User authentication in SIP

Size: px
Start display at page:

Download "User authentication in SIP"

Transcription

1 User authentication in SIP Pauli Vesterinen Helsinki University of Technology Abstract Today Voice over Internet Protocol (VoIP) is used in large scale to deliver voice and multimedia over the packet data networks, such as the Internet. The Session Initiation Protocol (SIP) is widely used as a signalling protocol for VoIP. As SIP is being used more, the security of it is an important issue. In this paper, we concentrate on user authentication in SIP. We examine current solutions in authentication and analyse them. As a result, some security issues and problems were found, which expose the SIP authentication to different kind of threats. KEYWORDS: SIP, authentication, VoIP 1 Introduction VoIP (Voice over Internet Protocol) is an interesting technology in the area of telecommunication, because with it voice calls can be delivered using Internet Protocol (IP) networks, the same as is used in transporting IP data. It is also promising since using Internet as a transport channel is more efficient than maintaining a separate telephone network for calls and another for data communication. Yet the usage degree of VoIP has not substituted PSTN (Public Switched Telephone Network) in telecommunications, but that could be the reality in the future. In VoIP voice is converted to data packets in contrast to PSTN, which realizes voice delivery in circuitswitched mode. VoIP packets are, as in any Internet Protocol based system, exposed to loss, delay or bandwidth limitations. When these network restrictions and issues are solved at acceptable level, VoIP technologies can be potential replacement for PSTN. As VoIP is getting popular and usage grows, it is important to consider the security issues on using it. There are many protocols used in VoIP signaling, but Session Initiation Protocol (SIP) [1] is one of the widely used ones. SIP is a signaling protocol functioning at applicationlayer, which can be used to initiate and terminate Voice over IP (VoIP) and multimedia sessions between user clients. [1, 2] Today SIP is the most promising Internet telephone signaling protocol, as Stefano, Veltri and Papadilo claim in their article [3]. While SIP is gaining reputation as a promising protocol for VoIP, can we rely completely on the security of it? In this article we will concentrate on user authentication in SIP, which is an important issue when the security of SIP is under consideration. For example, when user Jack (name not real) wants to make a SIP voice call to user Joanna (name also not real), how can he verify that he is connected exactly to SIP user client of Joanna, and not to a client pretending to be the SIP client of Joanna? Current solutions for authenticating users include different technologies and achieve multiple levels of security. This paper introduces methods and technologies for user authentication when SIP is used, how these solutions differ and what are the advantages and disadvantages of them. The objective is to give the reader a good overview and most relevant details about technologies used. Section 2 introduces SIP, authentication in general and possible attacks when SIP is used. Section 3 will concentrate on authentication mechanisms. In section 4 we will analyze the issues and problems on SIP user authentication. Finally, the conclusions will pull together the whole article. 2 SIP, authentication and different attacks We shall introduce in this section SIP, authentication in general and examine two scenarios how VoIP, especially SIP, attack might be possible. 2.1 Session Initiation Protocol (SIP) SIP is a text-based protocol which operates at application layer [1]. It is based on request-response model, invoking some function or method with request messages and getting response as a confirm or answer to the request. SIP allows end users to negotiate stream details, for example codecs used in session, using Session Description Protocol (SDP) [4]. In SIP, registration is needed and a SIP registrar handles that. User clients register to registrar server, which keeps record of SIP clients in that domain. As an example call flow, consider user Jack and user Joanna as in the Introduction section. As a beginning of a SIP call, the user client of Jack initiates a call by sending an INVITE message towards Joanna. This invitation includes Jack s proposition for session description based on SDP. That INVITE message is forwarded to the client of Joanna possibly through multiple SIP proxies. After that, the client of Joanna receives the INVITE message and replies with a 180 RINGING, which is forwarded towards the client of Jack. At the time when the client of Joanna sends 180 RINGING, it also informs Joanna about the incoming SIP call, meaning basicly that Joanna s SIP phone rings. If Joanna accepts the call, her client will reply to invitation with a 200 OK message, which includes Joanna s reply to the SDP received in the INVITE message.

