P2P SIP Names

1
P2P SIPNames Security

• Cullen Jennings
• fluffy_at_cisco.com

2
Security Trade Offs

• Certain other features, or convenience of
  operation, make users willing to accept reduced
  security
• Better than nothing principle
• Certain ideas that work in small groups of
  friends completely fail before they meet any size
  that would be considered successful

3
Threat Models

• No idea what to put here - will need work
• Run in my home?
• Run on the internet?
• Protect from neighbor? from me? wireless to front
  yard?
• Protect what?
• Used for playing games and no one cares if works?
• Used by emergency workers?
• Skype claims to have surprisingly strong
  security? Is it P2P?
• What are the devices?
• What is the information they exchange?
• Who might be able to intercept/tamper with it?
• How much would users or attackers care?

4
Security Concerns

• Who am I talking to
• When people want to talk to me, do they reach me
• Can other people listen to my call
• Can people discover who I call and when
• Do I know who is calling me
• Can I call someone without revealing who I am
• Denial of service
• Who can cancel my name
• Do I know I am talking to same person as previous
  call
• SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM
  SPAM

5
Names

• Some properties a namespace might have
• Names are unique
• Can know who is authorized to use a name
• Dont require a central registry
• Delegation of portions of namespace
• Size of namespace
• Free/Cheap in the monetary sense
• Pick any few -)

6
Names, Routes Translation

• What is a name
• An identifier that some object asserts that it
  goes by. The name is persistent over some time
  span.
• Ex email address, telephone number, number in
  DHT
• What is a routable address
• An address that is routable in the context of a
  particular network element.
• Ex IP address
• What is a translation
• lookup from name to another name or routable
  address
• Ex DHT

7
Example Namespaces

• DNS
• unique, central, delegated, cheap
• authorization via web certs
• Email addresses
• sub delegation of DNS
• IP Addresses
• unique (mostly), admin delegate DHCP
• E.164 Telephone numbers
• unique, non central, delegated, not cheap
• authorization hard
• somewhat limited size

8
P2P Names Translation

• Self assigned identifiers as names
• Can ask if they are unique
• Cant guarantee that they are unique
• Translation
• all examples here translate to IP
• A few approaches
• Translation with DHT
• Translation with broadcast table
• Security Properties
• Bad identity, integrity, privacy, DoS, name
  stealing, Spam
• Good uh, ah, not much
• Other properties
• Good operations and management

9
P2P as a DNS Replacement

• (Hint I suspect this is not a good idea)
• There are some use cases when DNS is not
  reachable
• Many of these cases can be solved with local
  discovery approaches
• Ex (multicast, zeroconf, rendezvous, SrvLoc)

10
The BAD news

• So far, no way to simultaneously achieve both
• no central name authority
• stop names from being stolen by other users
• This will somewhat constrain the security
  properties of various solutions

11
The GOOD newsGot lemons, Make lemonade

• Anonymous Communications
• Anonymous communications can be anonymous
• SIP has not practically solved how to deploy
  media and signaling Anonymization
• Distributed media relay
• P2P style distributed media relays do not require
  names principle