voice over ip: security and mobility
TRANSCRIPT
V and Mobility
Maguire Total pages: [email protected]
© 2004 G.Q.Maguire Jr. .All rights reserved. No part of this course hotocopying, recording, or otherwise, without written permission of the author.
Last modified: 04.03.03:10:42
KTH Microelectronicsand Information Technology
ld Q. Maguire Jr.
.kth.se/~maguire
less@KTH&
and Information Technology (IMIT)ology (KTH), Stockholm, Sweden
VA Sydd, Sweden
arch 2004
oice over IP: Security
IVA-Syd-20040303c.fm5 March 3, 2004
may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, p
Prof. Dr. Gera
<magu
http://www.it
Wire
Inst. for Micorelectronics Royal Institute of Techn
ILun
3 M
2 of 42Voice over IP: Security and Mobility
Jr.municationribed in the following Swedish:
för personlig databehandlingoch effektiva implementerings
bia University in CSniversity); 8 licentiate students
iner: >220 (KTH)
etwork Architectures, Internet-ts, Location/Context Aware Per-mmunication (basic courses);
, Programming Languages andation, Performance Analysis,
r Science, University of Utah;nsylvania, 1975
[email protected] March 3, 2004
Gerald Q. MaguireJuly 1994 to present : Professor, Computer Com(Datorkommunikation), formally the chair is desc
Ämnet omfattar integrerade dator- och kommunikationssystemoch personalkomunikation, speciellt trådlös kommunikationstrategier. (Ref. nr 473/93).
Jan. 1983 .. Dec. 1993 - on the faculty of Colum• Doctoral students (completed): 4 (KTH) and 4 (Columbia U
(KTH), Member of 34 doctoral dissertation committees• MS & Civ. Ing. main advisor: 6 (KTH), 1 (Columbia); exam• Teaching:
– Voice Over IP, Sensor Networks, Wireless and Mobile Nworking, Mobile Personal Communication, Access Poinsonal Communication, Telecommunication and Data Cototal > 3400 students at KTH
– VLSI design, Operating Systems, Artificial IntellegenceTranslators, Computer Organization, Symbolic ComputComputer Networks, … ; total > 700 (Columbia)
• Education: Ph. D. 1983 and M.S. 1981 - both in ComputeB.A., magna cum laude, Physics, Indiana University of Pen
3 of 42Voice over IP: Security and Mobility
)tsrocessing in the end points.
etwork - where processing is
AN, PAN, Ad hoc, … .
(Now) we think about aconverged network whichis aglobal network
k
t
terminal
[email protected] March 3, 2004
Voice over IP (VoIPVoIP is an End-to-End Architecture which exploip
Unlike the traditional Public Switch Telephony Ndoneinside the network.
Network Convergence:
VoIP, largelyindependent of the underlying network, i.e., LAN, Cellular, WL
In the past, many different networks -each optimized for aspecific use: POTS, data networks (such as X.25), broadcastradio and television, … and each of these in turn often hadspecific national, regional, or proprietary implementations)
⇒
CODEC
IP stack
radio
CODEC
IP stac
etherne
Cellular IP terminal Fixed IP
VoIP server
call/sessionrouting
IP cloud
IP end-to-end
4 of 42Voice over IP: Security and Mobility
for VoIP
handsets controlled by thees onany platform
edia contentin digital form
s
Implementation
H.323
Softswitches
ession Initiation Protocol (SIP)
[email protected] March 3, 2004
Three major alternatives
SIP⇒ a change from telephony’s “calls” betweennetwork to “sessions” which can be betweenprocessanywherein the Internet and with bothcontrol andmand hence can be easily manipulated.
• thus a separate voice network is not necessary• open and distributed nature enables lots of innovation
– since both control and media can be manipulated and– “events” are no longer restricted to start and end of call
Concept
Usesignalling concepts from the traditional telephony industry
Usecontrol concepts from the traditional telephony industry
Use an internet-centricprotocol S
5 of 42Voice over IP: Security and Mobility
atacom
cols andpacket formatsnal statetate are soft-state and dynamically built based on traffic
the network
ment⇒ integrity of communications isof the end node,not the network
added by anyonerovided byany nodeattached to the network
hoice of services
rol⇒ no one can easily turn it off
class”, business, & consumer equip.gh availability >99.99% (50 min./year unavailability)
ilability >99% (several days/year of unavailability)
is extremely high availability because most of thereindependent
very fast changengs at 18 or 9 months!
