HiTB KL Oct2013 Practical Attacks Against Encrypted VoIP Communications

8/17/2019 HiTB KL Oct2013 Practical Attacks Against Encrypted VoIP Communications

1/62

!"#$%$#& ()#$*+ (,#-.+/

0.$"12/34 567! 8699:.-$#%6.+

!"#$%&''()*+,-./ 12324562

%7289 ':33;4 < =:>696? '7;33

@A:>?7;33 @>A5;?32B5


2/62

(,3.4#

• #765 65 2 C23D 2B:8C CE2F? 29234565 29A G2H;E9

>2C?769I

• J:"K B2?DIE:89A

• )LK C;?796M8;5

• %C2N5N?23 >:A;369I

•

'25; 5C8A6;5 2D2 OC7; ?::3 5C8PQ


3/62

• J:"K 65 2 G:G832E E;G32?;>;9C R:E CE2A6N:923

?:GG;EST6E; C;3;G7:9; 545C;>5

• $29AT6AC7 ;F?6;9C 29A 3:T ?:5C

• KE6U2?4 725 B;?:>; 29 69?E;2569I ?:9?;E9

• V;9;E2334 2??;GC;A C72C ;9?E4GN:9 57:83A B;

85;A R:E ;9ASC:S;9A 5;?8E6C4• $8C ;U;9 6R 6CW5 ;9?E4GC;AX 65 6C 5;?8E;Y

7./"64:$%6.


4/62

;;9C5 233;I;A34 ?326> )%[ < V'!\

72U; 5:>; O?2G2B636C4Q 2I2695C ;9?E4GC;A J:"K

•

!"#$ &'() )#') *+,- ./ ' 012 3'/)4 5'/)1$/ #'6 '

('5'7898)4 ':'816) ' 65$(8;( )#$ $1(/45)$2 (.??


5/62

• L6H3; T:ED 725 B;;9 A:9; B4 C7; 5;?8E6C4

?:>>896C4

• %:>; 69C;E;5N9I 2?2A;>6? E;5;2E?7

– ]9?:U;E69I %G:D;9 K7E25;5 69 &9?E4GC;A J:6?; :U;E "K

':>>896?2N:95/ L/8:#)D M'99'/2D +.#'/2)D F$


6/62

?#$*,"6:.4@567!


7/62

• %6>632E C: CE2A6N:923 A6I6C23 C;3;G7:94X J:"K

69U:3U;5 56I923369IX 5;556:9 696N23652N:9 29A

5;C8G 25 T;33 25 ;9?:A69I :R C7; U:6?; 56I923

•

%;G2E2C;A 69 C: CT: ?7299;35 C72C G;ER:E>

C7;5; 2?N:95/

– ':9CE:3 ?7299;3

–

=2C2 ?7299;3

567! 8699:.-$#%6.+


8/62

•

(G;E2C;5 2C C7; 2GG36?2N:9S324;E

• !29A3;5 ?233 5;C8GX C;E>692N:9 29A :C7;E;55;9N23 25G;?C5 :R C7; ?233

•

]5;5 2 56I923369I GE:C:?:3 58?7 25/

– %;556:9 "96N2N:9 KE:C:?:3 ^%"K_

– &`C;956B3; 1;552I69I 29A KE;5;9?; KE:C:?:3

^a1KK_ –

!b.+.

– %D4G;

86./"6& 8


9/62

86./"6& 8:A6R469I ;`65N9I ?2335

•

#4G6?2334 GE:C;?C;A T6C7 ;9?E4GN:9X R:E

;`2>G3; %"K% T76?7 2AA5 #L%

• (c;9 85;A C: ;5C2B3657 C7; C7; A6E;?C A2C2

?:99;?N:9 R:E C7; U:6?; CE2F? 69 C7; A2C2

?7299;3


10/62

• #7; GE6>2E4 R:?85 :R :8E E;5;2E?7

• ]5;A C: CE295>6C ;9?:A;A 29A ?:>GE;55;A

U:6?; A2C2

• #4G6?2334 :U;E ]=K

• J:6?; A2C2 65 CE295G:EC;A 8569I 2 CE295G:EC

GE:C:?:3 58?7 25 d#K

A#/# 8


11/62

•

':>>:9G32?; R:E J:"K 6>G3;>;9C2N:95 C:;9?E4GC C7; A2C2 e:T R:E ?:9fA;9N236C4

• [ ?:>>:9 6>G3;>;9C2N:9 65 %;?8E; d;23S

#6>; #E295G:EC KE:C:?:3 ^%d#K_• $4 A;R283C T633 GE;5;EU; C7; :E6I6923 d#K

G243:2A 56g;

