Introducing Backdoors To VoIP Networks Makes Them More Secure?

from the run-that-past-us-again dept

The ruling that VoIP providers must make their networks wiretap-ready under CALEA legislation has caused some consternation, both because of the additional costs it generates, as well as the technical complexity of devloping a solution to meet the May 2007 deadline. In June, an IT trade group issued a report outlining many of the problems VoIP providers face in implementing a CALEA-compliant solution, and in response, a group representing companies selling wiretap systems — so there’s surely no bias — has issued a rebuttal that appears to be little more than saying “no it isn’t” to every claim from the first report. Among their claims of varying dubiety, one stands out: that adding in wiretap back doors for law enforcement makes networks more secure, rather than less. This is totally unclear, as adding a back door to eavesdrop on calls, even if it’s meant for law enforcement alone, would certainly appear to introduce a new vulnerability in the network and a target for hackers. While the costs of implementing CALEA for VoIP providers can really be seen as a cost of doing business, the idea that providing the ability for anybody to intercept calls makes a network more secure is pretty outlandish.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Introducing Backdoors To VoIP Networks Makes Them More Secure?”

Subscribe: RSS Leave a comment
h4x0r el33t says:

Welcome to 1989

No no no… you mean MS.1010100… when our current dating system is replaced with a binary form, the MS Troops are running rampant enforcing their brute force tactics and Big Brother, also known as Microsoft, is look over everyone’s soldier ready to shut down their motherboard with a built in hardware lock if they show any sign of dissent.

Evildeliverance says:

Anonymous Coward

How do you expect the access point to be protected? A password? Cause surely no one could ever figure one of those out. Possibly some sort of encryption scheme? Surely no cop could be a hacker as well and leak some of the information thus allowing anyone with access to the internet to listen in on just about anyone else’s calls.

As has been stated before. VoIP is not your average phone service. There are no wires running to the phone company or anything else of the sort. It is all sent straight from your house to the internet. If there is to be a backdoor, it seems there are only too possibilities. 1: Make it basically a trojan waiting for the correct set of parameters before it allows the “law enforcement agency”(or hackers) access. or 2: Install monitoring software at every point where the voip data gets converted into standard phone service data. Of course the latter is much closer to a 1984 -esque situation since the only way the monitoring software would be able to work is to look at every phone call and analyze it asking ‘Is this something I should be listening to?’ and a portion of the first method would need to be introduced in order to catch VoIP to VoIP calls as the second method would only catch calls that transfer from the internet to the phone network.

So, in short, the internet would be the access point and as of the moment, it is not highly regulated.

Anonymous Coward says:

Evil, your demonstration has nothing to do with lawful intercept. Sure, VoIP can be listened in on, but lawful intercept or the implementation of that would not help or hinder what you are talking about.

Can you hack a VoIP network? Yes, you can, you can do it easier than getting into the PSTN, but providing lawful intercept has nothing to do with that.

Funny thing is, if you don’t allow law enforcement to intercept calls, the only one that could would be criminals.

Evildeliverance says:

You fail to realize that VoIP is currently relatively secure. It would be quite time consuming to tap into in the current situation. The point I am making is that providing a ‘lawful intercept’ would also be providing a weak link that would be just as easily used for ‘unlawful intercept’. If the police could access these taps from the police station, so could the stalker Joe Smith who you happened to piss off last week. The internet is not direction specific.

Anonymous Coward says:

Evil, VoIP is not currently relatively secure. I have attended VoIP security workshops at RBOC’s and their VoIP networks are not secure. They know it, they are worried about it, there have been media stories about issues around it. You can’t tell me that the pure play providers included security while providing low cost.

The police (or law enforcement) don’t access the networks from their office, they do that at the carriers location.

araemo says:

Re: Re:

“I have attended VoIP security workshops at RBOC’s and their VoIP networks are not secure. They know it, they are worried about it, there have been media stories about issues around it. You can’t tell me that the pure play providers included security while providing low cost.”

All the technologies required to make VoIP secure have been around for years, most of them are unpatented, so there is no major cost difference required. Unfortunately for the FBI, NSA, etc.. the technologies used are pure end-to-end encryption, which prevents them from having any method to listen in.

I’ll discuss a couple of ways to build in ‘lawfull intercept’:

Possibility #1: The main connection is encrypted via public/private key pairs(Probably one of the best possibilities). Those asymmetric key pairs are only used to encrypt the connection setup, they are far too procssor-intensive to be used for the main encryption, so a one-time random session key is created and shared using the public/private keys. The NSA could require that their public key be included in all endpoints, and encrypt a second copy of the session key using the NSA’s public key. The NSA just has to intercept the encrypted packets, and can get the session key from their special packet. The problem with this, and this is a problem with ALL public/private key systems is: If the key is ever compromised, it is compromised for every instance ever, future and past. So even though it would take YEARS to break that key, once it is broken, any communications that had that key would be compromisable. Second, it only takes one good hacker or corrupt NSA agent to smuggle that key into the wild, so that it might be ‘broken’ sooner. Any hardware/software that still has that key would be vulnerable. And if the NSA doesn’t know their key was stolen, they might keep using it, after all.. THEY don’t use that key, so it doesn’t hurt them any… it just hurts our privacy even more.

Another possibility: Per-session keys chosen the way SSH/SSL/TLS handles theirs (And this does NOT require any kind of certificate. SSL for webpages uses certificates to prove the identity of the website, but the certificate is not required for high-strength encryption.)