role of operators is operator)
[email protected] March 3, 2004
Traditional Telecom vs. DCircuit-switched Packet-switched
standardizedinterfaces standardizedprotolots of internal state (i.e., each switch & other networknodes)
very limited inter• caches and other s
• no session state in
long setup times - since the route (with QoS) has to be setup from end-to-end before there is any further traffic
End-to-End Arguthe reponsibility
services: builtinto the network⇒ hard to add new services• operators decide what services users can have
• all elements of the net have to support the service before it can be introduced
• Application programming interfaces (APIs) are often vendor specific or evenproprietary
Services can be • since they can be p
• users control their c
centralized control no central cont
“carrier class” equipment and specifications• target: very high availability 99.999% (5 min./year of unavailability)
• all equipment, links, etc. must operate with very high availability
a mix of “carrier • backbone target: hi
• local networks: ava
• In aggregate - therenetwork elements a
long tradition of slow changes• PBXs > ~10 years; public exchanges ~30yrs
short tradition of • Moore’s Law doubli
clear operator role (well enshrined inpublic law) unclear what the(or evenwho is an
6 of 42Voice over IP: Security and Mobility
honyuld carriers worry?”1 nicely
re ⇒ Content-neutralhe large margins which
d landline): $1.70/MB”
can offer phone services traffic
s2
can create a service
uate Course "Internet Multimedia", University of Oulu, 3-6
f FCC regulations, free to develop new solutions to addressHands-Off VoIP" Bill, Internetweek.com, January 12, 2004
[email protected] March 3, 2004
VoIP vs. traditional telepHenning Schulzrinne in a slide entitled “Why shostates the threats to traditional operators:
• Evolution from application-specific infrastructubandwidth delivery mechanism - takes away tthe operators are used to (and want !):
– “GPRS: $4-10/MB, SMS: >$62.50/MB, voice (mobile an
• Only operators can offer services ⇒ Anybody• SIP only needs to handle signaling, not media
• High barriers to entry ⇒ No regulatory hurdle
In addition to this we can add:
• Only vendors can create services ⇒ anybody
1. Henning Schulzrinne, “When will the telephone network disappear?”, as part of Intensive GradJune 2002.
2. J. Sununu said “VoIP providers should be free from state regulation, free from the complexity osocial needs, and free to amaze consumers.” E-BUSINESS: New Hampshire Senator Readies, "http://www.internetweek.com/e-business/showArticle.jhtml?articleID=17300570
7 of 42Voice over IP: Security and Mobility
tion
an operator
al/national network to the same
[email protected] March 3, 2004
VOIP Modes of Opera• PC to PC• PC-to-Telephone calls• Telephone-to-PC calls• Telephone-to-Telephone calls via the Internet• Premises to Premises
• use IP to tunnel from one PBX/Exchange to another
• Premises to Network• use IP to tunnel from one PBX/Exchange to a gateway of
• Network to Network• from one operator to another or from one operator’s region
operator in another region or nation
8 of 42Voice over IP: Security and Mobility
Packetsnsport Protocol (RTP) packet
frame.
ith the same time relationshipects of real-time delivery:
pe {often based on the sampling rate}.
Implementation
d sequence number
to time stamp
fo
[email protected] March 3, 2004
VoIP details: Protocols andCarry the speech frame inside an Real-Time Tra
Typical packetization time of 10-20ms per audio
A real-time application⇒ data must be delivered was it was created (all be it with a delay). Two asp
The timestampgranularity (i.e., the units) are determined by the payload ty
Concept
Order data should be played in the same order as it was create
Time the receiver must know when to play the packets, in orderreproduce the same signal as was input
IPv4/6 UDP RTP CODEC in20/40 octets
~33 octets
8 octets 12 octets
40/60 octets
9 of 42Voice over IP: Security and Mobility
ality”aed sampling rate, typically
voice coding
d could havehigher or loweravailable bandwidth between the
fers is quality which is:
still acceptable)
systems.
ear Predictive Coding (LPC), code-excited0: RPE/LTP (residual pulse excitation/long terms DVI ADPCM Wave Type, ITU’ G.721, ITU’sch at 16 kbit/s using low-delay code excitedy streams, defined in ISO standards ISO/IEC
[email protected] March 3, 2004
VoIP need not be “toll quPublic Switched Telephony System (PSTN) usesfix8kHz and coding to 8 bits, this results in 64 kbps
However, VoIP isnot limited to using this coding andata rates depending on the CODEC(s) used, theend points, and the user’s preference(s).
