Interesting People mailing list archives
report on security risks of applying CALEA to VoIP
From: David Farber <dave () farber net>
Date: Tue, 13 Jun 2006 18:32:07 -0400
Begin forwarded message: From: Susan Landau <susan.landau () sun com> Date: June 13, 2006 10:35:37 AM EDT To: dave () farber net Subject: report on security risks of applying CALEA to VoIP Tuesday 13 June 2006 at 10:35 Below you'll find an executive summary of "Security Implications of Applying the Communications Assistance for Law Enforcement Act to Voiceover IP," by Steve Bellovin, Matt Blaze, Ernie Brickell, Clint Brooks, Vint
Cerf, Whit Diffie, Susan Landau, Jon Peterson, John Treichler.The full report is at: http://www.itaa.org/news/docs/ CALEAVOIPreport.pdf.
Susan Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP Steven Bellovin, Columbia University Matt Blaze, University of Pennsylvania Ernest Brickell, Intel Corporation Clinton Brooks, NSA (retired) Vinton Cerf, Google Whitfield Diffie, Sun Microsystems Susan Landau, Sun Microsystems Jon Peterson, NeuStar John Treichler, Applied Signal Technology Executive Summary For many people, Voice over Internet Protocol (VoIP) looks like a nimbleway of using a computer to make phone calls. Download the software, pick
an identifier and then wherever there is an Internet connection, you can make a phone call. From this perspective, it makes perfect sense that anything that can be done with a telephone, including the gracefulaccommodation of wiretapping, should be able to be done readily with VoIP
as well. The FCC has issued an order for all ``interconnected'' and all broadband access VoIP services to comply with Communications Assistance for LawEnforcement Act (CALEA) --- without specific regulations on what compliance would mean. The FBI has suggested that CALEA should apply to all forms of
VoIP, regardless of the technology involved in the VoIP implementation. Intercept against a VoIP call made from a fixed location with a fixed IPaddress directly to a big internet provider's access router is equivalent to wiretapping a normal phone call, and classical PSTN-style CALEA concepts
can be applied directly. In fact, these intercept capabilities can be exactly the same in the VoIP case if the ISP properly secures its infrastructure and wiretap control process as the PSTN's central offices are assumed to do.However, the network architectures of the Internet and the Public Switched Telephone Network (PSTN) are substantially different, and these differences
lead to security risks in applying the CALEA to VoIP. VoIP, like mostInternet communications, are communications for a mobile environment. The feasibility of applying CALEA to more decentralized VoIP services is quite
problematic. Neither the manageability of such a wiretapping regime nor whether it can be made secure against subversion seem clear. The real danger is that a CALEA-type regimen is likely to introduce serious vulnerabilities through its ``architected security breach.''Potential problems include the difficulty of determining where the traffic
is coming from (the VoIP provider enables the connection but may not provide the services for the actual conversation), the difficulty ofensuring safe transport of the signals to the law-enforcement facility, the risk of introducing new vulnerabilities into Internet communications, and the difficulty of ensuring proper minimization. VOIP implementations vary substantially across the Internet making it impossible to implement CALEA
uniformly. Mobility and the ease of creating new identities on the Internet exacerbate the problem. Building a comprehensive VoIP intercept capability into the Internetappears to require the cooperation of a very large portion of the routing
infrastructure, and the fact that packets are carrying voice is largely irrelevant. Indeed, most of the provisions of the wiretap law do notdistinguish among different types of electronic communications. Currently the FBI is focused on applying CALEA's design mandates to VoIP, but there
is nothing in wiretapping law that would argue against the extension ofintercept design mandates to all types of Internet communications. Indeed, the changes necessary to meet CALEA requirements for VoIP would likely have
to be implemented in a way that covered all forms of Internet communication.In order to extend authorized interception much beyond the easy scenario,
it is necessary either to eliminate the flexibility that Internetcommunications allow, or else introduce serious security risks to domestic VoIP implementations. The former would have significant negative effects
on U.S. ability to innovate, while the latter is simply dangerous. Thecurrent FBI and FCC direction on CALEA applied to VoIP carries great risks.
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- report on security risks of applying CALEA to VoIP David Farber (Jun 13)