Voice Over IP Security and Secure Semantic Web

Dr. Bhavani Thuraisingham

The University of Texas at Dallas

November 15, 2005

Outline

PART I:

- Voice over IP (VoIP) Security PART II

- Secure Semantic Web for VoIP Applications

VoIP Security: Concepts

Overview of VoIP VoIP Security Issues Reference:

- NIST Report on VoIP Security

- Secure Voice Over IP: Developments and Directions Technical Report, The University of Texas at Dallas, To

appear Authors: Bhavani Thuraisingham, Ramya Ramamurthy and

Siddhartha Gandhi

VoIP: Overview

Voice over Internet Protocol (VoIP) technology in general refers to the set of software and hardware standards that enable “voice” to be transported, with the help of the Internet Protocol (IP).

Apart from IP, VoIP also uses Real-Time Protocol (RTP), to ensure that the packets are delivered in a timely fashion

It is the assembling of voice into IP data. This data can be transmitted over an IP network to an addressable destination.

This means sending voice information in digital form in discrete packets rather than in the traditional circuit-committed protocols of the public switched telephone network

VoIP: Overview - II

Advantages:

- It avoids the tolls charged by ordinary telephone service. VoIP phone bills are typically cheaper than traditional phone bills.

- VoIP includes greater flexibility Disadvantages

- VoIP should not be installed without careful consideration of security problem introduced.

- Sound quality and reliability are some other weak points of this technology; Although the quality service of VoIP is improving, it still cannot match that of PSTN.

- Initial setup cost - Although there are low cost and even no-cost ways to transmit voice over IP, a company serious about VoIP will have to invest heavily in one or more VoIP devices.

VoIP: Protocols

H323

- Audio CODECs; Video CODECs; H.225 RAS; H.225 call signaling; H.245 Call Signaling; H.245 Control Signaling; Real-time Transfer Protocols; Real-time Control Protocol (RTCP)

- Protocols for voice, video and data conferencing over packet switched networks such as Internet

Session Initiated protocols (SIP)

- SIP Components: User Agent and Network Server

- Standards for setting up sessions between clients MGCP Media Gateway Control protocol

- Eliminates complex processor intense IP Telephony devices

VoIP: Security

With VoIP the two main assets that need to be protected, are data and voice.

Unlike telephone lines, where the voice traffic is not always encrypted, except by certain security-sensitive organizations, the voice and data that are sent through VoIP needs to be encrypted always.

This is mainly because the voice and data go across the internet, where anyone can capture the packets meant for someone else.

Layers of defenses are needed to protect the voice calls because the dynamic nature of VoIP network parameters creates potential security vulnerabilities.

Some of the commonly used security measures on data networks include: firewalls, encryption, gateways

VoIP: Security - II

Appropriate network architecture has to be developed so as to keep the voice and data networks separate.

There should be access control and strong authentication at the voice gateway.

Introduction of the above also requires organizations to find a way to carry voice traffic through them.

This may sometimes bring performance problems. A way to reduce the performance problems upon introducing

firewalls, such as application-level gateways is to use Internet protocol security (IP sec) virtual private network at the router or gateway.

VoIP: Security - III

Need to assess, manage and mitigate risks that arise when VoIP is implemented.

Special considerations should be given to certain emergency services like 911; As VoIP is packet-switched, 911 automatic location services are not available with VoIP in some cases.

Organizations need to ensure that physical controls are in place to prevent access to VoIP network components.

Organizations should have sufficient backup power systems availability at the VoIP network switch and desktop.

VoIP systems incorporate an array of security features and protocols.

The WiFi Protected Access (WPA) security protocol should be deployed by organizations that intend allowing wireless access to their VoIP network.

VoIP: Security – Application Attacks By spoofing a user’s identity, a potential attacker can cause

an attack known as the Denial-of-Service in SIP-based VoIP networks.

- A denial-of-service attack can use up the entire resources by exhausting the IP addresses of the server in a VoIP network

Man-in-the-middle attacks are possible by an intruder thereby modifying the original communication between the calling and called party.

An attacker with the local access to the VoIP network may overhear the network traffic and interpret the voice conversations taking place between the two parties.

An attacker can masquerade as a valid user and use the VoIP network to make free long distance calls.

VoIP: Security – Denaila of Seervice (DoS) Attacks

A denial-of-service attack is basically an attack on any IP network that causes a loss of service to its users.

There are basically three types of this attack.

- Consumption of the computational resources, such as disk space, bandwidth etc

- Interference with the physical network components.

- Corruption of configuration information. The network can be attacked by flooding the network with

bogus packets, thereby not letting legitimate traffic to flow. If the DoS is conducted in a huge and complex network, the

entire network connectivity may have to be compromised by incorrectly configured network.

VoIP: Security – Solutions to Denial of Service (DoS) Attacks

Change the IP address of the end machine.

