SIP SECURITY WILEY. Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne. A John Wiley and Sons, Ltd.

Transcription

1 SIP SECURITY Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne WILEY A John Wiley and Sons, Ltd., Publication

2 Foreword About the Authors Acknowledgment xi xiii xv 1 Introduction 1 2 Introduction to Cryptographic Mechanisms Cryptographic Algorithms Symmetric Key Cryptography Public Key Cryptography Key-less Cryptographic Functions Secure Channel Establishment IP Layer Security Application Layer Security Authentication in 3GPP Networks AKA Authentication Vectors AKA Mutual Authentication AKA Re synchronization Security Mechanisms Threats and Vulnerabilities 38 3 Introduction to SIP What is SIP, Why Should we Bother About it and What are Competing Technologies? SIP: the Common Scenarios Introduction to SIP Operation: the SIP Trapezoid SIP Components User Agent Registrar Redirect Server Proxy Real-world Servers Addressing in SIP 60

3 3.6 SIP Message Elements Who are you Calling? Who is Calling You? How to Route SIP Traffic Even More Header-fields SIP Message Body SIP Methods 3.7 SIP Dialogs and Transactions 3.8 SIP Request Routing User Location Routing User-provisioned Routing ENUM: Public Phone Number Directory Interdomain Routing: DNS Routing Tables 3.9 Authentication, Authorization, Accounting User Authentication in SIP Authorization Policies Accounting 3.10 SIP and Middleboxes 3.11 Other Parts of the SIP Eco-system 3.12 SIP Protocol Design and Lessons Learned 4 Introduction to IMS 4.1 SIP in IMS Quality of Service Control Support for Roaming Security Efficient Resource Usage 4.2 General Architecture Subscriber and User Equipment Signaling Components Interworking Components QoS-related Components Application and Service Provisioning-related Compon Database-related Components 4.3 Session Control and Establishment in IMS UE Registration in IMS Session Establishment in IMS 5 Secure Access and Interworking in IMS 5.1 Access Security in IMS IMS AKA Access Security Access-bundled Authentication HTTP Digest-based Access Security Authentication Mechanism Selection 5.2 Network Security in IMS

4 vu 6 User Identity in SIP Identity Theft Identity Authentication using S/MIME Providing Encryption with S/MIME Providing Integrity and Authentication with S/MIME Identity Authentication in Trasted Environments Strong Authenticated Identity Identity Theft Despite Strong Identity User Privacy and Anonymity User-provided Privacy Network-provided Privacy Subscription Theft Fraud and SIP Theft of SIP Services Media Security The Real-time Transport Protocol Secure RTP The SRTP Cryptographic Context The SRTP Payload Structure Sequence Numbering The Key Derivation Procedure The SRTP Interaction with Forward Error Correction Key Exchange SDP Security Descriptions for Media Streams Multimedia Internet Keying ZRTP DTLS-SRTP The Capability Negotiation Framework Summary Denial-of-service Attacks on VoIP and IMS Services Introduction General Classification of Denial-of-service Attacks Bandwidth Consumption and Denial-of-service Attacks on SIP Services Bandwidth Depletion Attacks Memory Depletion Attacks General Memory Depletion Attacks Memory Depletion Attacks on SIP Services CPU Depletion Attacks Message parsing Security checks Application execution Misuse Attacks TCP/IP Protocol Deviation Attacks Buffer Overflow Attacks 247

5 8.7.3 SIP Protocol Misuse Attacks Distributed Denial-of-service Attacks DDoS Attacks with Botnets IP-based Amplification Attacks DNS-based Amplification Attacks Loop-based Amplification Attacks on SIP Services Forking-based Amplification Attacks on SIP Services Reflection-based Amplification Attacks on SIP Services Unintentional Attacks Flash Crowds Implementation and Configuration Mistakes Address Resolution-related Attacks DNS Servers Security Threats Effects of DNS Attacks Countermeasures and General Protection Mechanisms for DNS Services DNS-related Attacks on SIP Services Protecting SIP Proxies from DNS-based Attacks Attacking the VoIP Subscriber Database Web-based Attacks on the Subscriber Database SIP-based Attacks on the Subscriber Database Denial-of-service Attacks in IMS Networks Bandwidth Depletion Attacks Memory Depletion Attacks CPU Depletion Attacks Protocol Misuse Attacks 21A Web-based Attacks 21A 8.13 DoS Detection and Protection Mechanisms Detection of DoS Attacks Signature-based DoS Detection Anomaly-based DDoS Detection Reacting to DoS Attacks Dynamic Filtering Rate Limiting IP Traceback Preventing DoS Attacks Access Control Memory Protection Architectural Consideration DDoS Signature Specification Fuzzing Honeypots SPAM over IP Telephony Introduction Spam Over SIP: Types and Applicability 292

6 ix General Types of Spam Why is SIP Good for Spam? Legal Side of Unsolicited Communication Protection of Personal Privacy Protection of Property Legal Aspects of Prohibition of Unsolicited Communication by Service Providers Effectiveness of Legal Action Fighting Unsolicited Communication Antispam Measures Based on Identity Content Analysis Collaborative Filtering Interactive Antispam Solutions Preventive Antispam Methods General Antispam Framework 314 Bibliography 317 Index 331