One of the interesting possibilities which VoIP of
• better that “toll grade” telephony or• worse than “toll grade” telephony (but perhaps
This is unlike thefixed quality of traditional phone
Audio Encodings: G.711 A-law, G.711 mu−law, 8 bit linear, 16 bit linear, Linlinear prediction (CELP) -- Federal Standard FED-STD 1016, GSM 06.1prediction) coding at a rate of 13 kb/s , Interactive Multimedia Association’G.722: 7 kHz audio-coding within 64 kbit/s, ITU’s G.728: Coding of speelinear prediction, MPEG-I or MPEG-II audio encapsulated as elementar11172-3 and 13818-3, variable-rate version of DVI4, …
10 of 42Voice over IP: Security and Mobility
(jitter)dio), includes the encoding,
ing/routing, receiving,)+
y in the final receiver.rder tohide the delayck delay > delay variance
y on peceived voice quality, seePerformance Monitoring”,mber 2, April, 2001, pp. 9-24.
ehaviors, thus
ry natural, while aboveing down ⇒ simplex)
[email protected] March 3, 2004
Delay and delay varianceThe end-to-end delay (from mouth to ear - for au
packetization, (transmission, propagation, switchdejittering, decoding, playing
To hide the jitter we generally use playout bufferonlNote: This playout bufferadds additional delay in ovariations (this is called:delayed playback), playba
There are very nice studies of the effects of delaR. G. Cole and J. H. Rosenbluth, “Voice over IP Computer Communications Review, Vol. 21, Nu
• the delay impairment has roughly two linear b
• for delays less than 177ms, conversation is vethis it become more strained (eventually break
Id 0.024d 0.11 d 177.3–( )H d 177.3–( )+=
d one-way delay in ms=
H x( ) 0= if x 0<( ) else H x( ) 1= when x 0≥
11 of 42Voice over IP: Security and Mobility
s it varies during a
ed on observed average this computation isCPining the timestamps is being done at the
hance to catch-uphe receiver’s clock the queue
pling in PC’s codecs is rarely
[email protected] March 3, 2004
Playout delay• Playout delay should track the network delay a
session• This delay is computed for each talk spurt bas
delay and deviation from this average delay --similar to estimates of RTT and deviation in T
• Beginning of a talk spurt is identified by examand/or sequence numbers (if silence detectionsource)
• The intervals between talk spurts give you a c• without this, if the sender’s clock were slightly faster than t
would build without limit! This is important as the 8kHz samexactly 8kHz.
12 of 42Voice over IP: Security and Mobility
l time, only of the end-to-end
orking Performance of Multimedia Delivery on Systems Multimedia, Dept. of CS, Univ. ofre9.pdf
networkdelay
jitter-bufferdelay+ +
d latency
RTPMessage
[email protected] March 3, 2004
When to playThe actual playout time isnot a function of the arrivadelay which can be calculated as shown below:
Figure adapted from slide 11 on page 6 of Kevin Jeffay, “Lecture 9: Netwthe Internet Today”, Lecture notes for COMP 249: Advanced DistributedNorth Carolina at Chapel Hill, November 9, 1999.http://www.cs.odu.edu/~cs778/jeffay/Lectu
samplegeneration
time+
local clocksynchronization
correction
senderpackaging
delay
playout time =
+
end-to-en
NTP Clock
RTP Clock
Playout
RTCPMessage
Receive
13 of 42Voice over IP: Security and Mobility
Recoveryhave time to request the sourceylive without it or recover itfficient redundant data to
sion at the cost of a longer delay
any samples to play:
st samples {as humans getction is broken!}will produce very noticable errors
ing losses), such as those used inimedia/software/rat/
[email protected] March 3, 2004
Retransmission, Loss, and For interactive real-time media we generally don’tto retransmit a packet and to receive the new cop⇒using Forward Error Correction (FEC), i.e., send suenable recovery.
Fornon-interactive media we can use retransmisbefore starting playout
If you do have to generate output, but don’t have
• audio• Comfort noise: play white nosie or play noise like in the la
uncomfortable with complete silence, they think the conne• if you are using highly encoded audio even a BER of 10-5
Various techniques for loss concealment (i.e., hidtheUCL’s Robust Audio Tool (RAT)http://www-mice.cs.ucl.ac.uk/mult
14 of 42
(SIP)
s
g transport
ans can read them)and called parties
messaging, presence,
RTP itself, butsessionscan
teractive sessions
vide information about a call,, multicast addresses, etc.
Maguire IVA-Syd-20040303c.fm5
Session Initiation Protocol • Defined in RFC 3261 http://www.ietf.org/rfc/rfc3261.txt
• provides application layer signaling• Used to establish , modify , and terminate multimedia session
• can utilize UDP, TCP, TLS, SCTP, … for underlyin• HTTP-like
• uses textual rather than binary (ala H.323) messages (⇒ hum• uses Uniform Resource Indicators (URIs) to designate calling
• target applications : voice, video, gaming, instantcall control1, …
SIPonly coverssignalingparts of H.323. Does not useuse RTP.
