[asterisk-users] is encrypted iax safe and secure?
Hello, I'm doing some research concerning iax encryption, I haven't find any clients (softphones or hardphones) which implement so I have not tested it yet. There was also this message on asterisk-security mailing list http://archives.free.net.ph/message/20070507.101933.222987b2.en.html which got no answers and this makes me think that this iax encryption is not much interesting for the community. Anyway, in iax specification there is this statement: "Only the data portion of the messages are encoded." Which are the consequences of this, is it true as stated on http://www.voip-info.org/wiki/view/IAX+encryption that "The calling/called numbers are still passed in the clear over encrypted IAX, so you are still vulnerable to traffic analysis." ? If it's true how to deal with this? Would you consider media payload encryption enough? Maybe it's better to just forget about iax encryption and consider some more general approach like using openvpn http://www.voip-info.org/wiki/view/IAX_OpenVPN ? This half-encrypted iax encryption doesn't make much sense to me, therefore I think there's probably something I'm missing/misunderstanding. Best Regards, Claudio Internet Email Confidentiality Footer - La presente comunicazione, con le informazioni in essa contenute e ogni documento o file allegato, e' rivolta unicamente alla/e persona/e cui e' indirizzata ed alle altre da questa autorizzata/e a riceverla. Se non siete i destinatari/autorizzati siete avvisati che qualsiasi azione, copia, comunicazione, divulgazione o simili basate sul contenuto di tali informazioni e' vietata e potrebbe essere contro la legge (art. 616 C.P., D.Lgs n. 196/2003 Codice in materia di protezione dei dati personali). Se avete ricevuto questa comunicazione per errore, vi preghiamo di darne immediata notizia al mittente e di distruggere il messaggio originale e ogni file allegato senza farne copia alcuna o riprodurne in alcun modo il contenuto. This e-mail and its attachments are intended for the addressee(s) only and are confidential and/or may contain legally privileged information. If you have received this message by mistake or are not one of the addressees above, you may take no action based on it, and you may not copy or show it to anyone; please reply to this e-mail and point out the error which has occurred. - ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] is encrypted iax safe and secure?
On Tuesday 05 February 2008 09:22:29 Cavalera Claudio Luigi wrote: > Hello, > I'm doing some research concerning iax encryption, I haven't find any > clients (softphones or hardphones) which implement so I have not tested > it yet. > > There was also this message on asterisk-security mailing list > http://archives.free.net.ph/message/20070507.101933.222987b2.en.html > which got no answers and this makes me think that this iax encryption is > not much interesting for the community. > > Anyway, in iax specification there is this statement: > "Only the data portion of the messages are encoded." > > Which are the consequences of this, is it true as stated on > http://www.voip-info.org/wiki/view/IAX+encryption > that > "The calling/called numbers are still passed in the clear over encrypted > IAX, so you are still vulnerable to traffic analysis." > ? > > If it's true how to deal with this? > Would you consider media payload encryption enough? > Maybe it's better to just forget about iax encryption and consider some > more general approach like using openvpn > http://www.voip-info.org/wiki/view/IAX_OpenVPN ? > > This half-encrypted iax encryption doesn't make much sense to me, > therefore I think there's probably something I'm > missing/misunderstanding. Is it important for you to conceal that a call was made from abc to xyz on thus-and-such a date? Or do you merely need to conceal the content of a call? You can already do traffic analysis and figure out that a call occurred, just not what the endpoints are (even if you encrypted the entire link). The only way to get around that is to continuously send random garbage through the pipe at the same rate and consistency as would occur with a real IAX2 call. And the endpoints are only as specific as the systems on either end choose to make them. If you used some system of src/dst obfuscation, you could conceal even that information, though repeated calls to various destinations could still be paired and correlated. IAX2 encryption is designed to obscure the same information as is obscured when you encrypt a call over the PSTN -- the content is protected, but the existence of such a call is not. Remember that a potential attacker will always choose the weakest link, and will probably attack the audio stream at a different location, if she cannot listen to the IP stream directly (such as a true wiretap on an analog endpoint or breaking into one of the two machines involved in the encryption). The idea is to make the IAX2 link unattractive as a potential target of wiretapping (whereas before it would have been the most obvious choice), thus forcing the attacker to choose a different attack scenario. -- Tilghman ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] is encrypted iax safe and secure?