2 This method of offering first a proposition of parameters and in answer receiving accepted parameters is called an offer/answer model. When the 200 OK message reaches back to Jack, his client will indicate Jack that the call is answered. His client can now determine the session details, accepted by the client of Joanna, from the SDP part of the received 200 OK message. Thereafter, SIP client of Jack sends an ACK message indicating the SIP phone of Joanna about the active and accepted session. From this point on, the client of Jack sends this ACK message straight to Joanna, without proxies, and the whole SIP conversation continues peer-topeer. The addresses of the the SIP user clients are learned through header fields in the messages during the exchange of the messages. The ongoing session ends, when either one sends an BYE message to the other peer. 2.2 Authentication Authentication means identifying the object, for example person, and knowing that the identity of the object is in reality the same as the object claims it to be [5]. It is absolutely important to be sure about the identity of receiver before sending data containing for example personal information. In SIP, authentication was introduced originally through using HTTP digest mechanism, transport layer mechanism or Secure Multipart Internet Mail Extensions (S/MIME) [1]. Details of these will be explained in next section, where mechanisms for authentication in SIP are introduced. 2.3 Attack scenarios What kind of security vulnerabilities exist? What are the threats in terms of SIP authentication? One possible threat is exposed in the registration of the user clients to the SIP registrar server, by hijacking registration of the user client. In SIP user client registration, the client sends an REG- ISTER message to registrar server, which includes both IPaddress and contact information of the user. This information can be used to hijack registration and forward incoming call to SIP phone of the hijacker. When registrar receives a request which is addressed to the user registered to the registrar receiving the request, the registrar looks for an IP address entry for the SIP contact requested. At this point hijacker might have cheated registrar by first blocking original user s registration messages by some means, for instance addressing a denial-of-service attack to user client. After blocking the user, the attacker sends it s own registration messages to registrar including the SIP contact information of the original user, but with the changed IP address. In other words, the registrar thinks only the IP address of the registered user is changed and SIP contact is associated to new IP address which is the hijacker s IP address. Then registrar will forward incoming call request to the hijacker instead of the original user. [6] In addition to register attack scenario, another type of attack is described in the article written by Cao and Jennings [7]. They introduce a threat which enables SIP calls forwarding to possibly rogue server by exploiting the lack of identifying response messages in SIP. Response identity means that responses to requests are not identified and though can be attacked. First, when SIP request is send to proxy server of the receiver, the attacker hijacks the request message and uses the header fields from that request. Then, attacker assigns the response with status code 302, which stands for "moved temporarily" [1]. When attacker sends this response message with headers stolen from request message, for example INVITE, incoming call is forwarded to attacker. The two attack scenarios introduced have implications on security and privacy, at least four major ones. First, attacker could get personal and confidential data of the users. Second, rogue party could mislead end users to participate to denial of service attack or third, to forward their calls to malicious voice mail. And fourth, existing call parties could be conferencing with rogue party. [7] 3 Authentication mechanisms in SIP Using SIP, there exists two basic principles for providing security, end-to-end and hop-by-hop [3]. End-to-end security on SIP data involves end users, for example SIP authentication. In contrast to end-to-end solutions which use SIP mechanisms to ensure security, hop-by-hop relies on the security provided by the network. Examples of hop-by-hop mechanism are transport-level security (TLS) and Internet Protocol Security (IPsec) [3]. In terms of authentication in SIP, several mechanisms exists which we introduce in succeeding subsections. SIP specification [1] introduces HTTP digest authentication and usage of S/MIME extensions. In addition to those, we introduce also other techniques of authentication, which are designed to improve security in SIP. 3.1 HTTP digest authentication in SIP In SIP specification [1], the authentication mechanism proposed is HTTP digest based authentication. In SIP terms, HTTP digest mechanism is called the SIP authentication. Originally, HTTP digest is a challenge-response protocol, in which a nonce value is used in challenging the target. The response includes then a checksum of the username, password, nonce value, HTTP method and requested URI. [8] SIP applies the digest mechanism for authenticating users to users or users to proxies, not proxies to proxies. The security between proxies relies on other mechanisms, for example TLS or IPsec. First, when a server receives a request message from the client, for example INVITE, it may challenge the sender of the message. The server sends an response message containing a nonce value and a realm towards the sender of the first request. The response is actually an error message requesting authentication. The realm in the message is the digest algorithm used in this challenge. The initiator, client, of the request receives the response and computes the response value, which is computed with nonce value received in challenge and with a username and a secret password. The secret password is known by both the client and the server. The client sends back the original request message with the computed response value, username, nonce value and realm. In figure 1 is SIP authentication mechanism as an example flow.

3 Figure 1: SIP authentication mechanism based on HTTP digest. [3] 3.2 Using S/MIME in SIP for authentication The Secure Multipart Internet Mail Extensions (S/MIME) in SIP [1] is used to carry replicates of SIP header fields inside a MIME body [7]. This enables authentication by the means of signing the replicated header fields to verify the identity of the sender. In the SIP specification [1], it is proposed to replicate all header fields inside a MIME part, which exposes some problems. First, the SIP header fields might get altered by the intermediate SIP entities which makes it difficult for the recipient to identify the legal or malicious changes in headers. Second, SIP messages can be large by their size, which causes overhead for processing and transporting of the messages. Therefore, a new solution for delivering authenticated identity of the call parties is specified by using an Authenticated Identity Body (AIB) in SIP. The AIB in SIP is a MIME body, which contains an authenticated identity. This solution of using AIB is introduced by Peterson in RFC 3893 [9]. 3.3 Authentication scheme for a trusted SIP domain This subsection introduces a scheme for authentication in SIP, which is developed by Srinivasan et al [10]. Their proposition is based on authenticating user client with the proxy server. The proxy server is outbound proxy for the domain and though it is at the edge of the domain. The user client that initiates a call communicates straight with that outbound proxy server, which implies that the authentication of the user client has to be handled by that outbound proxy. Though, user clients register to the registrar server, so the outbound proxy server authenticates the user client in co-operation with the registrar server in that trusted SIP domain. The assumption that proxy server authenticates user client with registrar leads to a requirement that proxy server and registrar server are trusted. Also these servers needs to have public key certificates, which are authorized by authorities of that domain. In figure 2 is presented the scheme of authenticating user Figure 2: SIP trusted domain scheme [10]. client inside a trusted domain. In the scheme the user client registers itself to the registrar server and sends inside the registration message the identity associated to the user client. The registrar server creates a large number of bits, say N, as a secret when it receives the registration message and replies to client with a value, which is computed with the N value and the identity of the user client. This value is the password for the user client. Then the registrar server computes a number r, which is generated with identities of the user client and registrar server, a hashfunction of user client identity with N, and a hashfunction of server identity with N. The user client initiating the call is required to authenticate itself with the outbound proxy of the trusted SIP domain. The user client sends request with the parameters as follows. With the password, received in registration, user client creates a secret random number R. Also the client generates a number n by computing it with the r and the password. In addition to those, user client computes a timestamp and a temporary key K. K is created with the timestamp and the password. The secret random number R is then encrypted with key K. Then user client sends the parameter A, as in figure 2. The A consists of n, R encrypted using K, identity of registrar and timestamp. When proxy server receives the request A with the parameters, it compares the timestamp in A and current time in order to verify that the message is in acceptable timeframe. After this, proxy server verifies the user client with registrar server using the proxy certificate and the parameters received in message B. The message B is sent by the proxy to registrar. After receiving message B, the registrar replies to it by sending a message C to proxy server, if the user client is identified and authorized in this domain. The proxy server then sends to the user client a temporary certificate, which is valid until the timestamp associated with the certificate expires. The proxy encrypts the certificate with session key, which is then used for all signalling traffic. When user client

