What about security?
 

I'd like to touch on a very sensitive subject, security.

Or lack thereof. I believe the majority of end-customers are unaware of the fact their conversations are COMPLETELY unsecured!

I was rearranging my network topology at home and decided to execute some security tests. The results are worrisome. Utilizing the Man In The Middle attack I was able to record every and each of my conversations, including the md5 hashed password, for authentication with the SIP server.

In essence, this means, everyone, from our neighbor, our ISP and all the way to the SIP server, people can eavesdrop on our conversations with ease. It also means people with weak passwords are subject to account hijacking, because the md5 hash also travels without any encryption.

The thought of our conversations being eavesdropped virtually by anyone from our computers to the Voxalot SIP servers is quite unsettling.

This is only a brief overview of a huge problem. I don't want to get into details.

Can Voxalot offer some sort of remedy?

SIP over Transport Layer Security (TLS)
 

I am not sure how difficult it would be to enable SIP over Transport Layer Security (TLS) between our SIP devices and the Voxalot server, but that would be a good start... though I don't think that encrypts your calls, just the server info and passwords you are sending in SIP packets.

Unfortunately very few devices and softphones (the SPA942/SPA962 and Eyebeam, anything else?) even include the functionality to encrypt SIP messages with TLS.

Secure Real-Time Transport Protocol (SRTP) is commonly supported in theory in Sipura/Linksys devices but the only way to get a certificate is at the dying Voxilla website, and even then it only works for Sipura ATAs, and not for IP phones. And to work requires both parties be using SIP devices with SRTP installed and call security enabled.

You know, the more I think of it, the more it seems like the government designed the "security" system of SIP telephones. There seems no reason why it couldn't be more secure. Just that not enough people are asking for it or willing to pay for it.

Security should be more discussed!
 

It's very strange -- I feel the same way -- not enough discussion.

Does anyone know if voxalot supports SIPS (SIP+TLS+SDES) ? This would be a good start as at least two SIPS devicies could register and then setup an SRTP session. It would also be good to support openvpn as part of the premium plan.

People say security is difficult -- I don't buy that. There are 4 common ways to implement security: openvpn (callwithus and fonosip will do this), ipsec, zrtp (supported by zphone, twinkle, some expensive draytek devicies, and some proxies), and SIPS+SRTP (which almost every new hard phone can do).

Other thing I would say -- the huge issue is secure PSTN termination. You can with effort secure voip-voip calls today using zrtp -- but I've not been able to find anyone that will do secure PSTN termination for residential users.

What have others found about this issue? Anyone know of a secure PSTN termination that is SIP based?

Rob

Not sure how your neighbor is eavesdropping unless you have an unsecure wireless connect. Theoretically an ISP could eavesdrop on the RTP stream. However, it would seem highly unlikely.

If you read up on the SIP protocol you will see that SIP authentication uses a nonce to encrypt the password.

Even if a man in the middle attacker was to capture the auth token they would not be able to simply replay it as the SIP server would require a new encrypted auth token matching a newly issued nonce.

martin, I only gave an example of how eavesdropping may take place. Truth be told, it depends on which corner of world you live, as well as your network infrastructure and circumstances.

Fact is, there are a lot of people sharing internet connection (between neighbors for ex.), there are ISPs still using switched networks, many offices/buildings are using switched networks, colleges, dorms..etc. situations where your infrastructure is subject to either MITM or ARP attacks subsequently hijacking sensitive information. As far as wireless networks go, I'm sure you're aware of the large number unsecured wifi spots both at residential and business establishments. Not to mention people who still think WEP is 'secure' option for their networks. I won't omit an ISP either, I don't trust them and why should I?

Just because you believe an eavesdrop is 'unlikely', doesn't mean it's out of the question. If that was the case, banks and security organizations wouldn't go trough the trouble of creating expensive encryption software/hardware to protect sensitive information. Are you willing to do your online banking without SSL, certificate or any other encryption, trusting your ISP or any other corresponding network won't tap in on your bank accounts? I know I wouldn't!

As for the SIP hashes, to my understanding they are md5-like and more importantly they are subject to dictionary and bruteforce attacks. I found a number of tools for that.

Bottom line is, I suppose I can live with a strong non-dictionary based password travel trough the net, but a completely unsecured rtp media stream is one thing I cannot abide or allow and perhaps daily, casual conversations aren't a big deal, but business VoIP is. I can't imagine talking to my bank or my accountant or confidants knowing someone might be listening.

Unless people are willing to leave their privacy to chance, security amendments must implemented. (IMHO)

Security Issues
 

As far as I know SIP Digest authentication only protects the sip provider and the account at the sip provider -- it does not really protect the user.

* I have no way to know if the server I'm talking to is really the one I think it is. This is what TLS is for and for the key exchange to setup SRTP.

* As stated above -- just TLS does not guarantee security -- but it does allow one to use SDES (if your server allows it) to setup SRTP voip to voip.

I'm not saying TLS is the solution for voxalot -- I'm not certain. Really viop-to-voip security may be better served by zrtp, and in terms of voxalot to get pstn termination security that must be implemented on the termination side -- which I've not been able to find. TLS would however help people wanting to do sip to sip connections between voip phones. OpenVPN seems intresting also but it means a lot of bandwith on the voxalot end.

The other thing I would say -- people make a lot of comments about voip being more secure than your pstn phone -- and if your using DSL and only looking at a connection between your home and your ISP -- I can believe that. However, this is not the real security concern:

* What happens at the 30-40 other nodes and routers your call will go though before it is terminated either into PSTN or into another voip device -- and the dozen compaines, and the 100 people that have access to it along the way? Then of course there is the 1000 crackers that will try to break into those 40 nodes or otherwise route traffic.

* What happens when your traveling and in a hostile environment like a hotel or hotspot network? Is the traffic secure and the DNS reliable there?

I don't mean to be alarmist -- but I do think these are all issues -- and that they are all good reasons not to trust some voip setups for business and financial uses. This makes me sad -- but I think it's the situation.

The other sad thing is that there is at least one major internet phone company that already uses encryption. It's sad because I don't care to support, recommend or use the closed Sk* protocol and software. I just wish SIP people would take some action regarding security.

Rob