SIP over TLS
Download as PPTX, PDF0 likes989 views
This document discusses SIP over TLS. It describes how SIP signaling can be secured using TLS instead of UDP or TCP. The TLS handshake process is explained in detail including the messages exchanged between the client and server. It also discusses how media can be encrypted using SRTP and the different key management protocols that can be used like SDES, DTLS, and ZRTP. Sample packet captures of SIP over TLS calls are also provided.
![Media Encryption (Cont.)
• SRTP does not contain integrated key management!
• It uses one of these key management protocols:
• SDES-SRTP
• DTLS-SRTP
• ZRTP
• SDES: Keys are transported in the SDP attachment of a SIP message using the TLS transport layer.
• Media attribute defined by SDES is “crypto”:
a=crypto:<tag> <crypto-suite> <key-params> [<session-params>]
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:xecNW9BAUUfsgvZgE2OApkYJ20OM3guIqql5gayD
• 3 commonly used crypto suites are :
• AES_CM_128_HMAC_SHA1_80
• AES_CM_128_HMAC_SHA1_32
• F8_128_HMAC_SHA1_32](https://image.slidesharecdn.com/sip-tls-220428172935/85/SIP-over-TLS-15-320.jpg)
SIP over TLS
- 1. SIP over TLS • Hossein Yavari • April 2022
- 2. None SIP/TLS SIP UDP IP RTP UDP IP Signaling Media SIP TCP IP RTP UDP IP Signaling Media SIP over UDP SIP over TCP
- 3. SIP/TLS SIP TCP IP RTP UDP IP Signaling Media SIP over TLS TLS sRTP
- 4. SIP Server SIP Server UDP/TCP Listener TLS Listener Excample.com:5060 Excample.com:5061 SIP/UDP or TCP SIP/TLS
- 5. TLS Handshake Client Server Step 1: TCP Handshake SYN SYN ACK ACK Step 2: TLS Handshake * Mutual Authentication/ Server Authentication Client Hello Server Hello Server Certificate Client Certificate Request Server key Exchange Server Hello Done Client Certificate Client Key Exchange Certificate Verify Change Cipher Spec Finished Change Cipher Spec Encrypted Data Close Messages
- 6. TLS Handshake (Cont.) 1.Client Hello: The client sends a Client Hello message specifying the TLS version, a list of suggested cipher suites it supports, and a string of random bytes known as the "client random“. 2.Server Hello: The server responds with a Server Hello message with the TLS version, a chosen cipher suite and its own randomly selected prime number called a “server random”. 3.Server Certificate: The server presents an X.509 certificate or certificate chain to the client for verification as part of the initial TLS handshake. 4.Server Key Exchange: This is an optional message, only needed for certain key exchange methods (Diffie-Hellman) that require the server provides additional data. 5.Client Certificate Request: The server then requests a certificate from the client so the connection can be mutually authenticated. (optional) 6.Server Hello Done: The server sends a Server Hello Done message to tell the client it is finished with initial negotiations.
- 7. TLS Handshake (Cont.) 7. Client Certificate: If the server requests a certificate, the client must send the certificate or certificate chain. 8. Client Key Exchange: The client sends a Client Key Exchange message which may contain a Public Key, or nothing depending on the cipher suite chosen (TLSv1.2). 9. Certificate Verify: This message is sent when the client presents a certificate as above. Its purpose is to allow the server to complete the process of authenticating the client. 10. Change cipher spec: The client sends a message telling the server to change to encrypted mode. 11. Finished: The client tells the server that it is ready for secure data communication to begin. This is the end of the SSL handshake. 12. Change Cipher Spec: The server sends a message telling the client to change to encrypted mode. 13. Finished: The server tells the client that it is ready for secure data communication to begin. This is the end of the SSL handshake. 14. Encrypted data: The client and the server communicate securely. 15. Close Messages: At the end of the connection, each side will send a close_notify message to inform the peer that the connection is closed.
- 8. TLS Versions TLS 1.3’s handshake makes just a single round trip, so it is faster. https://www.thesslstore.com/blog/explaining-ssl-handshake/#the-tls-12-handshake-diffie-hellman-edition
- 9. TLS 1.3 Cipher Suites https://www.thesslstore.com/blog/explaining-ssl-handshake/#the-tls-12-handshake-diffie-hellman-edition • TLS_AES_256_GCM_SHA384 • TLS_CHACHA20_POLY1305_SHA256 • TLS_AES_128_GCM_SHA256 • TLS_AES_128_CCM_8_SHA256 • TLS_AES_128_CCM_SHA256
- 10. PCAP Sample
- 12. TLS Terminology • CA: Certificate Authority, a trusted entity, such as VeriSign, used to issue certs and to validate the authenticity of a cert. One type of cert, called a self-signed cert, does not require a CA. • Certificate chain: Often you will not have a certificate signed by your CA's root private key. Instead, you have your cert along with one or more intermediate certs that form a chain. The last intermediate cert in the chain is typically signed by the CA's root private key. • PEM: The Privacy Enhanced Mail (PEM) format is a text-based ASCII format that is a Base64 encoding of the binary Distinguished Encoding Rules (DER) format. • PEM certificates can be opened in any Text Editor and the actual certificate content is delimited between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- statements. • It complies with the X.509 format for storing a certificate, certificate chain, or private key.
- 13. Media Encryption • SRTP is not a protocol! It is a profile of RTP. • SRTP extends RTP to include encryption and authentication. • SIP/TLS with RTP is also possible but SIP/UDP/TCP with SRTP is not! Normal RTP Packet
- 14. Media Encryption (Cont.) sRTP Packet RTP Header Encrypted Payload MKI AUTH
- 15. Media Encryption (Cont.) • SRTP does not contain integrated key management! • It uses one of these key management protocols: • SDES-SRTP • DTLS-SRTP • ZRTP • SDES: Keys are transported in the SDP attachment of a SIP message using the TLS transport layer. • Media attribute defined by SDES is “crypto”: a=crypto:<tag> <crypto-suite> <key-params> [<session-params>] a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:xecNW9BAUUfsgvZgE2OApkYJ20OM3guIqql5gayD • 3 commonly used crypto suites are : • AES_CM_128_HMAC_SHA1_80 • AES_CM_128_HMAC_SHA1_32 • F8_128_HMAC_SHA1_32
- 16. Media Encryption (Cont.) • DTLS: DTLS keying happens on the media path, independent of any out-of-band signaling channel.
- 17. Media Encryption (Cont.) • ZRTP: a cryptographic key-agreement protocol meant to negotiate the keys for encryption between two endpoints. • ZRTP uses the Diffie-Hellman algorithm which enables secure key agreement and avoids the overhead of certificate management or any other prior setup. • The key agreement algorithm can be divided into 4 steps: • Discovery - Hello & HelloACK • Hash commitment - Commit • Diffie-Hellman exchange and key derivation - DHPart1 DHPart2 • Confirmation - Confirm1, Confirm2 & Conf2ACK
- 18. Media Encryption (Cont.) • An offer can include any of these: • Plain RTP (RTP/AVP), • RTP with RTCP-based feedback (RTP/AVPF), • Secure RTP (RTP/SAVP), or • Secure RTP with RTCP-based feedback (RTP/SAVPF)