Thursday, September 3, 2015

SIP Security – Analyze SIP HA1 Values

WWW-Digest authentication (RFC 2617), the same used to authenticate users in SIP, requires that both server and user share and store the same secret. Storing the password in clear text is really bad, unfortunately the only alternative is to store the so called HA1 string, which is the result of MD5 hashing over username, authentication realm and password — this has become the default lately. 
Kamailio, as well as other SIP server side applications such as Asterisk or FreeSwitch, can work with clear text passwords as well as HA1 values (no need to repeat that you should use them with the second option!).
Each SIP service that allows customers to set the passwords must have a system in place to test if the passwords are strong enough to offer a fair protection against dictionary attacks. However, not all of them had such system from the moment they started to get customers.
To become safe, the options are:
  1. force a reset of the passwords, so the new values are tested to see if they are strong
  2. try to audit the existing HA1 values in subscriber database and detect the ones using weak values
The option a) is the best, but not easy to implement if the service provider doesn’t control the devices of the customer (CPE), especially when the customer has no IT/technical background.
The option b) means more or less that the SIP provider performs a dictionary attack against itself. Tools like sipsak, sipp or sipvicious can be used for such task, but they have the drawback of doing quite some processing: build and parsing of SIP messages, plus network communication. The SIP servers with all subscriber accounts have to replicated on different machines, not to overload the production instances.
But, unlike the attacker, the service provider has access to HA1 strings, knows the usernames and realsm, therefore it can skip a lot of processing done by SIP scanning tools and that can save a lot of resources and time.
Not finding quickly an existing implementation for such needs, a tool named md5ha1 has been developed and published on Github, targeting to help doing audits over HA1 values, it is available at:
It has options to load passwords from a file (e.g., 101, 123, …), generate passwords using templates (e.g., %u123 – replace %u with username) from a file or generate passwords using a set of characters with minimum and maximum length (e.g., passwords using only digits with length between 3 and 6). The readme of the project has more details about how md5ha1 can be used.
Hopefully the tool is going to be useful for Kamailio community! Improvements to it are welcome, use Github platform for issues and contributions.

No comments:

Post a Comment