[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[saag] fyi: report on security risks of applying CALEA to VoIP

From: Jeff.Hodges at KingsMountain.com
To: Security Area Advisory Group <saag at mit.edu>
Date: Wed, 14 Jun 2006 11:13:09 -0700

Of possible interest. I've reformatted Susan's msg wrt line breaks. 

Her post is archived here..

report on security risks of applying CALEA to VoIP
http://www.interesting-people.org/archives/interesting-people/200606/
msg00089.html


JeffH


-------- Original Message -------
From: Susan Landau <susan.landau at sun.com>
Date: June 13, 2006 10:35:37 AM EDT
To: dave at farber.net
Subject: report on security risks of applying CALEA to VoIP

                Tuesday  13 June 2006  at 10:35

Below you'll find an executive summary of "Security 
Implications of Applying the Communications Assistance 
for Law Enforcement Act to Voice over IP," by Steve Bellovin, 
Matt Blaze, Ernie Brickell, Clint Brooks, Vint Cerf, Whit 
Diffie, Susan Landau, Jon Peterson, John Treichler.

The full report is at: 
  http://www.itaa.org/news/docs/CALEAVOIPreport.pdf.

Susan


Security Implications of Applying the Communications 
Assistance to Law Enforcement Act to Voice over IP

  Steven Bellovin, Columbia University
  Matt Blaze,  University of Pennsylvania
  Ernest Brickell, Intel Corporation
  Clinton Brooks, NSA (retired)
  Vinton Cerf, Google
  Whitfield Diffie, Sun Microsystems
  Susan Landau, Sun Microsystems
  Jon Peterson, NeuStar
  John Treichler, Applied Signal Technology


Executive Summary

For many people, Voice over Internet Protocol (VoIP)
looks like a nimble way of using a computer to make
phone calls.  Download the software,   pick an
identifier and then wherever there is an Internet
connection, you can make a phone call.  From this
perspective, it makes perfect sense that anything
that can be done with a telephone, including the
graceful accommodation of wiretapping, should be
able to be done readily with   VoIP as well.

The FCC has issued an order for all
``interconnected'' and all broadband access VoIP
services to comply with Communications Assistance
for Law Enforcement Act (CALEA) --- without specific
regulations on what   compliance would mean.  The
FBI has suggested that CALEA should apply to all
forms of VoIP, regardless of the technology involved
in the VoIP implementation.

Intercept against a VoIP call made from a fixed
location with a fixed IP address directly to a big
internet provider's access router is   equivalent to
wiretapping a normal phone call, and classical
PSTN-style CALEA   concepts can be applied directly.
In fact, these intercept capabilities can be exactly
the same in the VoIP case if the ISP properly
secures its infrastructure and wiretap control
process as the PSTN's central offices are assumed to
do.

However, the network architectures of the Internet
and the Public   Switched Telephone Network (PSTN)
are substantially different, and these   differences
lead to security risks in applying the CALEA to
VoIP.  VoIP, like most Internet communications, are
communications for a mobile   environment.  The
feasibility of applying CALEA to more decentralized
VoIP services is   quite problematic.  Neither the
manageability of such a wiretapping regime nor
whether it can be made secure against subversion
seem clear.  The real danger is that a CALEA-type
regimen is likely to introduce serious
vulnerabilities through its ``architected security
breach.''

Potential problems include the difficulty of
determining where the   traffic is coming from (the
VoIP provider enables the connection but may not
provide the services for the actual conversation),
the difficulty of ensuring safe transport of the
signals to the law-enforcement   facility, the risk
of introducing new vulnerabilities into Internet
communications,   and the difficulty of ensuring
proper minimization.  VOIP implementations   vary
substantially across the Internet making it
impossible to implement   CALEA uniformly.  Mobility
and the ease of creating new identities on the
Internet exacerbate the problem.

Building a comprehensive VoIP intercept capability
into the Internet appears to require the cooperation
of a very large portion of the   routing
infrastructure, and the fact that packets are
carrying voice is largely irrelevant.  Indeed, most
of the provisions of the wiretap law do not
distinguish among different types of electronic
communications.    Currently the FBI is focused on
applying CALEA's design mandates to VoIP, but
there is nothing in wiretapping law that would argue
against the extension of intercept design mandates
to all types of Internet communications.    Indeed,
the changes necessary to meet CALEA requirements for
VoIP would   likely have to be implemented in a way
that covered all forms of Internet communication.

In order to extend authorized interception much
beyond the easy   scenario, it is necessary either
to eliminate the flexibility that Internet
communications allow, or else introduce serious
security risks to   domestic VoIP implementations.
The former would have significant negative   effects
on U.S. ability to innovate, while the latter is
simply dangerous.  The current FBI and FCC direction
on CALEA applied to VoIP carries great   risks.

---
end

Prev by Date: Re: [saag] Fwd: draft-bonica-tcp-auth
Next by Date: Re: [saag] IPsec configuration via BGP--softwires to support overlay network confidentiality/integrity
Previous by thread: [saag] VOIPSEC
Next by thread: [saag] IETF66 Summary of Kitten WG Meeting
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.