[IP] report on security risks of applying CALEA to VoIP

To: ip@xxxxxxxxxxxxxx
Subject: [IP] report on security risks of applying CALEA to VoIP
From: David Farber <dave@xxxxxxxxxx>
Date: Tue, 13 Jun 2006 18:32:07 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <200606131435.k5DEZb6c042216@xxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Susan Landau <susan.landau@xxxxxxx>
Date: June 13, 2006 10:35:37 AM EDT
To: dave@xxxxxxxxxx
Subject: report on security risks of applying CALEA to VoIP

                                Tuesday  13 June 2006  at 10:35

Below you'll find an executive summary of "Security Implications of
Applying the Communications Assistance for Law Enforcement Act to Voice

over IP," by Steve Bellovin, Matt Blaze, Ernie Brickell, ClintBrooks, Vint

Cerf, Whit Diffie, Susan Landau, Jon Peterson, John Treichler.

The full report is at: http://www.itaa.org/news/docs/CALEAVOIPreport.pdf.


Susan



Security Implications of Applying the Communications Assistance to Law
Enforcement Act to Voice over IP

  Steven Bellovin, Columbia University
  Matt Blaze,  University of Pennsylvania
  Ernest Brickell, Intel Corporation
  Clinton Brooks, NSA (retired)
  Vinton Cerf, Google
  Whitfield Diffie, Sun Microsystems
  Susan Landau, Sun Microsystems
  Jon Peterson, NeuStar
  John Treichler, Applied Signal Technology


Executive Summary

For many people, Voice over Internet Protocol (VoIP) looks like a nimble

way of using a computer to make phone calls. Download the software,pick

an identifier and then wherever there is an Internet connection, you can
make a phone call.  From this perspective, it makes perfect sense that
anything that can be done with a telephone, including the graceful

accommodation of wiretapping, should be able to be done readily withVoIP

as well.

The FCC has issued an order for all ``interconnected'' and all broadband
access VoIP services to comply with Communications Assistance for Law

Enforcement Act (CALEA) --- without specific regulations on whatcompliancewould mean. The FBI has suggested that CALEA should apply to allforms of

VoIP, regardless of the technology involved in the VoIP implementation.

Intercept against a VoIP call made from a fixed location with a fixed IP

address directly to a big internet provider's access router isequivalentto wiretapping a normal phone call, and classical PSTN-style CALEAconcepts

can be applied directly. In fact, these intercept capabilities can be
exactly the same in the VoIP case if the ISP properly secures its
infrastructure and wiretap control process as the PSTN's central offices
are assumed to do.

However, the network architectures of the Internet and the PublicSwitchedTelephone Network (PSTN) are substantially different, and thesedifferences

lead to security risks in applying the CALEA to VoIP.  VoIP, like most

Internet communications, are communications for a mobileenvironment. Thefeasibility of applying CALEA to more decentralized VoIP services isquite

problematic.  Neither the manageability of such a wiretapping regime nor
whether it can be made secure against subversion seem clear.  The real
danger is that a CALEA-type regimen is likely to introduce serious
vulnerabilities through its ``architected security breach.''

Potential problems include the difficulty of determining where thetraffic

is coming from (the VoIP provider enables the connection but may not
provide the services for the actual conversation), the difficulty of

ensuring safe transport of the signals to the law-enforcementfacility, therisk of introducing new vulnerabilities into Internet communications,andthe difficulty of ensuring proper minimization. VOIP implementationsvarysubstantially across the Internet making it impossible to implementCALEA

uniformly.  Mobility and the ease of creating new identities on the
Internet exacerbate the problem.

Building a comprehensive VoIP intercept capability into the Internet

appears to require the cooperation of a very large portion of therouting

infrastructure, and the fact that packets are carrying voice is largely
irrelevant.  Indeed, most of the provisions of the wiretap law do not

distinguish among different types of electronic communications.Currentlythe FBI is focused on applying CALEA's design mandates to VoIP, butthere

is nothing in wiretapping law that would argue against the extension of

intercept design mandates to all types of Internet communications.Indeed,the changes necessary to meet CALEA requirements for VoIP wouldlikely have

to be implemented in a way that covered all forms of Internet
communication.

In order to extend authorized interception much beyond the easyscenario,

it is necessary either to eliminate the flexibility that Internet

communications allow, or else introduce serious security risks todomesticVoIP implementations. The former would have significant negativeeffects

on U.S. ability to innovate, while the latter is simply dangerous.  The

current FBI and FCC direction on CALEA applied to VoIP carries greatrisks.







-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Oops
Next by Date: [IP] How innocents can be penalized by Windows Genuine Advantage
Previous by thread: [IP] Oops
Next by thread: [IP] How innocents can be penalized by Windows Genuine Advantage
Index(es):
- Date
- Thread