4 receives the message D containing the encrypted certificate, it has got a temporary certificate and the session key to continue the call establishment to receiving user client. The details and computation equations of the messages B, C and D are out of the scope of this article. When the call is established between calling user client and called user s server, the identity information is shared. The server of the called user verifies the received certificate and if it is valid, it saves the session key and allows call to be established to called user client. 3.4 Lightweight scheme for authentication User clients register to the registrar server in SIP and though enable the SIP contact address binding to IP address of the user client [1]. The registration binding expires in certain time after registration, for example in a matter of hours, and then a new registration is needed. If the registrar needs to calculate signatures for each registration, the computational overhead increases and might reveal a threat of denial-ofservice attack. In this section we introduce a lightweight scheme, which can be used for SIP user authentication and securing the integrity of SIP contact addresses. This lightweight scheme is developed by Kong et al [11]. The scheme proposes that user client phones do the signing of their contact addresses instead of the registrar server. As an assumption in this scheme is, that the registrar servers have pre-issued certificates which are issued by trusted authority, and that the SIP servers in both calling party and called party domain trust each other. Each user client creates a pair of public key and private key, from which the private key is stored to client machine and public key distributed to registrar server. In registration, client signs the registration message with the public key of itself and the registrar verifies that registration message with the public key of the client. The authors [11] claim that verifying the messages signed by the user client requires less computational effort than creating signatures to clients. The scenario of public key usage is easy to achieve inside the trusted domain by distributing the public keys to all user clients, but how can users in that domain reach the users in other domain securely? The distribution of public keys in the scenario of [11] is handled by using Transport Layer Security (TLS) and Secure Sockets Layer (SSL) [12, 11]. The user client which does not have the public key of the user in other domain, initiates the call by opening a SSL/TLS channel to the proxy of the home domain. The proxy then retrieves the public key of the called user from the proxy in the other domain. The retrieval of called user public key is assumed to be secure and enabled by the assumption that the proxies are issued with certificates. Therefore the calling user receives the public key from the proxy in home domain through the opened secure SSL/TLS channel. The same secure channel is also used to send the public key of the caller to called party. The use of SSL/TLS channel is only needed when public key is exchanged, which happens at first call initiation when caller does not have the public key of the called party at all, or when the public key expires and a new one is needed. At meantime, the usual SIP can be used. 4 Issues and analysis of the SIP user authentication Previous sections in this paper have introduced mechanisms for authentication in SIP. The solutions are either from the original SIP specification [1] or defined by other parties. In this section, we will define and analyze the problems and issues related to authentication in SIP. 4.1 Problems in SIP authentication The HTTP digest authentication in SIP, introduced in section 3.1, suffers from two major weaknesses when it is applied in SIP, as Salsano et al state in their article of SIP security issues [3]. The first missing security issue is the lack of securing all headers and parameters in SIP which would possibly need protection. The second security weakness related to digest authentication is the requirement of pre-existing user configuration on servers, which does not scale well. S/MIME in SIP is used in carrying signed or encrypted replicates of headers and in authentication of users, as presented in section 3.2. This mechanism lacks the public key distribution problem, which means that the public keys used in authentication are difficult to distribute and maintain. The public key infrastructure is also susceptible to man-in-themiddle attack. [3] The authentication scheme for a trusted SIP domain, presented in 3.3 and based on [10], introduced an new authentication technique for user clients. It uses several hash computations and server certificates to ensure security. We think that there are problems in this solution in performance and overhead. The fact that outbound server and registrar server create user certificates and compute multiple functions in authentication [10], causes additional load and decreases the overall performance of the server. Also, if the load increases, the server comes more vulnerable to denial of service attacks as stated in [6, 11]. The authors of [10] claim, that their solution, tested with Pentium III 1.0 GHz processor, increased the processing overhead of SIP messages by 10 ms. The overhead was 60 ms without their solution and 70 ms with it. Our opinion is that from the performance point of view, in this solution there are too many computationally expensive operations to achieve authentication. The lightweight scheme defined by Kong et al [11], which we introduced in section 3.4, presents another solution for authentication in SIP. This mechanism uses SIP user client phones in signing contact addresses instead of the registrar servers. The authors claim, that this solution performs approximately same as using SIP traditionally. They have tested the throughput of a SIP server in call setup phase and evaluated the results by the amount of INVITE requests served per minute. The authors state also that using their solution performs approximately similar as when using traditional SIP. The actual amount of throughput is not given in the article of the lightweight scheme, but they present their findings in informative graph, which indicates that their solution is supposed to perform as they claim it is. Our opinion is, that this solution is performing well if the results presented by the authors are correct. Also, compared to the authentication scheme for a trusted SIP domain, presented in section