•

OF.1$ .& )#$ 5/$R2$;1$2 $1(/[email protected])/'16&./?6


12/62

?#$*,"6:.4@8643$+


13/62

• ]5;A C: ?:9U;EC C7; 2923:I8; U:6?; 56I923 69

C: 2 A6I6C2334 ;9?:A;A 29A ?:>GE;55;A

E;GE;5;9C2N:9

•

':A;?5 5CE6D; 2 B2329?; B;CT;;9 B29AT6AC7

36>6C2N:95 29A U:6?; M8236C4

• Z;WE; >:5C34 69C;E;5C;A 69 J2E62B3; $6C d2C;

^J$d_ ?:A;?5

8643$+


14/62

• #7; ?:A;? ?29 A492>6?2334 >:A6R4 C7; B6CE2C;

:R C7; CE295>6H;A 5CE;2>

• ':A;?5 36D; %G;;` T633 ;9?:A; 5:89A5 2C

A6P;E;9C B6CE2C;5

• *:E ;`2>G3;X RE6?2NU;5 >24 B; ;9?:A;A 2C

3:T;E B6CE2C;5 C729 U:T;35

5#"-#B&3 ?-/"#/3 8643$+


15/62


16/62

• #7; GE6>2E4 B;9;fC RE:> J$d 65 2 56I96f?29C34

B;H;E M8236C4SC:SB29AT6AC7 E2N: ?:>G2E;A C:

'$d

• =;56E2B3; 69 3:T B29AT6AC7 ;9U6E:9>;9C5

– ';33832E

– %3:T Z6*6

5#"-#B&3 ?-/"#/3 8643$+


17/62

?#$*,"6:.4@CD! #.4 E/#%+%$#& (.#&1+-+


18/62

• d;5;2E?7 C;?796M8;5 B:EE:T;A RE:> )LK 29A

B6:69R:E>2N?5

• KE6>2E634 C7; 85; :R/

– KE:f3; !6AA;9 12ED:U 1:A;35

– =492>6? #6>; Z2EG69I

C#/:"#& D#.,:#,3 !"6$3++-.,


19/62

• %C2N5N?23 >:A;3 C72C 2556I95 GE:B2B636N;5 C:

5;M8;9?;5 :R 54>B:35

• #E2956N:95 RE:> M$:81 5C2C; ^$_ C: Q12 5C2C;

^&_

• 1:U;5 RE:> 5C2C; C: 5C2C; E29A:>34 B8C 69 369;

T6C7 CE2956N:9 A65CE6B8N:95

• #E2956N:95 :??8E 69A;G;9A;9C34 :R 294

GE;U6:85 ?7:6?;5

F-443. G#"*6> G643&+


20/62

• #7; >:A;3 T633 ?:9N98; C: >:U; B;CT;;9

5C2C;5 29A :8CG8C 54>B:35 89N3 C7; Q12 5C2C;

65 E;2?7;A

•

#7; ;>6H;A 54>B:35 ?:95NC8C; C7; 5;M8;9?;

F-443. G#"*6> G643&+

">2I; RE:> 7HG/hh652B;3SAE:5CbA;h72A::Gh536A;5h!11bGAR


21/62

• [ 98>B;E :R G:556B3; 5C2C; G2C75 RE:> $ C: &

• M$6) 5')# 65 C7; >:5C 36D;34 G2C7

•

#7; J6C;EB6 23I:E6C7> ?29 B; 85;A C: A65?:U;EC7; >:5C GE:B2B3; G2C7

• J6C;EB6X B./='/2 29A M'(>='/2 23I:E6C7>5 ?29

233 B; 85;A C: A;C;E>69; GE:B2B636C4 C72C 2>:A;3 GE:A8?;A 29 :8CG8C 5;M8;9?;

F-443. G#"*6> G643&+


22/62


23/62

• [ U2E62N:9 :R !11

• "9CE:A8?;5 G16$/) 29A O$9$)$6

•

[33:T5 C7; >:A;3 C: 6A;9NR4 5;M8;9?;5 T6C7G16$/)6 :E O$9$)$6

• K2EN?832E34 E;3;U29C C: 29234565 :R 28A6:

?:A;?5 T7;E; 6A;9N?23 8H;E29?;5 :R C7; 52>;

G7E25; B4 C7; 52>; 5G;2D;E 2E; 8936D;34 C:

72U; 6A;9N?23 G2H;E95

!"6H&3 F-443. G#"*6> G643&+


24/62

•

':956A;E 2 >:A;3 CE269;A C: E;?:I965;/

[ $ ' =

•

#7; >:A;3 ?29 5N33 E;?:I965; G2H;E95 T6C7!"#$%&'"/

[ $ a ' =

• (E G2H;E95 T6C7 ($)$&'"/

[ $ '

!"6H&3 F-443. G#"*6> G643&+


25/62

•

L2EI;34 E;G32?;A B4 !115

• 1;258E;5 56>632E6C4 69 5;M8;9?;5 C72C U2E4 69

N>; :E 5G;;A

• ':>>:934 85;A 69 5G;;?7 E;?:I96N:9

• ]5;R83 69 :8E E;5;2E?7 B;?285; :R C7;

C;>G:E23 ;3;>;9C

• [ G2?D;C ?2GC8E; 65 ;55;9N2334 2 N>; 5;E6;5

A1.#9-$ I-93 ;#"2-.,


26/62

• ':>G8C;5 2 iA65C29?;W B;CT;;9 CT: N>;

5;E6;5 j =#Z A65C29?;

• =6P;E;9C C: &8?36A;29 A65C29?;

•

#7; =#Z A65C29?; ?29 B; 85;A 25 2 >;CE6? R:E

i?3:5;9;55W B;CT;;9 C7; CT: N>; 5;E6;5

A1.#9-$ I-93 ;#"2-.,


27/62

A1.#9-$ I-93 ;#"2-., J 0K#92&3 •

':956A;E C7; R:33:T69I 5;M8;9?;5/ – , , , k l -k +m +. n . + , , , , , , , , , , , , , , , , , , ,

– , , , , , , , , , , , , , , , , , o m -. +o +k p k + , , , , ,

• "96N23 29234565 58II;5C5 C7;4 2E; U;E4 A6P;E;9CX 6R ?:>G2E69I RE:>

C7; ;9CE4 G:69C5b

• !:T;U;E C7;E; 2E; 5:>; 56>632E ?72E2?C;E65N?5/

– %6>632E 572G;

– K;2D5 2C 2E:89A +o

–

':83A E;GE;5;9C C7; 52>; 5;M8;9?;X B8C 2C A6P;E;9C N>;:P5;C5Y

,

o

-,

-o

+,

+o

.,

- + . k o m l n p -, -- -+ -. -k -o -m -l -n -p+, +- ++ +. +k +o +m +l +n +p .,

%;E6;5-

%;E6;5.


28/62

E-43 8


29/62

•

]582334 ?:99;?N:95 2E; G;;ESC:SG;;E

• Z; 2558>; C72C ;9?E4GC;A J:"K CE2F? ?29 B; ?2GC8E;A/ – 129S69SC7;S>6AA3;

–

K2556U; >:96C:E69I

• ):C B;4:9A C7; E;23>5 :R G:556B636C4/ – OV'!\ C2G5 fBE;S:GN? ?2B3;5Q

7HG/hhTTTbC7;I82EA629b?:>h8Dh+,-.hq89h+-hI?7MS?2B3;5S

5;?E;CST:E3AS?:>>896?2N:95S952 – O'7692 76q2?D;A "9C;E9;C CE2F?Q

7HG/hhTTTbgA9;Cb?:>h?7692S76q2?D;AS8DS69C;E9;CSCE2F?S5245S>?2R;;S.,k,,p,p-,h

E-43 8


30/62

•

$8C T72C ?29 T; I;C RE:> q85C 2 G2?D;C

?2GC8E;Y

E-43 8


31/62

•

%:8E?; 29A =;5N92N:9 ;9AG:69C5

– &A8?2C;A I8;55 2C 329I82I; B;69I 5G:D;9

• K2?D;C 3;9IC75

•

#6>;5C2>G5

E-43 8


32/62

•

%: T72CYbbbbbb

•

Z; 9:T D9:T J$d ?:A;?5 ;9?:A; A6P;E;9C5:89A5 2C U2E62B3; B6C E2C;5

•

Z; 9:T D9:T 5:>; J:"K 6>G3;>;9C2N:9585; 2 3;9IC7 GE;5;EU69I ?6G7;E C: ;9?E4GC

U:6?; A2C2

E-43 8


33/62

J2E62B3; $6C d2C; ':A;?

rL;9IC7 KE;5;EU69I '6G7;E s

E-43 8


34/62

8#+3 E/:41


35/62

•

':99;?N:95 2E; G;;ESC:SG;;E

• ]5;5 C7; (G85 ?:A;? ^d*' ml-m_/

!V5


36/62


37/62

•

[3C7:8I7 56>632E G7E25;5 T633 GE:A8?; 2 56>632E

G2H;E9X C7;4 T:9WC B; 6A;9N?23/

– $2?DIE:89A 9:65;

