Secure Telephony Enabled Middlebox STEM STEM is proposed
Secure Telephony Enabled Middle-box (STEM) STEM is proposed as a solution to network vulnerabilities, targeting the transmitting of real-time data over enterprise networks. Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003
Topics l IP Telephony Overview l l STEM Architecture l l l IP Telephony Components IP Telephony Protocols How SIP Works Architecture Components Call Scenarios STEM Security Countermeasures l l Do. S Attack Eavesdropping
IP Telephony Components 1. 2. 3. 4. 5. Gateways Gatekeepers IP Telephones PC-based Software Phones MCUs
IP Telephony Protocols l Internet Engineering Task Force (IETF): l Signaling: Session Initiation Protocol (SIP) l l l Transport: Real Time Protocol (RTP) Media Description: Session Description Protocol (SDP) International Telecommunications Union (ITU): l Signaling: H. 323 l l Codecs: G. 711 (PCM), G. 729, … ISDN: Q. 931 STEM architecture is currently using the network required for SIP deployment.
How SIP Works – SIP Call Setup DNS Server DNS Query for the IP Address of the SIP Proxy of the Destination Domain 2 The INVITE is forwarded The Location Service is being queries to check that the destination SIP URI represents a valid registered device, and requests for its IP Address Location Service 4 3 A request is sent (SIP INVITE) to ESTABLISH a session 1 SIP Proxy 5 The request is forwarded to the End-Device SIP Proxy SIP IP Phone 6 sip: bob@cs. sjsu. edu Media Transport SIP IP Phone sip: alice@alanta. com Destination device returns its IP Address to the originating device and a media connection is opened
How SIP Works – SIP Call Sequence The Location Service is being queries to check that the destination SIP URI represents a valid registered device, and requests for its IP Address Location Service DNS Server DNS Query for the IP Address of the SIP Proxy of the Destination Domain VITE FW: SIP IN 100 Trying 180 Ring 200 OK E IT V SIP Proxy IN ing g y P Tr gin SI 0 in 10 R K 0 O K 8 0 1 20 AC ACK Both Way SIP IP Phone sip: alice@alanta. com RTP Media BYE 200 OK SIP Proxy FW : S IP 18 IN 0 R VI 20 i T n 0 g i AC OK ng E K SIP IP Phone sip: bob@cs. sjsu. edu
STEM Architecture Components l l Security Manager (SM) Enhanced Firewall Media / Signaling Gateway (M/S Gateway) User Terminals
STEM Enhanced Firewall l l Pattern Matcher Protocol Parser Flow Monitor Application Gateway External Interface
Call Scenarios – Net-to-Net
Call Scenarios – Net-to-Phone
STEM Security Countermeasures l Denial of Service l l l TCP SYN Floods detected by Flow Monitor. SIP INVITE Floods detected by Protocol Parser. Malicious RTP Streams detected by Flow Monitor. M/S Gateway Voice Port saturation. Eavesdropping l l Control Flow: STEM uses secured communication protocols among SM, firewall, M/S gateways. Data Flow: STEM replies on application protocols (SIP or H. 323) to implement payload encryption.
References l International Engineering Consortium. H. 323. http: //www. iec. org/online/tutorials/h 323/ l Reynolds, B. Challenges and Rewards in Enterprise Deployments of IP Telephony Presentation. http: //networks. cs. ucdavis. edu/~ghosal/Research/Talks/IP-Tel. Netlab%20 tal. K%20 -%20 rev%202. ppt l Reynolds, B. Deploying IP Telephony in an Enterprise and the Vulnerabilities that Come With It Presentation. http: //seclab. cs. ucdavis. edu/secsem 2/Reynolds. Seminar. ppt l Reynolds, B. and D. Ghosal. STEM: Secure Telephony Enabled Middlebox. IEEE Communications Magazine Special Issue on Security in Telecommunication Networks. October 2002 http: //www. off-pisteconsulting. com/research/pubs/ieee_comm. pdf
- Slides: 12