5 3.3, we think that this solution is performing well. 4.2 Analysis We think the security holes and problems in SIP user authentication are severe and should be noted when applying the SIP technology. As introduced in previous subsection, each of the solutions have their advantages and disadvantages. The HTTP digest authentication in SIP does not secure all the headers, which would need security. We think, that this weakness enables security threat since the registration hijacking scenario might be feasible also in this case. That scenario could possibly reveal to attacker personal data or other valuable information. Also the scalability problem related to digest mechanism is decreasing the use of it. The pre-configuration of users on servers is not very usable in large-scale, and the problem expands if there are many SIP users who join and leave frequently the domain. What comes to public key usage in authentication, there are some point-of-views to it. Though the public keys could be used to sign for example the contact addresses of the user clients, the sign operation is computationally expensive. Therefore, from the performance point-of-view, if the SIP user client phones do the signing of their contact addresses, the performance is claimed to be better than using SIP servers in signing. This might be true as the SIP servers are connected to many user clients, and the user clients only to that server. This leads to a star topology of SIP network inside a domain, where the SIP server is in the middle and user clients in the branches of the star. Therefore, distribution of any computationally expensive operation to branches of the star decreases the overall load of the server and decreases the threat of denial-of-service attack. From the security point-ofview, the distribution of user client public keys in a secure way could be problematic. When user client enters the domain, how can it distribute the public key of it without being man-in-the-middle attacked? Or from the scalability pointof-view, how can the user client distribute the public keys to all receiving peers it is going to contact? We find these problems related to public key usage in authentication an issue of future work and deeper research. 5 Conclusions In this article we have studied current solutions for authentication in SIP. The Session Initiation Protocol (SIP) and security threats from the VoIP and SIP point-of-view were introduced. The authentication in general and different kind of attack scenarios which might be possible when using VoIP technologies, especially SIP, were also presented. The solutions for authentication in using SIP were introduced in detail. These include mechanisms from SIP specification, for example the SIP authentication based on HTTP digest and the usage of S/MIME in SIP. There exists also other solutions, for instance an authentication scheme for a trusted domain and a lightweight scheme for authenticating users in SIP. We analyse the presented authentication mechanism and the problems related to them. The findings in this research are that SIP authentication, HTTP digest authentication in SIP, is not providing security at acceptable level. In addition, the usage of S/MIME suffers from the use of public key infrastructure. The two mechanisms for authentication in SIP, the authentication scheme for a trusted domain and the lightweight scheme provide some advantages in contrast to original SIP methods. References [1] Rosenberg J., Schulzrinne H., Camarillo G., Johnston A., Peterson J., Sparks R., Handley M. and Schooler E. SIP: Session Initiation Protocol. RFC 3261, IETF Network Working Group, June [2] Gooden Bur. Voice over Internet protocol (VoIP). In Proceedings of the IEEE, Volume 90, Issue 9, Sep Page(s): [3] Salsano Stefano, Veltri Luca and Papalilo Donald. SIP security issues: the SIP authentication procedure and its processing load. IEEE Network, Volume 16, Issue 6, Nov-Dec Page(s): [4] Handley J. and Jacobson V. SDP: Session Description Protocol. RFC 2327, IETF Network Working Group, April [5] Lowe Gavin. A Hierarchy of Authentication Specifications. Computer Security Foundations Workshop, Proceedings, June Page(s): [6] Thermos Peter. Two attacks against VoIP. SecurityFocus, April [7] Cao F. and Jennings C. Providing response identity and authentication in IP telephony. Availability, Reliability and Security, April [8] Franks J., Hallam-Baker P., Hostetler J., Lawrence S., Leach P., Luotonen A. and Stewart L. HTTP Authentication: Basic and Digest Access Authentication. RFC 2617, IETF Network Working Group, June [9] Peterson J. Session Initiation Protocol (SIP) Authenticated Identity Body (AIB) Format. RFC 3893, IETF Network Working Group, September [10] Srinivasan R., Vaidehi V., Harish K., Lakshmi- Narasimhan K., LokeshwerBabu S. and Srikanth V. Authentication of Signalling in VoIP Applications. Communications, Asia-Pacific Conference, Oct Page(s): [11] Kong L., Balasubramaniyan V.B. and Ahamad M. A lightweight scheme for securely and reliably locating SIP users. VoIP Management and Security, IEEE Workshop, Apr Page(s): [12] Dierks T and Allen C. The TLS protocol version 1.0. RFC 2246, IETF Network Working Group, January 1999.

A Lightweight Secure SIP Model for End-to-End Communication

A Lightweight Secure SIP Model for End-to-End Communication A Lightweight Secure SIP Model for End-to-End Communication Weirong Jiang Research Institute of Information Technology, Tsinghua University, Beijing, 100084, P.R.China jwr2000@mails.tsinghua.edu.cn Abstract

More information

Session Initiation Protocol Security Considerations

Session Initiation Protocol Security Considerations Session Initiation Protocol Security Considerations Sami Knuutinen Helsinki University of Technology Department of Computer Science and Engineering May 28, 2003 Abstract Session Initiation Protocol (SIP)

More information

Authentication and Authorisation for Integrated SIP Services in Heterogeneous Environments 1

Authentication and Authorisation for Integrated SIP Services in Heterogeneous Environments 1 Authentication and Authorisation for Integrated SIP Services in Heterogeneous Environments 1 Dorgham Sisalem, Jiri Kuthan Fraunhofer Institute for Open Communication Systems (FhG Fokus) Kaiserin-Augusta-Allee

More information

A Comparative Study of Signalling Protocols Used In VoIP

A Comparative Study of Signalling Protocols Used In VoIP A Comparative Study of Signalling Protocols Used In VoIP Suman Lasrado *1, Noel Gonsalves *2 Asst. Prof, Dept. of MCA, AIMIT, St. Aloysius College (Autonomous), Mangalore, Karnataka, India Student, Dept.