• SIP provides ability to discover remote users and establish in• Does not ensure QoS or deliver large quantities of data
SIP uses SDP (Session Description Protocol) to prosuch as, the media encoding, protocol port number
1. Largely taken from Advanced Intelligent Network (AIN).
15 of 42
unt) user agent in a (long)ith respect to securityues, …)
ites Bob to a SIP session:
Maguire IVA-Syd-20040303c.fm5
Is SIP simple?• 25 RFCs (for SIP and SDP) - total of 823 pages• RFC3261 is longest RFC ever (based on byte co• There are claims that one can still build a simple
evening, but there is substantial work required w(due to TLS, S/MIME, AAA, Denial of Service iss
SIP timeline - showing a simple version of Alice invAlice BobInvite
OK,200ACK
Bye
media session
16 of 42Voice over IP: Security and Mobility
P
n RFC 2326 - remote mediaemote VCR/DVD/CD player).
streamingapplications
CODECs
RTSP
TCP
source - this enables the sources to beadaptive coding algorithm the source cang at the endpoint.
bout a session
[email protected] March 3, 2004
SIP, RTP, and RTS
RTP Control Protocol (RTCP)
Real Time Streaming Protocol (RTSP), defined iplayback control (think in terms of controlling a r
audio/videoapplications
signaling and control
video, audio, …CODECs RTCP
SDP
RTP SIP
UDP
IP
[upward] enables endpoints to provide meta-information to theadaptive to the endpoints. For example, by using an accommodate the actually data rate of packets arrivin
[downward] enables sources to send the endpoints information a
17 of 42Voice over IP: Security and Mobility
teways
☎PSTN
Mobile
MD110
PBX
Frame relay, ATM, …
Signaling Gateway - convert from the signaling usein one network to that of the other
Media Gateway - convert the media format from thused in one network to that of the other
[email protected] March 3, 2004
SIP actors
Figure 1: SIP Actors
Called, PresentityCaller, Watcher
Local
Media, Messages
INVITE
Network Proxy
NOTIFY
SUBSCRIBE
GaForking
LocalProxyProxy
INVITE
INVITE
18 of 42Voice over IP: Security and Mobility
Codes
.
des:
INVITE.
r know the location of a user.
rocess the request acceptedlete the request
lfilled at this server (Try another server!)ive up!)
[email protected] March 3, 2004
SIP Methods and Status
At least 8 additional methods have been defined
SIP Status codes - patterned on and simular to HTTP’s status co
Method Purpose
INVITE Invites a user to join a call.ACK Confirms that a client has received a final response to anBYE Terminates the call between two of the users on a call.OPTIONS Requests information on the capabilities of a server.CANCEL Ends a pending request, but does not end the call.REGISTER Provides the map for address resolution, this lets a serve
Code Meaning
1xx Informational or Provisional - request received, continuing to p2xx Final - the action was successfully received, understood, and3xx Redirection - further action needs to be taken in order to comp4xx Client Error - the request contains bad syntax or cannot be fu5xx Server Error - server failed to fulfill an apparently valid request6xx Global Failure - the request cannot be fulfilled at any server (G
19 of 42Voice over IP: Security and Mobility
tors (URIs)sses: user@domain
omain
es a specific device)[email protected] KTH phone number in E.164hone number (dashes, dots, etc.)
[email protected] March 3, 2004
SIP Uniform Resource IndicaURI’s have the same basic form as e-mail addre
Two URI schemes:
• SIP URI - introduced in RFC 2543• example: sip:[email protected]
• Secure SIP URI - introduced in RFC 3261• example: sips:[email protected]• Requires TLS over TCP as transport for security
Two types of SIP URIs:
• Address of Record (AOR) (identifies a user)• example: sip:[email protected]• Need DNS SRV records to locate SIP Servers for kth.se d
• Fully Qualified Domain Name (FQDN) (identifi• examples: sip:[email protected] or sip:magui• sip:[email protected]; user=phone the ma
format via a gateway; note that the visual separators in a pare ignored by the protocol
20 of 42Voice over IP: Security and Mobility
ersion)
K776asdhds
contains:
is for:
[email protected] March 3, 2004
SIP Invite (method/URI/vINVITE sip:[email protected] SIP/2.0Via: SIP/2.0/UDP pc33.atlanta.com:5060;branch=z9hG4bTo: Bob <sip:[email protected]>From: Alice <sip:[email protected]>;tag=1928301774Call-ID: a84b4c76e66710CSeq: 314159 INVITEContact: <sip:[email protected]>Content-Type: application/sdpContent-Length: 142
(Alice’s SDP not shown)
Start Line is the first line of a SIP message which
• method or Request type: INVITE• Request-URI which indicates who the request
sip:[email protected]• SIP version number: SIP/2.0
21 of 42Voice over IP: Security and Mobility
redIP request is to computeuser at a specific
SIP’s power.