–

[??;9C5

– %G;;A 2C T76?7 C7;4WE; 5G:D;9

•

%6>G3; 58B5CE69I >2C?769I T:9WC T:EDt

E*123 8#+3 E/:41


38/62

•

#7; CT: 2GGE:2?7;5 T; ?7:5; >2D; 85; :R

C7; )LK C;?796M8;5/

– KE:f3; !6AA;9 12ED:U 1:A;35

–

=492>6? #6>; Z2EG69I

E*123 8#+3 E/:41


39/62

•

$:C7 2GGE:2?7;5 2E; 56>632E 29A ?29 B; BE:D;9 A:T9

69 C7; R:33:T69I 5C;G5/

– #E269 C7; >:A;3 R:E C7; C2EI;C G7E25;

–

'2GC8E; C7; %D4G; CE2F? – O[5DQ C7; >:A;3 6R 6CW5 36D;34 C: ?:9C269 C7; C2EI;C G7E25;

E*123 8#+3 E/:41


40/62

•

#: OCE269Q C7; >:A;3X 2 3:C :R C;5C A2C2 65 E;M86E;A

• Z; 85;A C7; #"1"# ':EG85 A2C2

• d;?:EA69I5 :R m., 5G;2D;E5 :R ;6I7C >2q:E A623;?C5 :R

[>;E6?29 &9I3657

• &2?7 5G;2D;E E;2A5 2 98>B;E :R OG7:9;N?2334 E6?7Q

5;9C;9?;5

E*123 8#+3 E/:41 J I"#-.-.,


41/62

OZ74 A: T; 9;;A B6II;E 29A B;H;E B:>B5YQ

E*123 8#+3 E/:41 J I7G7I


42/62

O!; E6GG;A A:T9 C7; ?;33:G729; ?2E;R8334X 29A 326A C7E;; A:I5

:9 C7; N9 R:63bQ

E*123 8#+3 E/:41 J I7G7I


43/62

O#72C T:E> 2 >8EA;E;EYQ

E*123 8#+3 E/:41 J I7G7I


44/62

•

#: ?:33;?C C7; A2C2 T; G324;A ;2?7 :R C7; G7E25;5

:U;E 2 %D4G; 5;556:9 29A 3:II;A C7; G2?D;C5 8569I

C?GA8>G

for((a=0;a


45/62

•

K'[K f3; ?:9C26969I uk,, :??8EE;9?;5 :R C7; 52>;

5G:D;9 G7E25;

•

O%63;9?;Q >85C B; G2E5;A :8C 29A "396>34

• *26E34 ;254 S I;9;E2334X 563;9?; :B5;EU;A C: B; 3;55

C729 n, B4C;5

• ]9D9:T9 5G6D;5 C: u-,, A8E69I 563;9?; G725;5

E*123 8#+3 E/:41 J I"#-.-.,


46/62

E*123 8#+3 E/:41 J E-&3.$3

%7:EC ;`?;EGC :R %D4G; CE2F? :R C7; 52>; E;?:EA69I ?2GC8E;A . N>;5X

;2?7 5;G2E2C;A B4 o 5;?:9A5 :R 563;9?;/


47/62

[GGE:2?7 C: 6A;9NR4 29A E;>:U;C7; 563;9?;/

– *69A 5;M8;9?;5 :R G2?D;C5 B;3:TC7; 563;9?; C7E;57:3AX un, B4C;5

– "I9:E; 5G6D;5 T7;9 T;WE; 69 2

563;9?; G725; ^6b;b +, ?:9N98:85G2?D;C5 B;3:T C7; 563;9?;C7E;57:3A_

– =;3;C; C7; 563;9?; G725;

–

"95;EC 2 >2ED;E C: 5;G2E2C; C7;5G;;?7 G725;5 j 69C;I;E +++X 69:8E ?25;