More information

SIP: Ringing Timer Support for INVITE Client Transaction

SIP: Ringing Timer Support for INVITE Client Transaction SIP: Ringing Timer Support for INVITE Client Transaction Poojan Tanna (poojan@motorola.com) Motorola India Private Limited Outer Ring Road, Bangalore, India 560 037 Abstract-The time for which the Phone

More information

Billing Attacks on SIP-Based VoIP Systems

Billing Attacks on SIP-Based VoIP Systems Billing Attacks on SIP-Based VoIP Systems Ruishan Zhang, Xinyuan Wang, Xiaohui Yang, Xuxian Jiang Department of Information and Software Engineering George Mason University, Fairfax, VA 22030, USA {rzhang3,

More information

A Federated Model for Secure Web-Based Videoconferencing

A Federated Model for Secure Web-Based Videoconferencing A Federated Model for Secure Web-Based Videoconferencing Douglas C. Sicker, Ameet Kulkarni, Anand Chavali, and Mudassir Fajandar Interdisciplinary Telecommunications Dept. and Dept. of Computer Science

More information

SIP, Session Initiation Protocol used in VoIP

SIP, Session Initiation Protocol used in VoIP SIP, Session Initiation Protocol used in VoIP Page 1 of 9 Secure Computer Systems IDT658, HT2005 Karin Tybring Petra Wahlund Zhu Yunyun Table of Contents SIP, Session Initiation Protocol...1 used in VoIP...1

More information

SIP : Session Initiation Protocol

SIP : Session Initiation Protocol : Session Initiation Protocol EFORT http://www.efort.com (Session Initiation Protocol) as defined in IETF RFC 3261 is a multimedia signaling protocol used for multimedia session establishment, modification

More information

Unregister Attacks in SIP

Unregister Attacks in SIP Unregister Attacks in SIP Anat Bremler-Barr Ronit Halachmi-Bekel Interdisciplinary Center Herzliya Email: {bremler,halachmi.ronit}@idc.ac.il Jussi Kangasharju Darmstadt University of Technology jussi@tk.informatik.tu-darmstadt.de

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Detection and Prevention Mechanism on Call Hijacking in VoIP System

Detection and Prevention Mechanism on Call Hijacking in VoIP System Detection and Prevention Mechanism on Call Hijacking in VoIP System Amruta Ambre Department of Computer Engineering D.J.Sanghavi College of engineering Mumbai, India Narendra Shekokar, Ph.D Department

More information

Radius/LDAP authentication in open-source IP PBX

Radius/LDAP authentication in open-source IP PBX Radius/LDAP authentication in open-source IP PBX Ivan Capan, Marko Skomeršić Protenus d.o.o. Telecommunications & networking department Zrinskih i Frankopana 23, Varaždin, 42000, Croatia ivan.capan@protenus.com,

More information

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany Service Provider implementation of SIP regarding security Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Chapter 2 PSTN and VoIP Services Context

Chapter 2 PSTN and VoIP Services Context Chapter 2 PSTN and VoIP Services Context 2.1 SS7 and PSTN Services Context 2.1.1 PSTN Architecture During the 1990s, the telecommunication industries provided various PSTN services to the subscribers using

More information

Session Initiation Protocol and Services

Session Initiation Protocol and Services Session Initiation Protocol and Services Harish Gokul Govindaraju School of Electrical Engineering, KTH Royal Institute of Technology, Haninge, Stockholm, Sweden Abstract This paper discusses about the

More information

SIP: Ringing Timer Support for INVITE Client Transaction

SIP: Ringing Timer Support for INVITE Client Transaction SIP: Ringing Timer Support for INVITE Client Transaction Poojan Tanna (poojan@motorola.com) Motorola India Private Limited Outer Ring Road, Bangalore, India 560 037 Abstract-The time for which the Phone

More information

An Overview on Security Analysis of Session Initiation Protocol in VoIP network

An Overview on Security Analysis of Session Initiation Protocol in VoIP network An Overview on Security Analysis of Session Initiation Protocol in VoIP network Tarendra G. Rahangdale 1, Pritish A. Tijare 2, Swapnil N.Sawalkar 3 M.E (Pursuing) 1, Associate Professor 2, Assistant Professor

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information

Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information Changyong Lee, Hwankuk-Kim, Hyuncheol Jeong, Yoojae Won Korea Information Security Agency, IT Infrastructure Protection Division

More information

2. SIP Authentication Mechanisms. 2.1 SIP Digest Authentication

2. SIP Authentication Mechanisms. 2.1 SIP Digest Authentication ISSN (Online): 1694-0784 ISSN (Print): 1694-0814 10 Towards Public Key Infrastructure less authentication in Session Initiation Protocol Abdullah Al Hasib 1, Abdullah Azfar 2 and Md. Sarwar Morshed 3 1,3

More information

A Call Conference Room Interception Attack and its Detection

A Call Conference Room Interception Attack and its Detection A Call Conference Room Interception Attack and its Detection Nikos Vrakas 1, Dimitris Geneiatakis 2 and Costas Lambrinoudakis 1 1 Department of Digital Systems, University of Piraeus 150 Androutsou St,

More information

NAT TCP SIP ALG Support

NAT TCP SIP ALG Support The feature allows embedded messages of the Session Initiation Protocol (SIP) passing through a device that is configured with Network Address Translation (NAT) to be translated and encoded back to the

More information

VoIP Secure Communication Protocol satisfying Backward Compatibility 1

VoIP Secure Communication Protocol satisfying Backward Compatibility 1 VoIP Secure Communication Protocol satisfying Backward Compatibility 1 JOONGMAN KIM SEOKUNG YOON YOOJAE WON JAEIL LEE IT Infrastructure Protection Division Korea Information Security Agency 78, Garak-Dong,

More information

(Refer Slide Time: 6:17)

(Refer Slide Time: 6:17) Digital Video and Picture Communication Prof. S. Sengupta Department of Electronics and Communication Engineering Indian Institute of Technology, Kharagpur Lecture - 39 Video Conferencing: SIP Protocol

