Sip Security the Session Inititation Protocol (sip)
نویسندگان
چکیده
Ubiquitous worldwide broadband Internet access as well the coming of age of VoIP technology have made Voice-over-IP an increasingly attractive and useful network application. Currently the “human-readable” Session Initiation Protocol (SIP) which is based on a simple HTTP-like request/response exchange is steadily gaining headway against the considerably more complex ASN.1 encoded H.323 Multimedia ITU-T standard introduced by the telecom industry some years ago. Unfortunately little attention has been given to the security aspects involved in running a phone connection over the public Internet. This paper gives a comparative overview over the security mechanisms recommended by the SIP standard and presents a practical SIP implementation realized at the Zürcher Hochschule Winterthur (ZHW), based on S/MIME authentication and encryption of the session initiation and ensuing protection of the media channels using the Secure Real-time Transport Protocol (SRTP). 1 The Session Inititation Protocol (SIP) Due to its simple and fast session setup mechanism, the Session Initiation Protocol (SIP) [Ro02] has quickly made large inroads into the Voice-over-IP (VoIP) market previously dominated by implementations adhering to the rather complex H.323 ITU-T Internet telephony standard. Whereas H.323 is closely modelling a traditional ISDN Layer 3 call set-up and uses ASN.1-coded binary messages for signalling, SIP is based on an HTTPlike request/response transaction model using human-readable ASCII messages with a syntax nearly identical to HTTP/1.1 [Fi99]. Figure 10 depicts an example of a SIP INVITE request which includes all necessary information required to set up an audio connection. 1.1 Example SIP Session Figure 1 shows a typical SIP message exchange scenario between two users Alice and Bob belonging to the domains atlanta.com and biloxi.com, respectively. SIP user identification is based on a special type of Uniform Resource Identifier (URI) called a SIP URI with a form similar to an email address. In our example Alice’s SIP URI is assumed to be sip:[email protected] and Bob’s sip:[email protected]. Published in“E-Science und Grid, Ad-hoc-Netze, Medienintegration – 18. DFN-Arbeitstagung über Kommunikationsnetze, Düsseldorf”, Jan von Knop, Wilhelm Haverkamp, Eike Jessen (Editors), GI-Edition Lecture Notes in Informatics P-55, Bonner Köllen Verlag 2004, pp. 397-410. © Copyright 2004 Gesellschaft für Informatik e.V. (GI), Ahrstrasse 45, D-53175 Bonn. 2 sip:[email protected] atlanta.com biloxi.com sip:[email protected]
منابع مشابه
Security testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاململزومات امنیتی پیادهسازی IMS SIP سرور امن
IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...
متن کاملSIP Security
Ubiquitous worldwide broadband Internet access as well the coming of age of VoIP technology have made Voice-over-IP an increasingly attractive and useful network application. Currently the “human-readable” Session Initiation Protocol (SIP) which is based on a simple HTTP-like request/response exchange is steadily gaining headway against the considerably more complex ASN.1 encoded H.323 Multimed...
متن کاملThe Session Initiation Protocol (SIP) "Replaces" Header
The Session Inititation Protocol (SIP) "Replaces" Header draft-ietf-sip-replaces-04.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents ...
متن کامل