Internet Telephony has become extremely popular. Unfortunately many users are either not aware of the fact or simply do not care enough that their calls are transported over the Internet without any protection against eavesdropping and abuse. In a first part the talk will show in a practical demonstration the vulnerable nature of Internet phone calls. The network analyzer "Ethereal" can be used to register a call setup based on the IETF Session Initiation Protocol (SIP), record both sides of the ensuing conversation and store the session stream as an audio file that can then be reproduced on any multimedia player. In a second part we will present the easy-to-use security mechanisms developed in 2005 by Silvan Geser and Christian Höhn from the University of Applied Sciences Rapperswil in Switzerland for the popular Kphone VoIP client (http://www.wirlab.net/kphone). The two diploma students first brought strong encryption and authentication of the multimedia streams to the kphone-4.2 release by integrating the Secure Real-time Transport Protocol (SRTP, RFC 3711) available as a library from http://srtp.sourceforge.net/srtp.htm and by adding a new KPhone SRTP configuration option that allowed the definition of a secret session key. Since pre-shared secrets do no scale well, the students then implemented the powerful Multimedia Internet Keying protocol (MIKEY, RFC 3830) that allows a real-time end-to-end key establishment between any two VoIP peers, thus making it impossible for an unauthorized third party to listen in to the conversation. The key exchange and the mutual authentication of the clients is based on the well-known RSA public key algorithm. Since many users are frightened by the complexity of setting up a full-blown Public Key Infrastructure (PKI), the DNS-based DomainKeys scheme initially proposed by Yahoo! to identify email senders is used to distribute the public keys of the VoIP participants on a global scale. Using a single OpenSSL command each Kphone user can generate a personal RSA key pair and a simple copy-and-paste operation will create the required DNS TXT record containing the public key in the standardized DomainKeys format. By enabling the MIKEY feature in Kphone, the public key of the peer will automatically be fetched via the Domain Name System during the call setup phase based on the SIP URI of the peer. No active user intervention will be required. The DomainKeys based peer authentication will also effectively thwart any SPAM-over-Internet-Telephony (SPIT) attacks that are expected to become a nuisance in the not too distant future.
Über den Autor Andreas Steffen: Andreas Steffen is currently professor for Security in Communications at the Rapperswil University of Applied Sciences in Switzerland where he is heading the Institute of Internet Technologies and Applications. From 1998 to 2004 he was a professor at the Zurich University of Applied Sciences in Winterthur where he developed the popular X.509 patch for Linux FreeS/WAN in collaboration with his students. After the demise of the FreeS/WAN project in March 2004 he forked off the Linux strongSwan project which he is still actively maintaining. Andreas Steffen received both his Master's degree in Electrical Engineering in 1982 and his Ph.D. in 1991 from the Swiss Federal Institute of Technology in Zurich (ETHZ). From 1982 until 1998 he was an R&D engineer with Siemens Switzerland where he worked in such diverse areas as RF circuit design for RADAR and medical Magnetic Resonance Imaging systems as well as Integrated Circuit design for broadband multiplexers. In his last position with Siemes he was head of the R&D department "Wireless Systems" where he was responsible for one of the first Wireless LAN products. Andreas Steffen has a long-standing interest in computing and cryptology. He teaches and does active research and development in the area of network security. He was a speaker at the IPsec Global Summit 2002 in Paris and the DFN Arbeitstagungen für Kommunikationsnetze in 2003, 2004, and 2005 in Düsseldorf. At the LinuxTag 2005 he presented the advanced features of the strongSwan VPN software. He was an invited speaker at several VPN seminars organized by NetworkWorld, LANline and the German Telekom. Lately he's been giving talks on VoIP security. He has also published several articles in the popular c't computer magazine.