SlideShare a Scribd company logo

Realtime communication security - SIP, XMPP and others

Olle E Johansson, profile picture
Olle E Johansson

The document discusses the security challenges of real-time communication, highlighting issues such as identity, confidentiality, integrity, and authorization. It addresses the lack of implementation and awareness regarding security in telecom systems, emphasizing the need for secure sessions. The author questions the general apathy towards real-time security and encourages a discussion on what constitutes a secure session.

TechnologyNews & Politics
1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
REALTIME COMMUNICATION SECURITY Olle E. Johansson * oej@edvina.net * Twitter oej Copyright Edvina AB, Sollentuna, Sweden 2011. All rights reserved.
From this...
to this
Talk Video Chat Application sharing 3D holographic 7.1 conferences
COMMUNICATION BETWEEN TWO OR MORE PEOPLE
OUT OF SCOPE TODAY. Tommy the system intruder Christina the network sniffer Adrian the BOT network manager
IN SCOPE You Me
WHAT IS THE PROBLEM? The usual security issues...
WHO’S TALKING? You Me Identity
WHO IS LISTENING? You Me 3rd party Confidentiality
DID YOU REALLY WRITE THAT? You Me Integrity
YOU CAN’T DO THAT. You Me Authorization
WHO AM I? IP Phone Pad Softphone Set-top-box Chat client Laptop Me Car Cell phone
THE SIP WORLD DATACOM TELECOM
NETWORK SECURITY You Me Our problem
TELECOM SECURITY MODEL You Me In the telco we trust.
END2END OR THROUGH PROXY SERVER? Do you want someone else to handle your keys? You Me Do you want to set up a secure session between you and me? If so, how?
THIS APPLIES TO MANY PROTOCOLS SIP RTCWEB XMPP ?
SIP SECURITY TLS DTLS/SRTP SIGNALLING MEDIA S/MIME SIP IDENTITY INTEGRITY HTTP DIGEST MSRP/TLS AUTH CHAT
ASTERISK 1.8 TLS ACLs SRTP SDES TLS very, very experimental
KAMAILIO SIP SERVER 3.1 TLS ACLs DOS prevention TLS very, very good!
WHAT’S THE ISSUE WITH REAL TIME SECURITY? No one asks for it. Therefore no one implements it. Which means lack of experience.
WHAT I DO NOT UNDERSTAND. Why does nobody care, really?
FINAL QUESTION: What’s a secure session for you?
H E L P. THANK YOU.

More Related Content

DOC
Script
Josh Sheil
 
DOCX
Script
KittyT
 
PPTX
If you are being cyber bullied powerpoint
lsammut
 
PDF
Cloud Computing for Legal Professionals Handout
Rocket Matter, LLC
 
PDF
Kamailio on air
Olle E Johansson
 
PPT
The Realtime Cloud - unified or isolated islands on the net?
Olle E Johansson
 
PPT
Astricon 2010: Scaling Asterisk installations
Olle E Johansson
 
PDF
Security and Real-time Communications – a maze of twisty little passages, tha...
Alan Quayle
 
Script
Josh Sheil
 
Script
KittyT
 
If you are being cyber bullied powerpoint
lsammut
 
Cloud Computing for Legal Professionals Handout
Rocket Matter, LLC
 
Kamailio on air
Olle E Johansson
 
The Realtime Cloud - unified or isolated islands on the net?
Olle E Johansson
 
Astricon 2010: Scaling Asterisk installations
Olle E Johansson
 
Security and Real-time Communications – a maze of twisty little passages, tha...
Alan Quayle
 

Similar to Realtime communication security - SIP, XMPP and others (20)

ODP
Communication Privacy for Free Societies at Harvard
David Sugar
 
PDF
End end-security
Patatino Melis
 
PDF
Morecrypto in the world of SIP - the Session Initiation Protocol
Olle E Johansson
 
PDF
Security Issues In Voip
Waqas Daar
 
KEY
The secret of TCP/IP and how it affects your PBX
Olle E Johansson
 
PDF
Network Security CS2
Infinity Tech Solutions
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PPT
Cellcrypt Mobile for iPhone
Cellcrypt
 
PDF
Securing Voice Communication
Luca Pradovera
 
PPS
Secur Digital Presentation 22jul10 Frm Show
fmitchell
 
PDF
Secure Communication
Koen Van Impe
 
PPT
Voice Over IP Overview w/Secuirty
Christopher Duffy
 
PPTX
Chapter6
somey_oung
 
PDF
VoIP security
Mile Blenton
 
PDF
CNS ppt.pdf
ChaitanyaK65
 
PDF
Secuvoice SNS - Christoff Erdman
Fox-IT
 
PPT
Voippresentation
eliran2
 
PDF
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Encryption
 
PPT
ch22.ppt
ImXaib
 
PPTX
Computer Seminar.pptx
MelvinShaji12
 
Communication Privacy for Free Societies at Harvard
David Sugar
 
End end-security
Patatino Melis
 
Morecrypto in the world of SIP - the Session Initiation Protocol
Olle E Johansson
 