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

SIP Trunking Manual. For Samsung OfficeServ. Sep 18, 2006 doc v.1.0.2. Sungwoo Lee Senior Engineer

SIP Trunking Manual. For Samsung OfficeServ. Sep 18, 2006 doc v.1.0.2. Sungwoo Lee Senior Engineer SIP Trunking Manual For Samsung OfficeServ Sep 18, 2006 doc v.1.0.2 Sungwoo Lee Senior Engineer sungwoo1769.lee@samsung.com OfficeServ Network Lab. Telecommunication Systems Division Samsung Electronics

More information

MODELLING OF INTELLIGENCE IN INTERNET TELEPHONE SYSTEM

MODELLING OF INTELLIGENCE IN INTERNET TELEPHONE SYSTEM MODELLING OF INTELLIGENCE IN INTERNET TELEPHONE SYSTEM Evelina Nicolova Pencheva, Vessela Liubomirova Georgieva Department of telecommunications, Technical University of Sofia, 7 Kliment Ohridski St.,

More information

Multimedia Communication in the Internet. SIP: Advanced Topics. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS

Multimedia Communication in the Internet. SIP: Advanced Topics. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS Multimedia Communication in the Internet SIP: Advanced Topics Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS SIP and NAT NAT Concept NAT = Network Address Translation Share one IP address

More information

Efficient Nonce-based Authentication Scheme for. session initiation protocol

Efficient Nonce-based Authentication Scheme for. session initiation protocol International Journal of Network Security, Vol.9, No.1, PP.12 16, July 2009 12 Efficient Nonce-based Authentication for Session Initiation Protocol Jia Lun Tsai Degree Program for E-learning, Department

More information

White paper. SIP An introduction

White paper. SIP An introduction White paper An introduction Table of contents 1 Introducing 3 2 How does it work? 3 3 Inside a normal call 4 4 DTMF sending commands in sip calls 6 5 Complex environments and higher security 6 6 Summary

More information

Introduction to VoIP Technology

Introduction to VoIP Technology Lesson 1 Abstract Introduction to VoIP Technology 2012. 01. 06. This first lesson of contains the basic knowledge about the terms and processes concerning the Voice over IP technology. The main goal of

More information

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163.

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163. Weakness in a Mutual Authentication cheme for ession Initiation Protocol using Elliptic Curve Cryptography Debiao He chool of Mathematics and tatistics, Wuhan University, Wuhan, People s Republic of China

More information

Secure VoIP Transmission through VPN Utilization

Secure VoIP Transmission through VPN Utilization Secure VoIP Transmission through VPN Utilization Prashant Khobragade Department of Computer Science & Engineering RGCER Nagpur, India prashukhobragade@gmail.com Disha Gupta Department of Computer Science

More information

SIP and VoIP 1 / 44. SIP and VoIP

SIP and VoIP 1 / 44. SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies

More information

Efficient nonce-based authentication scheme for Session Initiation Protocol

Efficient nonce-based authentication scheme for Session Initiation Protocol Efficient nonce-based authentication scheme for Session Initiation Protocol Jia Lun Tsai National Chiao Tung University, Taiwan, R.O.C. crousekimo@yahoo.com.tw Abstract: In recent years, Session Initiation

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011 Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice

More information

A Novel Approach for Evaluating and Detecting Low Rate SIP Flooding Attack

A Novel Approach for Evaluating and Detecting Low Rate SIP Flooding Attack A Novel Approach for Evaluating and Detecting Low Rate SIP Flooding Attack Abhishek Kumar Department of Computer Science and Engineering-Information Security NITK Surathkal-575025, India Dr. P. Santhi

More information

Security issues in Voice over IP: A Review

Security issues in Voice over IP: A Review www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu

More information

Improving Quality in Voice Over Internet Protocol (VOIP) on Mobile Devices in Pervasive Environment

Improving Quality in Voice Over Internet Protocol (VOIP) on Mobile Devices in Pervasive Environment Journal of Computer Applications ISSN: 0974 1925, Volume-5, Issue EICA2012-4, February 10, 2012 Improving Quality in Voice Over Internet Protocol (VOIP) on Mobile Devices in Pervasive Environment Mr. S.Thiruppathi

More information

TECHNICAL CHALLENGES OF VoIP BYPASS

TECHNICAL CHALLENGES OF VoIP BYPASS TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish

More information

A Scalable Multi-Server Cluster VoIP System

A Scalable Multi-Server Cluster VoIP System A Scalable Multi-Server Cluster VoIP System Ming-Cheng Liang Li-Tsung Huang Chun-Zer Lee Min Chen Chia-Hung Hsu mcliang@nuk.edu.tw {kpa.huang, chunzer.lee}@gmail.com {minchen, chhsu}@nchc.org.tw Department

More information

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

More information

Programming SIP Services University Infoline Service

Programming SIP Services University Infoline Service Programming SIP Services University Infoline Service Tatiana Kováčiková, Pavol Segeč Department of Information Networks University of Zilina Moyzesova 20, 010 26 SLOVAKIA Abstract: Internet telephony now

More information

Service Provider implementation of SIP regarding security

Service Provider implementation of SIP regarding security Service Provider implementation of SIP regarding security Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany

More information

SIP Security in IP Telephony

SIP Security in IP Telephony SIP Security in IP Telephony Muhammad Yeasir Arafat and M. Abdus Sobhan School of Engineering and Computer Science Independent University, Bangladesh E-mail: sobhan30@gmail.com Abstract Today the session

More information

A Multifactor Hash Digest Challenge-Response

A Multifactor Hash Digest Challenge-Response A Multifactor Hash Digest Challenge-Response Authentication for Session Initiation Protocol S. Santhosh Baboo Reader in Computer Science, D.G. Vaishnav College Arumbakkam, Chennai-600 106, Tamilnadu. India.