How could the FBI get into this? Either building a back door into each VoIP program/hardware endpoint that they could access to either get the SSL/TLS session keys, or get a second SSL/TLS session for an ongoing call. Or to force each endpoint to call them with every call to give them the session key.. or many other possible ideas. However, none of those ideas involve the kinds of secret rooms that the NSA has been accused of putting into phone company offices, because those rooms would only be capturing encrypted packets, which would be useless to the FBI(And the NSA) without any kind of back-door to get the encryption keys. So, fundamentally, anything that allows the government to break into the conversation, also allows other smart people to do the same thing. The only way to ensure the security of the communication is to prevent ANYONE from breaking in. Yes, governments have been afraid of this for a very long time, but the supreme court defended our right as United States citizens to have the technology to hide our speach from the government.

They all have the problem that, since VoIP endpoints are talking on the public internet, that anyone that can communicate with the endpoint could use this back door. Sure, only the government would be TOLD how to use it, but do you think anyone TOLD hackers how to break into windows the way Code Red did? Or SQL Slammer? Or 90% of the other viruses/exploits that have been out there – nope, they figured it out themselves. Any time you allow for a third party to surreptitiously log into a system, you allow the possibility that a fourth party will figure it out too. There MAY be possible ways for this to be implemented in a secure manner, but if the government isn’t going to share the details of how with us(So that security researchers can take a look and make sure any flaws are FIXED), I won’t be able to support this. If the government(or anyone else) tries the argument ‘if they told you how it worked, it wouldn’t be secure anymore’, is relying on an ad-hominem argument. Security that relies on secrecy of the implementation is fundamentally flawed. Secrecy of the implementation only hides flaws, it does not fix them, it leaves them there to be found.

(I wonder if anyone will read this whole thing..)

Anonymous Coward says:

Lets just not let the govt. listen in on calls when needed. They shouldn’t be able to look for patterns. They should just leave us alone, I mean, we wouldn’t blame them when those 30 or so ‘deprived’ guys got on those 747’s and killed the 3,000 or so passengers, right? We won’t blame them when they blow up our trains, right? We won’t blame them when some wack job teen posts threats on the web and then goes out and kills a bunch of classmates, right?

Meathook says:

Those who sacrifice freedom for peace will ultimately have neither.

You are at greater risk driving to the airport than of a terrorist taking out your plane. I for one am willing to take my chances rather than sacrificing freedoms.

The government needs to get back to old fashioned field work like in the good old days. We didn’t have all this technology and our intel was as good or better.

Anonymous Coward says:

araemo, I read it all

Good post, although I think you might underestimate the time and cost to actually implement some of these “free systems.” Companies typically rush a product to market, then worry about the security on the back end. That makes securing it harder.

Also, your argument is true, but the fact is, the VoIP networks of today are not secure, so lawful intercept won’t really make it any less secure, hackers can get into it now, why would they bother to go after a hardened lawful intercept access point?

Phil Z does have the Z phone, so there are options out there, but that gets back to the question of allowing the govt. access to communication? After yesterday, do we want to restrict the govt”s ability to gather intelligence?

Communications have changed, now things like email, chat rooms, drafts of emails have to be looked at, because thats what terrorists are using. VoIP is not different than any of the other things, its communication.

Araemo says:

Re: araemo, I read it all

“Lawful intercept” as you keep convincingly calling it, may, among other things, make it illegal for me to run my own voip system over an encrypted link. I don’t think that would be enforceable. I also don’t think it matters that much.

You mention the Z phone, and there are other products out there(Though I don’t know of any quite as polished as the Z phone), but would this make the Z phone illegal?

“After yesterday, do we want to restrict the govt”s ability to gather intelligence?”

Show me evidence that the ability to tap americans’ phones lead to the intelligence necessary to stop the attempted attacks yesterday. Bringing up the spector of terrorism is not a free win, and it does a disservice to actual efforts to stop terrorism, because it makes it hard to separate the good arguments from the bad, when they both start with ‘We need to stop terrorists’ 500 times.

Communications have indeed changed, and I’ll tell you two big reasons why allowing american companies to provide truly secure telephony will not hamper real terrorist investigations at all:

#1: Real terrorists likely use strong encryption, or steganography(And I don’t mean microdots in newspapers), to hide their communications, instead of relying on normal channels.

#2: Even if the call is encrypted, both endpoints need to be secure for that to matter at all. More often than not, it is easier to plant a program to ‘bug’ a computer than it is to perform a proper man-in-the-middle attack on a good cryptographic session.

#3: None of that matters at all when the programs/devices used for VoIP over the internet are not made or sold in america. Nothing is stopping terrorists from buying chinese, russian, or norwegian cryptography products that are not legally bound to allow the NSA/FBI/whoever in.

Ok, so I gave you 3 reasons. I am not convinced that compromising the privacy and freedom of american citizens in this manner will help catch competant terrorists. The ones that are not competant enough to use non-american security systems will likely be setting off enough flags to get caught by other means too. Yes, it’s possible they won’t. But it’s also possible that even if the government could eaves drop on everyone’s phone calls, all the time, and flag all terrorist discussion on those phone calls.. that terorrists could still pull off their plans. I am not going to roll-over and give up my freedoms because they MIGHT help catch someone.. especially when the logical argument for me to do so is so weak.

(For the record, I’m leaving the lawfullness of these intercepts as a matter for the courts. I’m only discussing the idealogical/logical argument and likely outcomes.)

Also, for many ‘cryptographically secure’ systems(SSH, most IM encryption, etc.), they are only secure for the 2nd+ connection. If your first connection is to a man-in-the-middle, they can simply pass on your data.. For known terrorist suspects, this is amazingly easy for the gov to do, if they have equipment installed in most major backbones in the US. Again, this won’t hurt smart terrorists, because they will use public/private keys that they share beforehand to verify eachother’s identity..

And there are also all those ‘perfect forward secrecy’ systems that I still don’t believe are possible, but many people are pushing. I admit I don’t understand the math well enough to even start to understand the claims, so I am not putting my faith in them until they have been around a good while longer.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...