Scalable Peer-to-Peer Security for SIP Clients

von Andreas Steffen (Institute of Internet Technologies and Applications, Hochschule für Technik Rapperswil)

Dienstag, 02.05.2006, Raum 1A-2, 18:00-18:45 Uhr

The most efficient way to secure multimedia streams against eavesdropping attempts is by means of the Secure Real-time Transport Protocol (SRTP, RFC 3711). Silvan Geser and Christian Höhn, two former students from the University of Applied Sciences Rapperswil in Switzerland integrated SRTP support into the popular KPhone SIP client (http://www.wirlab.net/kphone) in June 2005 and made strong encryption and data integrity of the audio streams publicly available with the kphone-4.2 release. The first part of the talk will give an overview on the SRTP protocol and how it can integrated seamlessly into an existing VoIP client software.

In principle SRTP encryption could simply use preshared keys that would have to be configured manually by the peers participating in a VoIP phone call. Unfortunately this manual approach is prone to configuration errors and clearly does not scale well with an increasing number of communication partners. One means to automate the SRTP key setup process is the use of the Multimedia Internet Keying protocol (MIKEY, RFC 3830) that allows a real-time end-to-end key establishment between any two VoIP peers, thus making it impossible for an unauthorized third party to listen in to the conversation. With MIKEY the key exchange is either based on the well-known Diffie-Hellman algorithm or alternatively on RSA encryption whereas the mutual authentication of the peers employs digital RSA signatures. Since many users are frightened off by the complexity of setting up a full-blown Public Key Infrastructure (PKI), we propose the use of the DNS-based DomainKeys scheme initially deployed by Yahoo! to identify email senders, to distribute the public keys of the VoIP participants on a global scale. Using a single OpenSSL command each VoIP user can generate a personal RSA key pair and a simple copy-and-paste operation will create the required DNS TXT record containing the public key in the standardized DomainKeys format.

Thus by enabling the MIKEY mode in a VoIP phone, the public key of the peer will automatically be fetched via the Domain Name System during the call setup phase based on the SIP URI of the peer. No active user intervention will be required. The DomainKeys based peer authentication will also effectively thwart any SPAM-over-Internet-Telephony (SPIT) attacks that are expected to become a nuisance in the not too distant future.

In the second part of the talk we will explain how the existing libmikey library of the Minisip project was extended to support an RSA based key exchange and how it can be put to use in the KPhone client.

Über den Autor Andreas Steffen:

Andreas Steffen is currently professor for Security in Communications at the Rapperswil University of Applied Sciences in Switzerland where he is heading the Institute of Internet Technologies and Applications.

From 1998 to 2004 he was a professor at the Zurich University of Applied Sciences in Winterthur where he developed the popular X.509 patch for Linux FreeS/WAN in collaboration with his students. After the demise of the FreeS/WAN project in March 2004 he forked off the Linux strongSwan project which he is still actively maintaining.

Andreas Steffen received both his Master's degree in Electrical Engineering in 1982 and his Ph.D. in 1991 from the Swiss Federal Institute of Technology in Zurich (ETHZ). From 1982 until 1998 he was an R&D engineer with Siemens Switzerland where he worked in such diverse areas as RF circuit design for RADAR and medical Magnetic Resonance Imaging systems as well as Integrated Circuit design for broadband multiplexers. In his last position with Siemes he was head of the R&D department "Wireless Systems" where he was responsible for one of the first Wireless LAN products.

Andreas Steffen has a long-standing interest in computing and cryptology. He teaches and does active research and development in the area of network security. He was a speaker at the IPsec Global Summit 2002 in Paris and the DFN Arbeitstagungen für Kommunikationsnetze in 2003, 2004, and 2005 in Düsseldorf. At the LinuxTag 2005 he presented the advanced features of the strongSwan VPN software. He was an invited speaker at several VPN seminars organized by NetworkWorld, LANline and the German Telekom. Lately he's been giving talks on VoIP security. He has also published several articles in the popular c't computer magazine.