kup
[email protected] March 3, 2004
Issues to be conside• Address Resolution - first step in routing the S
the mapping between the URI and a specific host/address.• This is a very general process and the source of much of • Provides support for mobility and portability• Can utilize: DNS SRV lookup, ENUM, Location Server loo
• Session Setup• Media Negotiation• Session Modification• Session Termination• Session Cancellation• Mid-call Signaling• Call Control• QoS Call setup
22 of 42Voice over IP: Security and Mobility
rversld be a SIP phone, a
pecific parts of a SIPrver closer to the
wer; can also forward severaltateful ).
requestceives incoming requests)
act an alternate URIquests updates LSng and queried by
ate (inbound) proxy.database
[email protected] March 3, 2004
Several types of SIP Se• User agent server runs on a SIP terminal (cou
PDA, laptop, …) - it consists of two parts:• User Agent Client (UAC): initiates requests• User Agent Server (UAS): responds to requests
• SIP proxy - interprets (if necessary, rewrites srequest message) before forwarding it to a sedestination:• SIP stateful proxy server - remembers its queries and ans
queries in parallel (can be Transaction Stateful or Call S• SIP stateless proxy server• They ignore SDP and don’t handle any media (content)• Outgoing proxy: used by a user agent to route an outgoing• Incoming proxy: proxy server which supports a domain (re
• SIP redirect server - directes the client to cont• Registrar server - receives SIP REGISTER re• Location server (LS) - knows the current bindi
proxies to do their routing• SIP can also use DNS SRV (Service) Records used to loc• note in RFC 2543: a location server is a generic term for a
23 of 42Voice over IP: Security and Mobility
n,
User Agent B
cation Server
SIP
boundroxy Server
User Agents}
Proxy servers}
Other servers}
[email protected] March 3, 2004
SIP Trapezoid 1
Figure 2: SIP Trapezoid
1. From the lecture notes “SIP Tutorial: Introduction to SIP” by Henry Sinnreich and Alan Johnsto
http://smuhandouts.com/8393/SIPTutorial.pdf
User Agent A
Lo
OutboundProxy Server
DNS
Media(RTP)
SIP
InPSIP
DNS Server
SIP
24 of 42Voice over IP: Security and Mobility
ont device and location
tion to "just anyone", butearn of it
[email protected] March 3, 2004
Purpose of registratiUser B registers in order to establish their curren
• Only their location server need know• Therefore this scales well• The location server need not disclose this loca
can apply various polices to decide who can l
25 of 42Voice over IP: Security and Mobility
headers:
ailsile
Preferences on page 242.
-SIP)
Location server
n-SIP)
-SIP)
n-SIP)
n-SIP)
n-SIP)
Registrar updateslocation server withuser’s location
User moves homeandclears all their
User re-REGISTERsat home
[email protected] March 3, 2004
REGISTERing
REGISTER request includes one or moreContact Contact: <sip:[email protected]>;class=personalContact: <sip:[email protected]>;feature=voicemContact: <sip:[email protected];user=phone>;class=businesContact: <sip:[email protected];user=phone>;mobility=mobContact: <tel:+13145551212>Contact: <mailto:[email protected]>
Details at: Sinnreich & Johnston, pp. 78-79 andUser
1. REGISTER2. Update (non
User Agent (office) Registrar Server
4. 200 OK 3. Response(noUser
5. REGISTER6. Update (non
7. Response(no8. 200 OK
9. REGISTER10.Update (no
11.Response(no12.200 OK
Agent (home)
26 of 42Voice over IP: Security and Mobility
pt 1
B has registered
Johnston,
User Agent B
Location Server
InboundProxy Server
8. Response: sip:[email protected]
9. INVITEinging
13. 200 OK
[email protected] March 3, 2004
SIP Call Setup Attem
Figure 3: SIP Call Setup Attempt - when
1. Adapted from the lecture notes “SIP Tutorial: Introduction to SIP” by Henry Sinnreich and Alan
http://smuhandouts.com/8393/SIPTutorial.pdf
User Agent A
OutboundProxy Server
DNS Server
1. INVITE2. 100 Trying
3. DNS query 4. DNS reply with IPaddress of Inbound Proxy Server
5. INVITE
6. 100 Trying
7. Query for B
11. 180 Ringing
14. 200 OK 10. 180 R12. 180 Ringing
15. 200 OK
16. ACK
Media (RTP)
27 of 42Voice over IP: Security and Mobility
ith BYE
E
User Agent
ging
OK
K
EOK
[email protected] March 3, 2004
SIP Session - terminates w
BYE causes the media session to be torn down.Note:BYE like INVITE is anend-to-end method.
