impact of sip on network integrity adrian. outline introduction who are cpni? what is sip and why is...
TRANSCRIPT
Impact of SIP on Network Integrity
Adrian
Outline• Introduction• Who are CPNI?• What is SIP and why is it a problem?• What can we do about it?
• Adrian – worked in CPNI for 2 ½ years as a telecommunications security advisor
• Prior to that 29 years with FCO and MOD advising on use of telecommunications
• Technical background, definitely no tact for a diplomatic career!
Introduction
• Centre for the Protection of National Infrastructure
• Government Department• Advice on “Keeping the lights on” for the UK• Concentrate on Critical Infrastructure– Lot of advice valid for all infrastructure
Who are CPNI?
• SIP– Session Initiation Protocol– Used to start (and end) Voice over IP
• SIP is not the whole problem– IP (Internet Protocol) is another part– So is the general “freedom of information”
What is SIP and why is it a problem?
Internet• In the good old
telecommunication days…– Physical Separation– Bespoke and little known
protocols– First (and 2nd) Line of
Defence
• Now…– Internet Protocol– Shared physical path– First lines of defence gone
• “May you have a choice of many standards…”• In good old TDM / SS7 there were two fields
(both numeric)– “Dialled Number” (you), “CLI” (me)
• In SIP there are many, many fields to choose– “From”, “To”, “Contact”, “Allow”, “ID”, “Privacy” …
• In many formats…– SIP URI (User@host), Tel URI (+44 7717 …)
SIP
• Massive amount of Open Source information– SS7; running short of experts.– SIP
And…
• On the one hand– Security reduced by common network protocol
• On the other– Much more complicated signalling– Those of ill intent know as much as the good guys
So – Treble whammy
• SIP Overload Control– DoS – Send spoof control messages
• Telemarketing / Hoax Calls– Spoof CLI, call priority, call divert status…
• Denial of Service (general)– All sorts of options [packet complexity]
• Denial of Service (specific)– Flatten handset battery with spoof invites
Potential Problems
• Can’t do a lot about information sharing– And it’s not all a bad thing
• IP layer– Good housekeeping– Make sure messages come from who you think
they do• SIP Layer– Keep messages “tight”– Validate
What can we do about it?
Questions?