More information

The Authentication and Processing Performance of Session Initiation Protocol (SIP) Based Multi-party Secure Closed Conference System

The Authentication and Processing Performance of Session Initiation Protocol (SIP) Based Multi-party Secure Closed Conference System The Authentication and Processing Performance of Session Initiation Protocol () Based Multi-party Secure Closed Conference System Jongkyung Kim 1, Hyuncheol Kim 1, Seongjin Ahn 2, and Jinwook Chung 1 1

More information

Session Initiation Protocol Attacks and Challenges

Session Initiation Protocol Attacks and Challenges 2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah

More information

Mobile P2PSIP. Peer-to-Peer SIP Communication in Mobile Communities

Mobile P2PSIP. Peer-to-Peer SIP Communication in Mobile Communities Mobile P2PSIP -to- SIP Communication in Mobile Communities Marcin Matuszewski, Esko Kokkonen Nokia Research Center Helsinki, Finland marcin.matuszewski@nokia.com, esko.kokkonen@nokia.com Abstract This

More information

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University ABSTRACT The growth of market for real-time IP communications is a big wave prevalent in

More information

Real-Time Billing in SIP

Real-Time Billing in SIP Baruch Sterman, Ph.D. Chief Scientist baruch@deltathree.com Table of Contents 2 3 Abstract Review of SIP Introduction to SIP SIP Network Elements SIP Messages SIP Responses Why SIP SIP Past, Present and

More information

TSIN02 - Internetworking

TSIN02 - Internetworking TSIN02 - Internetworking Lecture 9: SIP and H323 Literature: Understand the basics of SIP and it's architecture Understand H.323 and how it compares to SIP Understand MGCP (MEGACO/H.248) SIP: Protocol

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack You Joung Ham Graduate School of Computer Engineering, Hanshin University, 411, Yangsan-dong, Osan, Gyeonggi, Rep. of Korea

More information

A Lightweight Protection Mechanism against Signaling Attacks in a SIP-Based VoIP Environment

A Lightweight Protection Mechanism against Signaling Attacks in a SIP-Based VoIP Environment A Lightweight Protection Mechanism against Signaling Attacks in a SIP-Based VoIP Environment Dimitris Geneiatakis and Costas Lambrinoudakis Laboratory of Information and Communication Systems Security

More information

Overview of VoIP Systems

Overview of VoIP Systems 2 Overview of VoIP Systems In their simplest form, Voice over IP protocols simply enable two (or more) devices to transmit and receive real-time audio traffic that allows their respective users to communicate.

More information

Developing and Integrating Java Based SIP Client at Srce

Developing and Integrating Java Based SIP Client at Srce Developing and Integrating Java Based SIP Client at Srce Davor Jovanovi and Danijel Matek University Computing Centre, Zagreb, Croatia Davor.Jovanovic@srce.hr, Danijel.Matek@srce.hr Abstract. In order

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

Trait-based Authorization Mechanisms for SIP Based on SAML

Trait-based Authorization Mechanisms for SIP Based on SAML Trait-based Authorization Mechanisms for SIP Based on SAML Douglas C. Sicker, University of Colorado Boulder Hannes Tschofenig, Siemens Jon Peterson, Neustar Abstract - This paper presents a method for

More information

Middleware for Secured Video-Conferencing

Middleware for Secured Video-Conferencing Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2003 Proceedings Americas Conference on Information Systems (AMCIS) 12-31-2003 Middleware for Secured Video-Conferencing Tarun Abhichandani

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s

More information

Technical Means to Combat Spam in the VoIP Service

Technical Means to Combat Spam in the VoIP Service Section Four Technical Means to Combat Spam in the VoIP Service Spam refers in general to any unsolicited communication. Spam will also become one of the serious problems for multimedia communication in

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION CHAPTER 1 INTRODUCTION 1.0 Introduction Voice over Internet Protocol (VoIP) is the most popular in telecommunication technology. Nowadays, three million users use VoIP. It is estimated that the number

More information

Secure Text in SIP Based VoIP

Secure Text in SIP Based VoIP MASTER S THESIS 2005:183 CIV Secure Text in SIP Based VoIP JOHAN KULTTI MASTER OF SCIENCE PROGRAMME Computer Science Luleå University of Technology Department of Computer Science and Electrical Engineering

More information

A Model for Spam Prevention in IP Telephony Networks using Anonymous Verifying Authorities

A Model for Spam Prevention in IP Telephony Networks using Anonymous Verifying Authorities A Model for Spam Prevention in IP Telephony Networks using Anonymous Verifying Authorities N.J Croft and M.S Olivier April 2005 Information and Computer Security Architectures Research Group Department

More information

EE4607 Session Initiation Protocol

EE4607 Session Initiation Protocol EE4607 Session Initiation Protocol Michael Barry michael.barry@ul.ie william.kent@ul.ie Outline of Lecture IP Telephony the need for SIP Session Initiation Protocol Addressing SIP Methods/Responses Functional

More information

Implementing SIP and H.323 Signalling as Web Services

Implementing SIP and H.323 Signalling as Web Services Implementing SIP and H.323 Signalling as Web Services Ge Zhang, Markus Hillenbrand University of Kaiserslautern, Department of Computer Science, Postfach 3049, 67653 Kaiserslautern, Germany {gezhang, hillenbr}@informatik.uni-kl.de

More information

VOICE OVER IP (VOIP) TO ENTERPRISE USERS GIOTIS KONSTANTINOS

VOICE OVER IP (VOIP) TO ENTERPRISE USERS GIOTIS KONSTANTINOS VOICE OVER IP (VOIP) TO ENTERPRISE USERS GIOTIS KONSTANTINOS Master of Science in Networking and Data Communications THESIS Thesis Title Voice over IP (VoIP) to Enterprise Users Dissertation submitted