On 7 Feb 2008, at 00:36, Tilghman Lesher wrote: > On Tuesday 05 February 2008 09:22:29 Cavalera Claudio Luigi wrote: >> Hello, >> I'm doing some research concerning iax encryption, I haven't find any >> clients (softphones or hardphones) which implement so I have not >> tested >> it yet. >> >> There was also this message on asterisk-security mailing list >> http://archives.free.net.ph/message/20070507.101933.222987b2.en.html >> which got no answers and this makes me think that this iax >> encryption is >> not much interesting for the community. >> >> Anyway, in iax specification there is this statement: >> "Only the data portion of the messages are encoded." >> >> Which are the consequences of this, is it true as stated on >> http://www.voip-info.org/wiki/view/IAX+encryption >> that >> "The calling/called numbers are still passed in the clear over >> encrypted >> IAX, so you are still vulnerable to traffic analysis." >> ? >> >> If it's true how to deal with this? >> Would you consider media payload encryption enough? >> Maybe it's better to just forget about iax encryption and consider >> some >> more general approach like using openvpn >> http://www.voip-info.org/wiki/view/IAX_OpenVPN ? >> >> This half-encrypted iax encryption doesn't make much sense to me, >> therefore I think there's probably something I'm >> missing/misunderstanding. > > Is it important for you to conceal that a call was made from abc to > xyz on > thus-and-such a date? Or do you merely need to conceal the content > of a > call? You can already do traffic analysis and figure out that a call > occurred, just not what the endpoints are (even if you encrypted the > entire > link). The only way to get around that is to continuously send > random garbage > through the pipe at the same rate and consistency as would occur > with a real > IAX2 call. And the endpoints are only as specific as the systems on > either > end choose to make them. If you used some system of src/dst > obfuscation, you > could conceal even that information, though repeated calls to various > destinations could still be paired and correlated. > > IAX2 encryption is designed to obscure the same information as is > obscured > when you encrypt a call over the PSTN -- the content is protected, > but the > existence of such a call is not. Remember that a potential attacker > will > always choose the weakest link, and will probably attack the audio > stream > at a different location, if she cannot listen to the IP stream > directly (such > as a true wiretap on an analog endpoint or breaking into one of the > two > machines involved in the encryption). The idea is to make the IAX2 > link > unattractive as a potential target of wiretapping (whereas before it > would > have been the most obvious choice), thus forcing the attacker to > choose a > different attack scenario. > > -- > Tilghman > > Also if you _really_ care about concealing the dialed number you can do it just fine. The simplest way is to have a single exten that takes _all_ encrypted calls, then once the call is up, dial 'onwards' with DTMF, the DTMF frames would be encrypted. In fact IAX kinda supports this at the protocol level (although I don't know of a working implementation apart from the iAXy perhaps, but that doesn't do crypto...). The NEW frame doesn't _have_ to contain a dialed number, the digits can be sent later (I forget the frametype), but later means within the encrypted session :-) Tim. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] is encrypted iax safe and secure?
[EMAIL PROTECTED] wrote: > > Is it important for you to conceal that a call was made from > abc to xyz on > thus-and-such a date? Or do you merely need to conceal the > content of a > call? I was thinking about concealing called and calling number in a generic iax2 call, I hadn't even thinked about concealing the call itself. :-) Another not so related question, during iax2 registration is "username" Information Element always sent in clear? I guess it is in clear since the first REGREQ even in the case of RSA or MD5 based authentication. Thanks, Claudio Internet Email Confidentiality Footer - La presente comunicazione, con le informazioni in essa contenute e ogni documento o file allegato, e' rivolta unicamente alla/e persona/e cui e' indirizzata ed alle altre da questa autorizzata/e a riceverla. Se non siete i destinatari/autorizzati siete avvisati che qualsiasi azione, copia, comunicazione, divulgazione o simili basate sul contenuto di tali informazioni e' vietata e potrebbe essere contro la legge (art. 616 C.P., D.Lgs n. 196/2003 Codice in materia di protezione dei dati personali). Se avete ricevuto questa comunicazione per errore, vi preghiamo di darne immediata notizia al mittente e di distruggere il messaggio originale e ogni file allegato senza farne copia alcuna o riprodurne in alcun modo il contenuto. This e-mail and its attachments are intended for the addressee(s) only and are confidential and/or may contain legally privileged information. If you have received this message by mistake or are not one of the addressees above, you may take no action based on it, and you may not copy or show it to anyone; please reply to this e-mail and point out the error which has occurred. - ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] is encrypted iax safe and secure?
