Example Service Provider Architecture SIP Endpoints Soft Phones, VoIP Phones, Attached Terminal Adaptors (ATA) SoftSwitch Signaling Gateway Media Gateway Media Gateway Controller Session Border Controller (SBC) Registration & Location Servers Supporting Servers Authentication, Authorization, and Accounting (AAA) servers Call Data Record (CDR) servers Domain Name Service (DNS) servers Network File Server (NFS)
Threats Confidentiality Eavesdropping (including traffic analysis) Interception of Signaling or Media Stream Integrity Modification of Signaling (Rerouting/Masquerading) Modification of Media Stream (Impersonation) Fraud (cannot trust Caller ID) Integrity of stored data and systems Availability Service disruption (amplification attacks DoS/DDoS) Denial of Service against Signaling or Media Stream Spam Over Internet Telephony (SPIT) Unauthorized access (compromise systems with intentions to attack other systems or exploit vulnerabilities to commit fraud and eavesdropping).
End-to-End View Source: ITU Y.2701 (Security Requirements for NGN)
Operations Network Interfaces
Attempts to Bypass Filtering
Application³ Interface Security OSA/Parlay Interface OSA/Parlay Framework Service Control Features OSA/Parlay Application A OSA/Parlay Application A OSA/Parlay Gateway - Service Capability Server OSA/Parlay APIs Enterprise/Third Party Providers IMS Third Party Access OSA/Parlay Application A IMS Core Components IMS Network * Application³ means Third Party Application
Logical Segmentation Challenges Logical segmentation of the management/signaling/user layer between locations: Secure logical separation of domestic and international VoIP/NGN components An intruder from a foreign location could attack key domestic network elements because there may be insufficient barriers between domestic and international domains.
Internal Security Boundaries Needed?
An End-to-End View of Potential Security Vulnerabilities
Other Challenges in Security End-to-End Security Management Scaling across network domains, national and international domains (e.g., countries/continents) Hop-by-hop or end-to-end Identity Management Identity across network domains, national and international domains (e.g., countries/continents) Associated with a location Private/public identities, role and context based identifiers
Evolving Trust Model Source: ITU Y.2701
NNI Trust Model Source: ITU:Y.2701
Market Perspective Hows security in VoIP/NGN products today? Poor to average Security controls are not mature Not well implemented in deployments Implementations inherit traditional vulnerabilities (e.g. Buffer Overflows) Security performance and reliability are critical elements and need to be improved Security features to enforce stronger security posture (protocol, user and boundaries) are not uniformly implemented Baseline security requirements for product vendors are many times vague Signaling and media security are not fully recognized by the market Integration of security functionality still evolving Organizational issues are not fully identified and addressed