- This is possible only if there is a single target machine. The new address can be updated in the internal servers.

- This method is not quite possible, if the target involves many machines.

A firewall can stop a limited amount of DoS attacks.

- A firewall can filter out attacks aimed at exploits in the OS Filtering.

- There might a specific signature to the traffic; examination of these captured packets may reveal the possibility of an attack. Once its known that, an attack would have been possible, one might temporarily block all the traffic from that source.

- This might lead to blocking some of the “real” and legitimate packets. This is the major drawback of the filtering method.

VoIP: Security – Solutions to Denaila of Seervice (DoS) Attacks

Change the IP address of the end machine.

- This is possible only if there is a single target machine. The new address can be updated in the internal DNS servers.

- This method is not quite possible, if the target involves many machines.

A firewall can stop a limited amount of DoS attacks.

- A firewall can filter out attacks aimed at exploits in the OS Another technique is filtering.

- There might a specific signature to the traffic; examination of these captured packets may e reveal the possibility of an attack. Once its known that an attack would have been possible, one might temporarily block all the traffic from that source.

- This might lead to blocking some of the “real” and legitimate packets. This is the major drawback of the filtering method.

Security in SIP

Authentication and Authorization

- Authentication and Authorization is handled in SIP either on request-by-request basis or challenge/response pairs.

- SIP provides a standard challenge based authentication mechanism for authentication.

- Any time the proxy server or the user Agent receives a request it may challenge the client for its credentials.

- The client may provide its credentials to the proxy server before it receives the authentication required message from the proxy server but not after that.

- Framework of SIP authentication closely resembles that of HTTP.

Solutions for

- Tampering message bodies, Tearing down messages, Denial of service, Registration hijacking, Impersonating a server

Summary and Directions VoIP is the way for communicating voice Security is critical Both access control and malicious corruption including denial of

service threats have to be investigated SIP security is critical Security for VoIP and also SIP is in the initial stages Need to manage the Voice Information

Secure Semantic Web: Overview

According to Tim Berners Lee, The Semantic Web supports

- Machine readable and understandable web pages

- Enterprise application integration

- Nodes and links that essentially form a very large database

Premise:

Semantic Web Applications = Web Database Management + Web Services + Information Integration + Multimedia/Voice

SEMANTIC WEB must support VoIP and be SECURE

Layered Architecture for Dependable Semantic Web

0 Some Challenges: Security and Privacy cut across all layers; Integration of Services; Composability

XML, XML Schemas

Rules/Query

Logic, Proof and TrustSECURITY

OtherServicesRDF, Ontologies

TCP/IP/HTTP/SSL

PRIVACY

0Adapted from Tim Berners Lee’s description of the Semantic Web

What is XML all about?

XML is needed due to the limitations of HTML and complexities of SGML

It is an extensible markup language specified by the W3C (World Wide Web Consortium)

Designed to make the interchange of structured documents over the Internet easier

Key to XML is Document Type Definitions (DTDs)

- Defines the role of each element of text in a formal model Allows users to bring multiple files together to form

compound documents Need XML Extensions for Multimedia and Voice

- SMIL, VoiceML

Aspects of XML Security

Controlling access to XML documents

- Granularity of access: parts of documents, entire documents

Specifying policies and credentials in XML Third party publication of XML documents Encryption (www.w3c.org) How can we secure VoiceML?

Specifying User Credentials in XML

<Professor credID=“9” subID = “16: CIssuer = “2”><name> Alice Brown </name><university> University of X <university/><department> CS </department><research-group> Security </research-group>

</Professor>

<Secretary credID=“12” subID = “4: CIssuer = “2”><name> John James </name><university> University of X <university/><department> CS </department><level> Senior </level>

</Secretary>

Specifying Security Policies in XML

<? Xml VERSION = “1.0” ENCODING = “utf-8”?> <Policy–base>

<policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘CS’]//Node()” priv = “VIEW”/>

<policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘EE’] /Short-descr/Node() and //Patent [@Dept = ‘EE’]/authors” priv = “VIEW”/>

<policy-spec cred-expr = - - - -

<policy-spec cred-expr = - - --

</Policy-base>

Explantaion: CS professors are entitled to access all the patents of their department. They are entitled to see only the short descriptions and authors of patents of the EE department

Policies for VoiceML?