Security Issues In Voip
Waqas Daar
 
The secret of TCP/IP and how it affects your PBX
Olle E Johansson
 
Network Security CS2
Infinity Tech Solutions
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Cellcrypt Mobile for iPhone
Cellcrypt
 
Securing Voice Communication
Luca Pradovera
 
Secur Digital Presentation 22jul10 Frm Show
fmitchell
 
Secure Communication
Koen Van Impe
 
Voice Over IP Overview w/Secuirty
Christopher Duffy
 
Chapter6
somey_oung
 
VoIP security
Mile Blenton
 
CNS ppt.pdf
ChaitanyaK65
 
Secuvoice SNS - Christoff Erdman
Fox-IT
 
Voippresentation
eliran2
 
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Encryption
 
ch22.ppt
ImXaib
 
Computer Seminar.pptx
MelvinShaji12
 
Ad

More from Olle E Johansson (20)

PDF
Cybernode.se: Securing the software supply chain (CRA)
Olle E Johansson
 
PDF
CRA - overview of vulnerability handling
Olle E Johansson
 
PDF
Introduction to the proposed EU cyber resilience act (CRA)
Olle E Johansson
 
PDF
The birth and death of PSTN
Olle E Johansson
 
PDF
WebRTC and Janus intro for FOSS Stockholm January 2019
Olle E Johansson
 
PDF
Kamailio World 2018: Having fun with new stuff
Olle E Johansson
 
PDF
Webrtc overview
Olle E Johansson
 
PDF
Realtime communication over a dual stack network
Olle E Johansson
 
PDF
The Realtime Story - part 2
Olle E Johansson
 
PDF
Sip2016 - a talk at VOIP2DAY 2016
Olle E Johansson
 
PDF
Sips must die, die, die - about TLS usage in the SIP protocol
Olle E Johansson
 
PDF
SIP :: Half outbound (random notes)
Olle E Johansson
 
PDF
Kamailio World 2016: Update your SIP!
Olle E Johansson
 
PDF
SIP & TLS - Security in a peer to peer world
Olle E Johansson
 
PDF
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Olle E Johansson
 
PDF
2015 update: SIP and IPv6 issues - staying Happy in SIP
Olle E Johansson
 
PDF
TCP/IP Geeks Stockholm :: Introduction to IPv6
Olle E Johansson
 
PDF
Why is Kamailio so different? An introduction.
Olle E Johansson
 
PDF
RFC 7435 - Opportunistic security - Some protection most of the time
Olle E Johansson
 
PDF
SIP and DNS - federation, failover, load balancing and more
Olle E Johansson
 
Cybernode.se: Securing the software supply chain (CRA)
Olle E Johansson
 
CRA - overview of vulnerability handling
Olle E Johansson
 
Introduction to the proposed EU cyber resilience act (CRA)
Olle E Johansson
 
The birth and death of PSTN
Olle E Johansson
 
WebRTC and Janus intro for FOSS Stockholm January 2019
Olle E Johansson
 
Kamailio World 2018: Having fun with new stuff
Olle E Johansson
 
Webrtc overview
Olle E Johansson
 
Realtime communication over a dual stack network
Olle E Johansson
 
The Realtime Story - part 2
Olle E Johansson
 
Sip2016 - a talk at VOIP2DAY 2016
Olle E Johansson
 
Sips must die, die, die - about TLS usage in the SIP protocol
Olle E Johansson
 
SIP :: Half outbound (random notes)
Olle E Johansson
 
Kamailio World 2016: Update your SIP!
Olle E Johansson
 
SIP & TLS - Security in a peer to peer world
Olle E Johansson
 
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Olle E Johansson
 
2015 update: SIP and IPv6 issues - staying Happy in SIP
Olle E Johansson
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
Olle E Johansson
 
Why is Kamailio so different? An introduction.
Olle E Johansson
 
RFC 7435 - Opportunistic security - Some protection most of the time
Olle E Johansson
 
SIP and DNS - federation, failover, load balancing and more
Olle E Johansson
 
Ad

Recently uploaded (20)

PDF
August Patch Tuesday
Ivanti
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
August Patch Tuesday
Ivanti
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Encapsulation theory and applications.pdf
gurumoop
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 

Realtime communication security - SIP, XMPP and others

Editor's Notes