Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003...
-
date post
22-Dec-2015 -
Category
Documents
-
view
213 -
download
0
Transcript of Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003...
Secure Telephony Enabled Secure Telephony Enabled Middle-box (STEM)Middle-box (STEM)
Maggie NguyenMaggie Nguyen
Dr. Mark StampDr. Mark StampSJSU - CS 265SJSU - CS 265
Spring 2003Spring 2003
STEM is proposed as a solution to network vulnerabilities,
targeting the transmitting of real-time data over enterprise networks.
TopicsTopics
IP Telephony Overview IP Telephony Components IP Telephony Protocols How SIP Works
STEM Architecture Architecture Components Call Scenarios
STEM Security Countermeasures DoS Attack Eavesdropping
IP Telephony ComponentsIP Telephony Components1. Gateways2. Gatekeepers3. IP Telephones4. PC-based Software
Phones5. MCUs
IP Telephony ProtocolsIP Telephony Protocols
Internet Engineering Task Force (IETF): Signaling: Session Initiation Protocol (SIP) Transport: Real Time Protocol (RTP) Media Description: Session Description Protocol (SDP)
International Telecommunications Union (ITU): Signaling: H.323 Codecs: G.711 (PCM), G.729, … ISDN: Q.931
STEM architecture is currently using the network required for SIP STEM architecture is currently using the network required for SIP deployment.deployment.
How SIP WorksHow SIP Works – SIP Call Setup– SIP Call Setup
SIP IP Phone
SIP IP Phone
Location Service
SIP Proxy
SIP Proxy
DNS Server
Media Transport
1
2
3
4
5
6
A request is sent (SIP INVITE) to ESTABLISH a
session
DNS Query for the IP Address of the SIP Proxy of the Destination
Domain The INVITE is forwarded
The Location Service is being queries to check that
the destination SIP URI represents a valid registered device, and requests for its
IP Address
The request is forwarded to the End-Device
Destination device returns its IP Address to the
originating device and a media connection is opened
How SIP WorksHow SIP Works – SIP Call Sequence– SIP Call Sequence
SIP IP Phone
SIP IP Phone
DNS Server
SIP Proxy
SIP Proxy
Location Service
SIP IN
VITE
DNS Query for the IP Address of the SIP Proxy of the Destination
Domain
FW: SIP INVITE
100 Try
ing
100 Trying
The Location Service is being queries to check that
the destination SIP URI represents a valid registered device, and requests for its
IP Address
FW: SIP INVITE
180 Ringing
180 Ringing
180
Ringin
g
200 OK
200 OK
200 OK
ACK
ACKACK
Both Way RTP Media
BYE
200 OK
STEM Architecture ComponentsSTEM Architecture Components
Security Manager (SM) Enhanced Firewall Media / Signaling Gateway (M/S Gateway) User Terminals
STEM Enhanced FirewallSTEM Enhanced Firewall
Pattern Matcher Protocol Parser Flow Monitor Application Gateway External Interface
STEM Security CountermeasuresSTEM Security Countermeasures
Denial of Service TCP SYN Floods detected by Flow Monitor. SIP INVITE Floods detected by Protocol Parser. Malicious RTP Streams detected by Flow Monitor. M/S Gateway Voice Port saturation.
Eavesdropping Control Flow: STEM uses secured communication
protocols among SM, firewall, M/S gateways. Data Flow: STEM replies on application protocols
(SIP or H.323) to implement payload encryption.
ReferencesReferences
International Engineering Consortium. H.323.http://www.iec.org/online/tutorials/h323/
Reynolds, B. Challenges Challenges and Rewards in Enterprise Deployments of IP Telephony Presentation. http://networks.cs.ucdavis.edu/~ghosal/Research/Talks/IP-Tel-Netlab%20talK%20-%20rev%202.ppt
Reynolds, B. Deploying IP Telephony in an Enterprise and the Vulnerabilities that Come With It Presentation. http://seclab.cs.ucdavis.edu/secsem2/ReynoldsSeminar.ppt
Reynolds, B. and D. Ghosal. STEM: Secure Telephony Enabled Middlebox. IEEE Communications Magazine Special Issue on Security in Telecommunication Networks. October 2002http://www.off-pisteconsulting.com/research/pubs/ieee_comm.pdf