The End of the PSTN As You Know It

DEF CON 20

Presented by: William Borskey, Karl Feinauer, Jason Ostrom
Date: Saturday July 28, 2012
Time: 13:00 - 13:50
Location: Track 5 / Penn & Teller

The PSTN as you know it is changing. In March of 2012, the NSA announced "Project Fishbowl", a reference architecture for secure mobility VoIP usage on smartphones using WiFi or 3GPP networks. At the same time, mobile carriers in the US (seemingly) ensure that subscribers must purchase voice plans on their smartphones and can't opt for data only plans - which curtails a compelling option of purchasing a smartphone for data only usage, such as VoIP. Other mysterious clues abound. Since the mid-to-late 90s, users have been able to host their own web and email servers using open standards and DNS for advertisements, peering directly between domains and systems. At the same time, since the early 2000s, the technology and protocols have existed for enabling direct VoIP peering between enterprises, bypassing the PSTN, using DNS SRV records and ENUM - the same way we've been using DNS for HTTP and SMTP for years. But why is this seemingly attractive option for cost savings and collaboration not more widely adopted? Surely this is the way VoIP was meant to be used? Or isn't it?

In this talk, we will explore the so-called market buzz of "UC Federation". Rather, we will kick this term to the bit bucket, and present an overview of how the industry is deploying these solutions technically. We will take a closer look at the security of being able to use UC between organizations, advertised using DNS, the same way that companies use UC internally for VoIP, HD Video, data sharing, IM & Presence, and collaboration applications. This talk is divided into three sections.

First, we'll share our research on the state of public SIP peering using DNS SRV. Is SIP peering proliferating? How? What does it mean? Using a PoC research tool, we'll look at some initial data we've found, in order to plot the increase of peering using DNS SRV records for SIP service location advertisement.

Second, we will show the audience findings from our UC “Federation” Honeypot research project. We've built a UC solution using a large commercial vendor, and have tested "Federation" with the help of the Global Federation Directory. Just to see what would happen. We've also set up a network of cloud based UC Federation honeypots using open source software, to explore attacks against UC Federation Systems.

Last, we show it can be done and how. Did you know that you can set up your own VoIP server with DNS based routing and HA and directly peer between VoIP servers, providing services for your friends and your company from your favorite BYOD using an address just like your email address, right now? For little to no cost, using open source software? It's interesting that when companies communicate VoIP inter-domain, the most prevalent architecture is to route calls over a private network, or through a carrier connected to the PSTN. Ironically, the infrastructure has existed for years to do direct public SIP peering. We'll explore this concept of "Islands of VoIP", and bring together our security research findings in this area along with industry roadblocks. Can a more open standard protocol be adopted using existing open source software, to easily UC "Federate" between different vendors? We think this is the future. It's exciting, and we want to show it to you.

Celebrating the 20th anniversary of DEF CON, this presentation is bold. We can't promise that it will be 100% complete, as it will likely evolve well past DEF CON. But we do promise some ballyhoo demos and shenanigans. Tomfoolery will ensue.

Jason Ostrom

Jason Ostrom is a security researcher working in the VIPER Lab, with an interest in UC application (In)security. He is a graduate of the University of Michigan, Ann Arbor, and has over 14 years of experience in the IT industry, including VoIP penetration testing. He is the author of the VoIP Hopper security tool and has contributed to other open source UC security tools.

Karl Feinauer

Karl Feinauer is a Vulnerability Research Software Engineer working in the VIPER Lab. Karl has a strong interest in Windows and UC security, and contributed to the development of the OCS Assessment Tool. He is a graduate of the University of Texas at Arlington.

William Borskey

William Borskey is a Senior Security Consultant working in the VIPER Lab. His areas of interest include telecommunications and security. He is a graduate of Louisiana State University at Baton Rouge.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats