Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director CQR Conference

Outline Threats Vulnerabilities Architecture Boundaries Insider External Application Logical Domains Other Challenges Market Perspective

Example Service Provider Architecture SIP Endpoints Soft Phones, VoIP Phones, Attached Terminal Adaptors (ATA) SoftSwitch Signaling Gateway Media Gateway Media Gateway Controller Session Border Controller (SBC) Registration & Location Servers Supporting Servers Authentication, Authorization, and Accounting (AAA) servers Call Data Record (CDR) servers Domain Name Service (DNS) servers Network File Server (NFS)

Threats Confidentiality Eavesdropping (including traffic analysis) Interception of Signaling or Media Stream Integrity Modification of Signaling (Rerouting/Masquerading) Modification of Media Stream (Impersonation) Fraud (cannot trust Caller ID) Integrity of stored data and systems Availability Service disruption (amplification attacks DoS/DDoS) Denial of Service against Signaling or Media Stream Spam Over Internet Telephony (SPIT) Unauthorized access (compromise systems with intentions to attack other systems or exploit vulnerabilities to commit fraud and eavesdropping).

Types of Vulnerabilities Applications: Buffer overflows, format-string exploits, scripts, password exploits, overload (DoS, DDoS) Protocols: Session tear-down, impersonation, session hijacking, SIP>SS7 boundary messages tampering, malformed messages, overload (DoS, DDoS) Supporting Services Address resolution and directory services (DNS, LDAP, ENUM), (SMTP), supporting databases (SQL), SNMP, STUN used for NAT traversal OS and Networking: Buffer overflows, format-string exploits, scripts, password exploits, overload (DoS, DDoS), ARP cache poisoning

End-to-End View Source: ITU Y.2701 (Security Requirements for NGN)

Insider Perspective

Operations Network Interfaces

External Perspective

Attempts to Bypass Filtering

Application³ Interface Security OSA/Parlay Interface OSA/Parlay Framework Service Control Features OSA/Parlay Application A OSA/Parlay Application A OSA/Parlay Gateway - Service Capability Server OSA/Parlay APIs Enterprise/Third Party Providers IMS Third Party Access OSA/Parlay Application A IMS Core Components IMS Network * Application³ means Third Party Application

Logical Segmentation Challenges Logical segmentation of the management/signaling/user layer between locations: Secure logical separation of domestic and international VoIP/NGN components An intruder from a foreign location could attack key domestic network elements because there may be insufficient barriers between domestic and international domains.

Internal Security Boundaries Needed?

An End-to-End View of Potential Security Vulnerabilities

Other Challenges in Security End-to-End Security Management Scaling across network domains, national and international domains (e.g., countries/continents) Hop-by-hop or end-to-end Identity Management Identity across network domains, national and international domains (e.g., countries/continents) Associated with a location Private/public identities, role and context based identifiers

Evolving Trust Model Source: ITU Y.2701

NNI Trust Model Source: ITU:Y.2701

Market Perspective Hows security in VoIP/NGN products today? Poor to average Security controls are not mature Not well implemented in deployments Implementations inherit traditional vulnerabilities (e.g. Buffer Overflows) Security performance and reliability are critical elements and need to be improved Security features to enforce stronger security posture (protocol, user and boundaries) are not uniformly implemented Baseline security requirements for product vendors are many times vague Signaling and media security are not fully recognized by the market Integration of security functionality still evolving Organizational issues are not fully identified and addressed