proprietary & Confidential

    10

    Comprehensive IMS Security System

    A Comprehensive IMS Security System must:


    Prevent unauthorized usage Protect end-user privacy Protect IMS infrastructure from attacks Protect end-users from attacks Handle voice SPAM

    Sipera Systems, Proprietary & Confidential

    11

    Security Aspects addressed in IMS


    IMS SPAM Filter (User control,
    Behavioral learning (call patterns, trust scores), Machine Call detection, etc.

    IMS Network Level Security Management


    (Event correlation, Network Threat Protection )

    IMS Intrusion Prevention (Call Stateful Deep packet


    inspection (IMS decode), Behavioral learning (finger printing), Protocol fuzzing prevention, media filtering, etc.)

    Not addressed

    IMS Aware Firewall (Policy based filters: URL/IMSI/MSISDN/AP/IP white/black lists, etc)

    Vulnerabilities
    Unauthorized use Privacy Attacks on Infrastructure Attacks on End-users IMS SPAM

    Well Defined by 3GPP, Addressed by Core IMS infrastructure: SIM, HSS, AAA, PDG

    Encryption (IPSec, TLS) Authentication (SIM)

    Protection Techniques
    Sipera Systems, Proprietary & Confidential 12

    Security Aspects addressed in IMS


    User & Traffic Behavioral Learning

    Call State & Service aware

    IMS/SIP/H.248/RTP/MPEG aware

    Not addressed

    Peer - Peer

    Real time

    IP Traffic
    E-mail Web Database VoIP IMS IP TV

    TCP/UDP/ICMP/FTP/HTTP/SQL aware Existing Internet Security Solutions Client - Server Non-Real time

    Characteristics
    Sipera Systems, Proprietary & Confidential 13

    IMS reference architecture


    Rf /Ro Sh

    AS
    ISC Mw Dh Cx

    HSS
    Cx Dx

    Charging Charging Functions Functions

    SLF S-CSCF
    Mi

    Mw

    I-CSCF BGCF
    Mi Mj

    SIP

    H.248
    DIAMETER

    Mw

    Mr Gq

    P-CSCF

    MRFC

    Mg

    MGCF

    PDF

    Mp Mp

    Mn Mn

    PSTN GGSN MRFP MGW MRFP

    UE

    IP IP Transport (Access and Core) Transport (Access and Core)

    Sipera Systems, Proprietary & Confidential

    14

    IMS Vulnerabilities
    HSS Apps Chrg

    IMS & SIP enable a rich feature set of Converged Services .. but also open up the network to IP based vulnerabilities IMS & SIP vulnerabilities include:
    OS level vulnerabilities IP Layer 3 vulnerabilities

    SIP Server
    P/S/I CSCF
    SLF/PDF/IBCF/IWF

    Call Server
    MGCF MRFC BGCF SGF

    IMS core
    ABGF IBGF MGW MRFP T-MGF

    IP-IP GW

    Media Gateway

    Well known in the data world

    IMS Framework related vulnerabilities SIP/RTP/H.248/etc. protocol vulnerabilities VoIP/Video/PoC/etc. Application vulnerabilities VoIP SPAM
    Sipera Systems, Proprietary & Confidential

    New, unique & real time sensitive Application level vulnerabilities

    15

    IMS Architecture Vulnerabilities: Some Examples

    Compromised mobile phones


    Zombie hard/soft phones Modified phone with malicious intent
    Malicious/Malformed/Spoofed signaling attacks Malicious/Malformed/Spoofed media attacks Spoofed IMS Emergency session attacks Presence update attacks Initiating Conferencing to block the network resources

    UE having direct access to the IMS core network


    Charging fraud - Signaling directly to S-CSCF to avoid charging

    Misconfigured/partially configured UEs and/or Network elements Non-GPRS access such as WLAN or BB can be attacked directly from the internet without a subscription SPAM
    Sipera Systems, Proprietary & Confidential 16

    IMS Application Level Attacks


    Human attackers

    Spammer Spoofed Packets

    Attack Types:
    Flood Denial of Service
    HSS Apps Chrg

    Signaling Media

    Zombie attackers

    SIP Server
    P/S/I CSCF
    SLF/PDF/IBCF/IWF

    Call Server
    MGCF MRFC BGCF SGF

    Distributed DoS Stealth DoS


    Target individual or group of users

    Blended attacks
    Recruit zombies and use them to launch an attack

    MMD core
    ABGF IBGF MGW MRFP T-MGF

    SPAM
    SPAM over Internet Telephony (SPIT)

    IP-IP GW

    Media Gateway

    Both Network & Subscribers can be attacked

    Sipera Systems, Proprietary & Confidential

    17

    IMS Vulnerability Protection System Reference Architecture

    Human attackers
    HSS Apps Chrg

    SIP Server
    P/S/I CSCF
    SLF/PDF/IBCF/IWF

    Call Server
    MGCF MRFC BGCF SGF

    Spammer

    IMS Vulnerability Protection System


    ABGF IBGF

    IMS core

    Zombie attackers

    MGW MRFP T-MGF

    IP-IP GW

    Media Gateway

    IMS Vulnerability Protection System is distinct from the IMS core infrastructure
    Sipera Systems, Proprietary & Confidential

    18

    Attack Summary

    An IMS network built to 3GPP or TISPAN specifications compliance has numerous vulnerabilities An attack on the network could cause network-wide outages including bringing down HSSs, App Servers, SIP servers, Call Servers, Media Gateways and IP-IP Gateways Attacks towards specific targeted individual users could cause them extreme annoyance and disrupt their service in insidious ways Sipera Systems research team has identified over 90 distinct categories of attacks These attacks require hackers with varying levels of sophistication, but many attacks are possible even by so called script kiddies

    Sipera Systems, Proprietary & Confidential

    19

    You might also like