Access Control Strategy Subjects request access to XML documents under two modes:

Browsing and authoring

- With browsing access subject can read/navigate documents

- Authoring access is needed to modify, delete, append documents

Access control module checks the policy based and applies policy specs

Views of the document are created based on credentials and policy specs

In case of conflict, least access privilege rule is enforced Works for Push/Pull modes

System Architecture for Access Control

UserPull/Query Push/result

XML /VoiceML Documents

X-Access X-AdminAdmin Tools

Policybase

Credentialbase

Third-Party Architecture

Credential base

policy baseXML Source

User/Subject

Owner

Publisher

Query

Reply documen

t

SE-XML

credentials

The Owner is the producer of information It specifies access control policies

The Publisher is responsible for managing (a portion of) the Owner information and answering subject queries

Goal: Untrusted Publisher with respect to Authenticity and Completeness checking

RDF

Resource Description Framework is the essence of the semantic web

Adds semantics with the use of ontologies, XML syntax

- Separates syntax from semantics RDF Concepts

- Basic Model Resources, Properties and Statements

- Container Model Bag, Sequence and Alternative

RDF for Voice

RDF and Security

XML Security for the Syntax of RDF

- Access control, Third party publishing, Specifying g policies and credentials

Securing RDF Graphs

- UTD research (MS and PhD work in progress) Securing semantics

- Approach: Take semantic specifications in RDF and incorporate security

Security policies embedded into the semantics

Ontology

Common definitions for any entity, person or thing Several ontologies have been defined and available for use Defining common ontology for an entity is a challenge Mappings have to be developed for multiple ontologies Specific languages have been developed for ontologies including

RDF and OIL (Ontology Interface Language) DAML (Darpa Agent Markup Language) is an ontology and inference

language based on RDF DAMP + OIL; combines both languages Ontologies for Voice?

Security and Ontology

Ontologies used to specify security policies

- Example: Use DAML + OIL to specify security policies

- Choice between XML, RDF, Rules ML, DAML+OIL Security for Ontologies

- Access control on Ontologies Give access to certain parts of the Ontology

Rules ML, Inference and CWM

Rules ML is a Rules Markup Language for specifying rules Inferencing is about making deductions

- Deductions based on rules specified in Rules ML or DAML+OIL

- Based on denotational logic CWM: Closed World Machine

- Inference engine for the semantic web written as a Python program

Rules ML for Voice?

Security and Inferencing

Specify security policies in Rules ML Inferencing is part of the semantic web; deduced information could

be sensitive Extend CWM to handle the inference and privacy problem

- Extended Python program?

Rules Processing

User Interface Manager

ConstraintManager

Rules/ Constraints

Query Processor:

Constraints during query and release operations

Update Processor:

Constraints during update operation

XML Database Design Tool

Constraints during database design operation

XMLDatabase

XML DocumentManager

Rule-Processing (Concluded)

Policies

Ontologies

Rules

Semantic Web Engine

XML, RDF DocumentsWeb Pages, Databases

Inference Engine/Rules Processor

Interface to the Semantic WebTechnologyBy Project

Trust and Proof

Context

- Based on the context specify to what extent one trusts the statements

Digital signatures

- Verifies that one wrote a particular document Proof

- Using proof languages we prove whether or not a statement is true

- Proofs based on logical systems

Security, Trust and Proof

Extend trust management and Trust negotiation techniques for semantic web

Trust Services, Trust negotiation (TN)

- Applicability of KeyNote and Trust-X (U of Milan), TrustBuilder (UIUC)

Use proof to reason about security and trust

- Is the semantic web secure?

- Is the semantic web trustworthy?

- Are there security/trust violations?

Web Database Management Database access through the web

- JDBC and related technologies Query, indexing and transaction management

- E.g., New transaction models for E-commerce applications

- Index strategies for unstructured data Query languages and data models

- XML has become the standard document interchange language Managing XML databases on the web

- XML-QL, Extensions to XML, Query and Indexing strategies Managing multimedia and voice data

- Indexing and query strategies

Secure Web databases

Secure data models

- Secure XML, RDF, - - - -

- Relational, object-oriented, text, images, video, etc. Secure data management functions

- Secure query, transactions, storage, metadata Key components for secure digital libraries and

information retrieval/browsing Need to secure VoIP information management

techniques

Web Services

Web Services are about services on the web for carrying out many functions including directory management, source location, subscribe and publish, etc.

Web services description language (WSDL) exists for web services specification

Web services architectures have been developed Challenge now is to compose web services; how do you integrate

multiple web services and provide composed web service in a seamless fashion

Web Services must support Multimedia data, including Voice

Web service architecture

Service requestor

Service providers

UDDI

PublishQuery

Answer

Request the service

Secure Web Service Architecture

Confidentiality, Authenticity, IntegrityConfidentiality, Authenticity, Integrity

Service requestor

Service provider

UDDIQuery

BusinessEntity

BusinessService

BindingTemplate

<dsig:Signature>

BusinessService

tModel

PublisherAssertion

Vision for Dependable Semantic Web for VoIP

Core Semantic Web Technologies:

Systems, Networks, Multimedia, Agents, AI, Machine Learning, Data Mining, Languages, Software Engineering, Information Integration

Need research to bring together the above technologies

Directions:

Security/Trust/Privacy, Integrate sensor technologies, Pervasive computing, Social impact

Domain specific semantic webs:

DoD, Intelligence, Medical, Treasury,- - -