1. INVITE2. INVIT
User Agent Proxy Server
3. 100 Trying
4. 180 Rin
6. 2005. 180 Ringing
7. 200 OK
8. ACK 9. AC
Media Session
10.BYE 11.BY12.20013.200 OK
28 of 42Voice over IP: Security and Mobility
for HTTP (see RFC 2716), for
tion Required (reponse sent by a
hentication.
information seeSIP Security
[email protected] March 3, 2004
AuthenticationBuilds upon authentication schemes developed example challenge/response, digest, …
Two forms:
• user agent-to-user agent• 401 Unauthorized ⇒ Authentication Required
• user agent-to-server• 407 Proxy Authentication Required ⇒ Authentica
proxy/server)
Note: Any SIP request can be challenged for aut
Note: There isno integrityprotection, for additionalon page 254.
29 of 42Voice over IP: Security and Mobility
atures
01 response
oxies in a Supported or Require
ponse field
ecification.
of RFCs.
[email protected] March 3, 2004
SIP Extensions and Fe• Method Extensions
• Unknown methods rejected by User Agent using 405 or 5• Listed in Allow header field• Proxies treat unknown methods as a non-INVITE
• Header Field Extensions• Unknown header fields are ignored by user agents and pr• Some have feature tags registered, these can be declared
header field
• Message Body Extensions• Unknown message body types are rejected with a 406 res• Supported types can be declared with an Accept header• Content-Disposition indicates what to do with it
• Extension must define failback to base SIP sp
⇒ No Profiling is needed• unlike for example, Bluetooth!
SIP Method Extensions are defined in a number
30 of 42Voice over IP: Security and Mobility
vices
to an INVITE
an INVITE
lls
early media annoucement which contains the URI of the
[email protected] March 3, 2004
RFC 3261 - New Ser• Customized ringing
• A trusted proxy can insert an Alert-Info header field in
• Screen Pops• A trusted proxy can insert an Call-Info header field into• URI can be HTTP and can contain call control “soft keys”
• Callback• Reply-to and In-Reply-To header - to assist in returning ca
• Annoucement handling• UAS or proxy need not make a decision about playing an
– Error response contains new Error-Info header fieldannoucement
• UAC makes a decision based on the user’s interface
31 of 42Voice over IP: Security and Mobility
& Instant
traveling, …
ce, video, …
nce and Instant Communications), Protocols, and Applications.
ssaging platform for thers each week.
oyees - an experimentalging (IM), email, voice,
[email protected] March 3, 2004
Beyond the PSTN: PresenceMessaging
• Presence , i.e., Who is available?• Location , i.e., Where are they?: office, home,• Call state : Are they busy (in a call) or not?• Willingness : Are they available or not?• Preferred medium : text message, e-mail, voi• Preferences (caller and callee preferences)
See Sinnreich and Johnston’s Chapter 11 (Prese& course2G5565 Mobile Presence: Architectures
• Reuters has deployed a SIP-based instant-mefinancial services industry that has 50,000 use
• IBM’s NotesBuddy application for ~315k emplmessaging client that integrates instant messaand other communication.
32 of 42Voice over IP: Security and Mobility
vices
onal time”
roup chat sessions, …f people are all available
ensions (SIMPLE)charter.html
[email protected] March 3, 2004
Presence-Enabled Ser• Complex call screening
• Location-based: home vs. work• Caller-based: personal friend or business colleague• Time-based: during my “working hours” or during my “pers
• Join an existing call ⇒ Instant Conferencing, g• Creating a conference when a specific group o
and willing to be called• New services that have yet to be invented!• SIP Messaging and Presence Leveraging Ext
Working Group http://www.ietf.org/html.charters/simple-
33 of 42Voice over IP: Security and Mobility
alling protocol (Release5)resence mechanism
GPP and IETF points of view
umber of new components: Proxy Call Session (I-CSFC), Serving Call Session Controlr (AS), Subscription Locator Function (SLF),unction (MGCF), and Media Gateway (MGW)
lide 5.