Tim Panton wrote: > The NEW frame doesn't _have_ to contain a dialed number, the digits > can be sent later > (I forget the frametype), but later means within the encrypted > session :-) It's the DIAL command that you are thinking of. I'm considering implementing this, but it has one major caveat: to really do the job right, we wouldn't want any caller information (CLID or CNAM) to be in the NEW message either, it would have to be added as IEs to the DIAL command. Unfortunately no existing implementations are going to be prepared to receive that information as part of DIAL, so they would process this sort of call with an empty CLID and CNAM. We can of course enhance chan_iax2 to understand this method of doing things, but it won't be backward compatible with previous versions of Asterisk or any other IAX2 clients. -- Kevin P. Fleming Director of Software Technologies Digium, Inc. - "The Genuine Asterisk Experience" (TM) ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] is encrypted iax safe and secure?
Of course *it would be nice if* the IAX2 authentication parameters were also encrypted, so that there was no danger of a 3rd party hijacking your connection and generating a bunch of extra charges. S. On Fri, Feb 15, 2008 at 11:31 AM, Kevin P. Fleming <[EMAIL PROTECTED]> wrote: > Tim Panton wrote: > > > The NEW frame doesn't _have_ to contain a dialed number, the digits > > can be sent later > > (I forget the frametype), but later means within the encrypted > > session :-) > > It's the DIAL command that you are thinking of. I'm considering > implementing this, but it has one major caveat: to really do the job > right, we wouldn't want any caller information (CLID or CNAM) to be in > the NEW message either, it would have to be added as IEs to the DIAL > command. Unfortunately no existing implementations are going to be > prepared to receive that information as part of DIAL, so they would > process this sort of call with an empty CLID and CNAM. We can of course > enhance chan_iax2 to understand this method of doing things, but it > won't be backward compatible with previous versions of Asterisk or any > other IAX2 clients. > > -- > Kevin P. Fleming > Director of Software Technologies > Digium, Inc. - "The Genuine Asterisk Experience" (TM) > > ___ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] is encrypted iax safe and secure?
Steve Johnson wrote: > Of course *it would be nice if* the IAX2 authentication parameters > were also encrypted, so that there was no danger of a 3rd party > hijacking your connection and generating a bunch of extra charges. Can you elaborate? I don't see any way that a connection can be 'hijacked' as you put it. -- Kevin P. Fleming Director of Software Technologies Digium, Inc. - "The Genuine Asterisk Experience" (TM) ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] is encrypted iax safe and secure?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Kevin P. Fleming > Sent: Monday, February 18, 2008 4:13 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [asterisk-users] is encrypted iax safe and secure? > > Steve Johnson wrote: > > Of course *it would be nice if* the IAX2 authentication parameters > > were also encrypted, so that there was no danger of a 3rd party > > hijacking your connection and generating a bunch of extra charges. > > Can you elaborate? I don't see any way that a connection can be > 'hijacked' as you put it. >From what I've understood, Asterisk and iax2 already implement (optional) secure authorization based upon MD5 challenge. >From a iax2 client perspective just username (and not password) passes in clear over network, therefore wiretapping the connection is not enough to steal iax2 credentials. Media traffic will be encrypted when someone will implement it on client side, however even then, Called and Callee will be in clear. Best Regards, Claudio Internet Email Confidentiality Footer - La presente comunicazione, con le informazioni in essa contenute e ogni documento o file allegato, e' rivolta unicamente alla/e persona/e cui e' indirizzata ed alle altre da questa autorizzata/e a riceverla. Se non siete i destinatari/autorizzati siete avvisati che qualsiasi azione, copia, comunicazione, divulgazione o simili basate sul contenuto di tali informazioni e' vietata e potrebbe essere contro la legge (art. 616 C.P., D.Lgs n. 196/2003 Codice in materia di protezione dei dati personali). Se avete ricevuto questa comunicazione per errore, vi preghiamo di darne immediata notizia al mittente e di distruggere il messaggio originale e ogni file allegato senza farne copia alcuna o riprodurne in alcun modo il contenuto. This e-mail and its attachments are intended for the addressee(s) only and are confidential and/or may contain legally privileged information. If you have received this message by mistake or are not one of the addressees above, you may take no action based on it, and you may not copy or show it to anyone; please reply to this e-mail and point out the error which has occurred. - ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
