Jon Crowcroft University of Cambridge 5th Feb, 2006.This note is about the press release made by the CRN early this year. The release is available from the CRN website and is entitled: Communications experts warn of VoIP security issues (cached copy from google here
There are around 70+ technical news items reporting and commenting on this at the time of writing, that can be found via Google's news service. Most take a constructive view of what I was trying to do. Direct interactions with press (e.g. Wall St. Journal) and technical groups (e.g. VOIPAS) have also been largely positive.
This is a note to clarify what the back story behind this press release was. This is my own view, and people may differ as to details and interpretation.
I am publishing this because of adverse reaction in some quarters to the release, to try to restore some trust in the process of some of the work the CRN is engaged in in the Denial-of-Service and security area. I am going to disengage from that work for the rest of this year, to make sure people can discuss things without worrying about what I might do, mistakenly or otherwise.
I personally made this analysis of the possibility of this security problem as a result of thinking about the problem of botnet control systems. I started thinking about this properly after attending a workshop organised by OARC on the Domain Name System, in July 24/25, 2005, whose agenda is online. (Note, nothing to do with the CRN DoS working group). We were there (myself and one of my PhD students, Tim Deegan) by invitation to present work on our centralised DNS design and implementation, which is part of ongoing research in designing a more robust Internet.
At that meeting, there was a discussion of various problems in the Internet, for which DNS plays a part - In the Computer Laboratory in the University of Cambridge, we have been working on Intrusion Detection, Worm Containment and more robust DNS implementations, so all of these ideas (viz talk on Darknets) were pretty familiar to us, and some of the ways to construct an overlay that is hard to trace are common knowledge in the security research world (viz Crowds, Onion Routing, Cover Nets) as well as ways to defend services against them (viz, for example, our work on Eternity, Vigilante, Symmetry, and many others, with folks at Berkeley, Intel, Microsoft, MIT etc).
In the last DoS WG face-to-face meeting I was listening to a talk about the list of recent attacks by a member, and chatting to him afterwards, he suggested that a weakness with the DDoS work was that, like many groups, we discussed defenses against past attacks, and that we needed to think more "like the bad guys", so we would devise defenses for attacks as yet unknown. To do this, we would have to consider novel attacks ourselves. In fact, we had, to some extent, already done this in a lot of our work on worm containment and on inverse firewalls, and in general, in security work, a threat analysis is the first thing you do in working on a new mechanism. As part of due diligence, and generally for the users' confidence, it behoves us to publish this. Note that I did not formally present the idea in the DoS working group, nor had it arisen because of any discussion (e.g. threat analysis) in the DoS working group, so the issue of trust or breach of Chatham House Rule under which early DoS meetings were held is not necessarily relevant, although I can understand that people may feel that agreements we made in that group cover all academic members behaviour outside the group to. That is demonstrably incorrect (for example, it cannot cover my own work with Microsoft or Intel, or most saliently DoCoMo, some of which I couldn't discuss with DoS WG members without undertaking an NDA). More specifically, VOIP has not been any part of the DoS work either.
Subsequently, in the CRN Wireless Workshop in December, where a journalist (Peter Judge) happened to be present, I outlined the problem I'd identified, as an example of the sort of thing we should be thinking about, to get ahead of the game. The initial idea behind the writing the press release was initially to ensure that Peter got the facts right. We then realised that this was also an opportunity to promote the CRN and its work, and to show
In general, in the telecom business, I have not observed this approach, and in general, the telecom industry has a poor track record of pre-empting attacks - more of this below.
I do not mind personal attacks (viz the assertion that I made this press release as part of some self-aggrandisement), so much, even when they are patently absurd (I am sufficiently arrogant as an ex Westminster/Cambridge professor to believe that my personal fame is beyond enlargement, despite much spam advertising helpful support:).
The actual goals of this press release, which the CMI office in Cambridge, and the CRN director encouraged me to contribute (I don't know how to do a press release from Adam myself), were 4-fold:
A very fine analysis of how skype works, and links to associated work on some of the consequences, has been done by Salman Abdul Baset and his advisor, Henning Schulzrinne at Columbia University in NY.
I personally am surprised at the negative reaction from some parts, that this is a problem for CRN 's relationship with industry. especially since this reaction was made before actually doing any analysis of either what we said, or of the actual reaction in industry. The responses I have had from the VOIPAS, and other organisations have been 100% constructive, without exception. No journalist that I have spoken to has reacted the way that some local industry have. I believe this is also true of the journalists my colleagues have spoken to.
To restate things.
I am, however, going to step aside from the DoS (and other security) work in the CRN completely for the rest of 2006 (which takes us to the end of our current funding). This should not be a problem since there is now a paid up WG manager, and the group has much fine work ongoing, but it does mean that the Cambridge work on Bro, inverse firewalls, worm containment, as well as new work on Bayesian re-enforcement of snort rules will have to get reported via other channels than myself.