– #765 3;2U;5 85 T6C7 q85C C7; 5G;;?7G725;5vbb

E*123 8#+3 E/:41 J E-&3.$3


48/62

E*123 8#+3 E/:41 J E-&3.$3


49/62

•

$6:q2U2 GE:U6A;5 2 85;R83 :G;9 5:8E?; RE2>;T:ED

– '3255;5 R:E KE:f3; !11 >:A;369I

– $28>Z;3?7 R:E CE26969I

–

[ A492>6? >2CE6` GE:IE2>>69I ?3255 ^=K_ R:E ?23369I 69C:J6C;EB6 R:E 5;M8;9?; 29234565 :9 C7; K!11

• Z; ?7:5; C765 36BE2E4 C: 6>G3;>;9C :8E 2H2?D

E*123 8#+3 E/:41 L !FGG ()#$*


50/62

•

#E269 C7; KE:f3;!11 :Bq;?C 8569I C7; $28> Z;3?7

• \8;E4 J6C;EB6 C: ?23?832C; 2 3:IS:AA5

• ':>G2E; C7; 3:IS:AA5 5?:E; C: 2 C7E;57:3A

• "R 2B:U; C7E;57:3A T; 72U; 2 G:556B3; >2C?7

• "R 9:CX C7; G2?D;C 5;M8;9?; T25 GE:B2B34 9:C C7; C2EI;CG7E25;

E*123 8#+3 E/:41 L !FGG ()#$*


51/62

•

%2>; CE26969I A2C2 25 K!11

• d;>:U; 563;9?; G725;5

• #2D; 2 GE:C:C4G6?23 5;M8;9?; 29A ?23?832C; =#Z

A65C29?; :R 233 CE26969I A2C2 RE:> 6C•

=;C;E>69; 2 C4G6?23 A65C29?; C7E;57:3A

• '23?832C; =#Z A65C29?; R:E C;5C 5;M8;9?; 29A

?:>G2E; C: C7E;57:3A•

"R C7; A65C29?; 65 T6C769 C7; C7E;57:3A C7;9 36D;34

>2C?7

E*123 8#+3 E/:41 L AI; ()#$*


52/62

!FGG A396.+/"#%6.


53/62

E*123 8#+3 E/:41 L !"3 I3+%.,


54/62

E*123 8#+3 E/:41 L !6+/ I3+%.,

'4G7;E/ O" A:9WC ;U;9 5;; C7; ?:A;b [33 " 5;; 65 B3:9A;XBE89;H;X E;AS7;2AQ


55/62

•

d;?233 E2C; :R 2GGE:`6>2C;34 n,w

• *235; G:56NU; E2C; :R 2GGE:`6>2C;34 +,w

• K7:9;N?2334 E6?7;E G7E25;5 T633 46;3A 3:T;E R235;G:56NU;5

• #"1"# ?:EG85/ Ox:89I ?763AE;9 57:83A 2U:6A;`G:58E; C: ?:9C2I6:85 A65;25;5Q

!FGG E/#%+%$+


56/62

AI; M3+:&/+

•

%6>632E34 C: K!11 E;583C5X un,w E;?233 E2C;

• *235; G:56NU; E2C; :R +,w 29A 89A;E j 2I269X 25 3:9I

25 4:8E CE26969I A2C2 65 I::Ab


57/62

E-&3./ 8-"$&3 J M3+:&/+

• ):C U839;E2B3; j 233 A2C2 G243:2A 3;9IC75 2E; -lm B4C;5 69

3;9IC7t


58/62

;"#22-., :2


59/62

•

%:>; I86A29?; 69 d*'mom+-m

• K2AA69I C7; d#K G243:2A ?29 GE:U6A; 2 E;A8?N:9 69

69R:E>2N:9 3;2D2I;

• ':95C29C B6CE2C; ?:A;?5 57:83A B; 9;I:N2C;A A8E69I

5;556:9 696N2N:9

!"3>3.%6.


60/62

•

[55;55 :C7;E 6>G3;>;9C2N:95

– V::I3; #23D

– 16?E:5:c L49?

–

[U242 J:"K G7:9;5 – '65?: J:"K G7:9;5

– [GG3; *2?;#6>;

• [??:EA69I C: Z6D6G;A62X 85;5 d#K 29A %d#KvJ839;E2B3;Y

• ">GE:U;>;9C5 C: C7; 23I:E6C7>5 S [GG34 C7; y23>29

f3C;EY

N:"/


61/62

•

J2E62B3; B6CE2C; ?:A;?5 2E; 8952R; R:E 5;956NU; J:"KCE295>6556:9

• "C 65 G:556B3; C: A;A8?; 5G:D;9 ?:9U;E52N:95 69

;9?E4GC;A J:"K

• J$d T6C7 3;9IC7 GE;5;EU69I ;9?E4GC;A CE295G:EC5 36D;%d#K 57:83A B; 2U:6A;A

• ':95C29C B6CE2C; ?:A;?5 57:83A B; 85;A T7;E; G:556B3;

86.$&:+-6.+


62/62

Documents

HiTB KL Oct2013 Practical Attacks Against Encrypted VoIP Communications