RTSP Security

1
RTSP Protocol
Focus on SECURITY
Samuel Mony Philippe Sawadogo Team Alpha CmpE 209
Professor Richard Sinn
SJSU MS Software Engineering Spring 2009
2
Summary

• RTSP overview
• Security mechanisms
• Security issues
• Conclusion

2
Samuel Mony - Philippe sawadogo
3
RTSP overview

• RTSP What is it?
• RTSP Real Time Streaming Protocol
• Specifications rfc 2326
• Built using the HTTP1.1 specifications rfc 2616
• ASCII-based application-layer protocol.

Streaming play a content before finishing the
download.
3
Samuel Mony - Philippe sawadogo
4
RTSP overview

• RTSP How does it works?
• Manage streaming diffusion using Commands
• Start
• Stop
• Replay

Client
Server
RTSP Command
Media Player
Media Server
RTP Media Content
RTP Real-time Transport Protocol.
4
Samuel Mony - Philippe sawadogo
5
RTSP overview

• RTSP What is it for?
• On Demand Media content
• Video
• Music
• Radio
• TV
• Audio and Video conference

5
Samuel Mony - Philippe sawadogo
6
Security mechanisms

• RTSP overview
• Security mechanisms
• Security issues
• Conclusion

6
Samuel Mony - Philippe sawadogo
7
Security mechanisms

• Sessions
• Conference ID
• conference-id 1xchar
• Generated by a 3rd party protocol. (H.323 or SIP)
• Must be globally unique.
• Session ID
• session-id 1( ALPHA DIGIT )
• Randomly chosen.
• More than 8 octets.

xchar ALPHA DIGIT SPE.
7
Samuel Mony - Philippe sawadogo
8
Security mechanisms

• HTTP Authentication mechanism
• Server send a challenge token
• Client respond with Login and Password
• Server check access
• Server send content

HTTP Authentication RFC 2617
8
Samuel Mony - Philippe sawadogo
9
Security mechanisms

• HTTP Authentication Basic Access Authentication
• Server send a challenge
• Client encrypt response using base64 cipher.

WWW-Authenticate Basic realm"Control Panel"
Authorization Basic QWRtaW46Zm9vYmFy
Base64 cipher concatenation of 3 bytes then
packets of 6 bits.
9
Samuel Mony - Philippe sawadogo
10
Security mechanisms

• HTTP Authentication Digest Access Authentication
• Server send a challenge
• Client encrypt response using MD5 hasher.

WWW-Authenticate Basic realm"Control Panel"
Authorization Digest iygNOGbiuYFJK765ignyNLI7893
MD5 hasher irreversible hash. (RFC 1321)
10
Samuel Mony - Philippe sawadogo
11
Security Issues

• RTSP overview
• Security mechanisms
• Security issues
• Conclusion

11
Samuel Mony - Philippe sawadogo
12
Security Issues

• RTSP Security hole Man-in-the-Middle Attack

• Stream interception between client and server.
• Acts as a relay.

12
Samuel Mony - Philippe sawadogo
13
Security Issues

• RTSP Security hole File and Path Name Attack

1. RTSP URIs translated directly into file system
   calls
2. Special characters ( .. ) use as path
   component
3. Access to private area

13
Samuel Mony - Philippe sawadogo
14
Security Issues

• RTSP Security hole Denial of Service Attack

• Overloading of the bandwidth with malicious
  traffic.
• Bring down the server.

14
Samuel Mony - Philippe sawadogo
15
Security Issues

• RTSP Security hole DNS Spoofing

• Based on a deliberate Mis-Association between IP
  Address and Domain Name.

15
Samuel Mony - Philippe sawadogo
16
Security Issues

• RTSP Security hole Session hijacking

• Retrieving the random identifier of the session.
• Interception of the communication.

gt Use large random indentifier, avoid sequential
numbers.
16
Samuel Mony - Philippe sawadogo
17
Security Issues

• RTSP Security hole HTTP Authentification
  Mechanism Attack

• Unencrypted transmission of sensitive data
  (login, password).
• Stream interception (with Wireshark)

• Possibility of using hash MD5 !

gt Method of replay attack
17
Samuel Mony - Philippe sawadogo
18
Conclusion

• Security based on the HTTP protocol
• Be aware of security issues ex. Quicktime
• RTSPs RTSP over TLS Layer

18
Samuel Mony - Philippe sawadogo
19
Questions ?