s the network
[email protected] March 3, 2004
Significance• In July 2002, 3GPP adopted SIP for their sign• 3GPP adops SIMPLE as instant messaging/p
(Release6)
While there are some differences between the 3
Not suprisingly the 3GPP system for using SIP is rather complex with a nControl Function (P-CSFC), Interrogating Call Session Control FunctionFunction (S-CSFC), Home Subscriber Server (HSS), Application ServeBreakout Gateway Control Function (BGCF), Media Gateway Control F
From Henning Schulzrinne, “SIP - growing up”, SIP 2003, Paris, January 2003, s
3GPP IETF
Network does not trust the user User only partially trust
layer 1 and layer 2 specific generic
walled garden open access
34 of 42Voice over IP: Security and Mobility
e”
quipment vendors
[email protected] March 3, 2004
Programmable “phonProgramming environments
• Symbian• Java• Linux• …
Avoids lock-in driven by operators and telecom e
Greatly increases numbers of developers
⇒ more (new) services
⇒ more security problems
35 of 42Voice over IP: Security and Mobility
sed in the test
fferent properties
byte RTP payload lengthKbps), i.e., 20 ms
tion (with Replay Protection)nfidentiality and HMAC SHA1 for
ntication key: 16 bytes;
[email protected] March 3, 2004
Erik Eliasson’s miniSIP - as uminiSIP supports pluggable CODECs:
• each RTP packet says which codec was used• SDP can specify multiple codecs each with di
(including better than toll quality)• tests used PCM ⇒ sending 50 packets of 160
(packet size is 176 bytes) per second (i.e. 64 between packets• time to transmit/receive a packet ~55-60 µs• Laptop ASUS 1300B with Pentium III processor, 700 MHz• 112 MB RAM (no swapping)• Operating System: SuSE Linux 7.1 Personal Edition• Security Services: confidentiality and message authentica• Cryptographic Algorithms: AES in Counter Mode for the co
the message authentication• Lengths: master key: 16 bytes; salting key: 14 bytes; authe
encryption key: 16 bytes; block: 128 bytes
36 of 42Voice over IP: Security and Mobility
P) for securing theortr IP, M.Sc. Thesis, June 2003.port.pdf
crypto)
ag if message authentication is to
hput 20Mbps)s 240 µs
iorcket from the socket.cryptographic context to be usedsession keys from master key (via MIKEY)tication and replay protection are provided, replay and verify the authentication tagrypted Portion of the packet authentication tag
packet up the stack
[email protected] March 3, 2004
Secure Real Time Protocol (SRTmedia data transp
Israel M. Abad Caballero,Secure Mobile Voice oveftp://ftp.it.kth.se/Reports/DEGREE-PROJECT-REPORTS/030626-Israel_Abad_Caballero-final-re
• AES CM (Rijndael) or Null Cipher for encryption (using lib• HMAC or, Null authenticator for message authentication• SRTP packet is 176 bytes (RTP + 4 for the authentication t
be provided)• Packet creation: RTP 3-5 µs; RTP+SRTP 76-80 µs (throug
– ~1% of the time there are packets which take as long a
Sender behavior Receiver behavRead the SRTP pa
Determine cryptographic context to use Determine the Derive session keys from master key (via MIKEY) Determine the
If message authencheck for possible
Encrypt the RTP payload Decrypt the EncIf message authentication required,compute authentication tag and append
If present, remove
Send the SRTP packet to the socket Pass the RTP
37 of 42Voice over IP: Security and Mobility
EY) as the keycol
er IP, M.Sc. Thesis, Dec. 2003.
Q under linux
laptops)p.com and ssvl.kth.se to their
ting, and each router also runs a
laptops,running Linux 2.4
Answering Delay 9.5
10.5
7.6 (UDP)
8.9 (TCP)
pt’04: Modeling and Optimization in Mobile, Ad Hocand
[email protected] March 3, 2004
Multimedia Internet KEYing (MIKmanagement proto
Johan Bilien,Key Agreement for Secure Voice ovftp://ftp.it.kth.se/Reports/DEGREE-PROJECT-REPORTS/031215-Johan-Bilien-report-final-with-cover.pdf
Extends earlier thesis - Runs on a Laptop or iPA
Secure Call Setup 1
• name-servers (BIND 8.2 on Linux 2.4, 500 MHz Pentium 3• root name-server ns.lab manages the delegation of minisi
respective name server• two routers (1.1 GHz Celeron desktops) perform static rou
SIP server, SIP Express Router (SER v0.8.11))• Alice and Bob use minisip, running on 1.4 GHz Pentium 4
Total delay (in ms) Calling DelayNo security 19.5
MIKEY, shared key 20.9
MIKEY, Diffie-Hellman 52.5 (UDP)
58.9 TCP)
4
4
1. Johan Bilien, Erik Eliasson, and Jon-Olov Vatn, “Call establishment Delay for secure VoIP”, WiOWireless Networks, University of Cambridge,UK, 24-26 March, 2004
38 of 42Voice over IP: Security and Mobility
Privacyre feasible
form, it will be trivial to provideparticipants want to), SRTP, MIKEY, …-bit Advanced Encryption
on privacy in mobile internetwork-
in the context of the European
[email protected] March 3, 2004
Communications and • Encryption as the norm - even onetime pads a
• Since all speech and other media content will be in digital encryption and authentication of all communication (if the
• traditional public telephony less secure than using: VPNs• For WLANs: IEEE 802.11i security features along with 128
Standard (AES) encryption, …
• Identity hiding• Authentication when you mutually want to
• Mobile presence has to be done carefully• Anonymous network access• Location hiding & Privacy
• Alberto Escudero-Pascual, http://www.it.kth.se/~aep– Anonymous and Untraceable Communications - Locati
ing, Licentiate Thesis, June 2001– Privacy in the Next generation Internet: Data Protection
Union Policy, Dissertation, Dec. 2002
• Location mis-direction ⇒ End of Sovereignty• Traffic pattern hiding• Traffic hiding
39 of 42Voice over IP: Security and Mobility
ailablely spend time? in X% of these places?
ces you have WLAN
s?
ng dissertation
[email protected] March 3, 2004
If WLANs are widely av• How many different places to do you frequent• What would happen if you had WLAN access
(perhaps with X > 90%)• What if you also had VoIP service in all the pla
access?• For example, via a Cisco Wireless IP Phone 7920
⇒ Is there a business case for 3G in urban area
⇒ Is there a business case for 3G anywhere?
Handoffs for real-time media: J-O Vatn’s upcomi
40 of 42Voice over IP: Security and Mobility
PRS systemhttp://csd.ssvl.kth.se/monaco/main.htm)
IP
onfiguration as users move aboutgs around them - Adaptive and
ing a 3D (or 4D) audio
ser movements (i.e., classes,
services do theyneed? Howachers, staff, … .
[email protected] March 3, 2004
Future workTo combine:• Mobility : WLAN + GPRS (via a private complete GSM/G
• Security: IPsec, TLS, SRTP+MIKEY, … + SIP⇒ secure Vo
• Context and location awareness: minimizing manual (re-)cand facilitating their interaction with each other & the thinContext-Aware Services (ACAS)1
⇒ New services: such as audio services - managenvironment, automatic call diversion, …
In a challenging environment ofsocially correlatedumeetings, etc.)
Questions: What services do studentswant? Which will this change interactions with other students, te
1. http://psi.verkstad.net/acas/ (part of AWSIhttp://www.wireless.kth.se/AWSI/)
41 of 42Voice over IP: Security and Mobility
interaction while on the
uting andsible to have multiplelity to use force interaction, andvices which people will
ffects of correlation and1.
[email protected] March 3, 2004
• Why audio? Because users can utilize audiomove
• Why PDAs? Because they support both compcommunication in a small form-factor, it is poswireless interfaces, audio is good enough quaentertainment (MP3files, streaming audio, voiinteractive voice), and we can have enough deuse on the move to start to understand the ethe demands on the underlying infrastructure
1. HP grant “Applied Mobile Tech. Solutions in Learning Environments”
42 of 42Voice over IP: Security and Mobility
for:
): SIP and related
egulatory issues, M.Sc.skar_Bergquist-Report.pdf
Practical VoIP: Using
t Communications Using with Session Initiation
ary (VOCAL) system -
rg/ser/
[email protected] March 3, 2004
¿Questions?For details, references, … see my lectures notes
• 2G1325/2G5564 Practical Voice Over IP (VoIPprotocols http://www.imit.kth.se/courses/2G1325/
• Magnus Sjöstedt and Oskar Bergquist, VoIP rThesis, June 2003 ftp://ftp.it.kth.se/Reports/DEGREE-PROJECT-REPORTS/030627-Magnus_Sjostedt-and-O
Books
• Luan Dang, Cullen Jennings, and David Kelly,VOCAL, O’Reilly, 2002, ISBN 0-596-00078-2
• Henry Sinnreich and Alan B. Johnston, InterneSIP: Delivering VoIP and Multimedia ServicesProtocol, Wiley, 2001, ISBN: 0-471-41399-2.
Software
• Vovida Open Communication Application Librsource code available from vovida.org
• SIP Express Router (SER) - http://www.iptel.o• …