More information

Multidomain Virtual Security Negotiation over the Session Initiation Protocol (SIP)

Multidomain Virtual Security Negotiation over the Session Initiation Protocol (SIP) Multidomain Virtual Security Negotiation over the Session Initiation Protocol (SIP) 1 st International Workshop on Critical Information Infrastructures Security August 31 st - September 1 st 2006. Contents

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt)

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt) Encryption keys Symmetrical keys Same key used for encryption and decryption Exchange of symmetrical keys between parties difficult without risk of interception Asymmetrical keys One key for encryption

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

2.2 SIP-based Load Balancing. 3 SIP Load Balancing. 3.1 Proposed Load Balancing Solution. 2 Background Research. 2.1 HTTP-based Load Balancing

2.2 SIP-based Load Balancing. 3 SIP Load Balancing. 3.1 Proposed Load Balancing Solution. 2 Background Research. 2.1 HTTP-based Load Balancing SIP TRAFFIC LOAD BALANCING Ramy Farha School of Electrical and Computer Engineering University of Toronto Toronto, Ontario Email: rfarha@comm.utoronto.ca ABSTRACT This paper presents a novel solution to

More information

An outline of the security threats that face SIP based VoIP and other real-time applications

An outline of the security threats that face SIP based VoIP and other real-time applications A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications

More information

Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology

Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology Unregister Attack in SIP Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology Unregister Attack We present a new VoIP Denial Of

More information

3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW

3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW 3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW SIP is an application layer protocol that is used for establishing, modifying and terminating multimedia sessions in an Internet Protocol (IP) network. SIP

More information

Communication Systems SIP

Communication Systems SIP Communication Systems SIP Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Part 3 Digital,

More information

Skype an example VoIP client. SIP / VoIP: what are these?

Skype an example VoIP client. SIP / VoIP: what are these? SIP and VoIP Skype an example VoIP client 1 SIP / VoIP: what are these? Voice over IP (VoIP) Session Initiation Protocol (SIP) Control channel Known in telephone world as signaling channel Does call setup:

More information

4-4 Approach of VoIP/SIP Interoperability Task Force

4-4 Approach of VoIP/SIP Interoperability Task Force 4-4 Approach of VoIP/SIP Interoperability Task Force In this research, it achieved interoperability of VoIP systems using SIP in both Multi-vendor and Multi-provider environments, and VoIP/SIP interoperability

More information

Unit 23. RTP, VoIP. Shyam Parekh

Unit 23. RTP, VoIP. Shyam Parekh Unit 23 RTP, VoIP Shyam Parekh Contents: Real-time Transport Protocol (RTP) Purpose Protocol Stack RTP Header Real-time Transport Control Protocol (RTCP) Voice over IP (VoIP) Motivation H.323 SIP VoIP

More information

An Introduction to VoIP Protocols

An Introduction to VoIP Protocols An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this

More information

Key Agreement for Secure Voice over IP

Key Agreement for Secure Voice over IP Key Agreement for Secure Voice over IP JOHAN BILIEN Master of Science Thesis Stockholm, Sweden 2003 IMIT/LCN 2003-14 Key Agreement for Secure Voice over IP Master of Science Thesis December 2003 Johan

More information

SECURING REAL-TIME MULTIMEDIA: A BRIEF SURVEY. Bradley Clayton, Barry Irwin, Alfredo Terzoli

SECURING REAL-TIME MULTIMEDIA: A BRIEF SURVEY. Bradley Clayton, Barry Irwin, Alfredo Terzoli SECURING REAL-TIME MULTIMEDIA: A BRIEF SURVEY Bradley Clayton, Barry Irwin, Alfredo Terzoli Computer Science Department Rhodes University Grahamstown g01c2974@campus.ru.ac.za, b.irwin@ru.ac.za a.terzoli@ru.ac.za

More information

Voice over IP Security

Voice over IP Security Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with

More information

Network Working Group. Switch October 2003. Session Initiation Protocol (SIP) Extension Header Field for Service Route Discovery During Registration

Network Working Group. Switch October 2003. Session Initiation Protocol (SIP) Extension Header Field for Service Route Discovery During Registration Network Working Group Request for Comments: 3608 Category: Standards Track D. Willis dynamicsoft Inc. B. Hoeneisen Switch October 2003 Session Initiation Protocol (SIP) Extension Header Field for Service

More information

An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems

An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems Ruishan Zhang 1, Xinyuan Wang 1, Xiaohui Yang 1, Ryan Farley 1, and Xuxian Jiang 2 1 George Mason University, Fairfax,

More information

Sangheon Pack, EunKyoung Paik, and Yanghee Choi

Sangheon Pack, EunKyoung Paik, and Yanghee Choi 1 Design of SIP Server for Efficient Media Negotiation Sangheon Pack, EunKyoung Paik, and Yanghee Choi Multimedia & Communication Laboratory, Seoul National University, Korea ABSTRACT Voice over IP (VoIP)

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Network Convergence and the NAT/Firewall Problems

Network Convergence and the NAT/Firewall Problems Network Convergence and the NAT/Firewall Problems Victor Paulsamy Zapex Technologies, Inc. Mountain View, CA 94043 Samir Chatterjee School of Information Science Claremont Graduate University Claremont,

More information

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks. Italo Dacosta and Patrick Traynor

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks. Italo Dacosta and Patrick Traynor Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks Italo Dacosta and Patrick Traynor Performance, Scalability and Security Finding the right balance

More information

SIP Security Status Quo and Future Issues Jan Seedorf

SIP Security Status Quo and Future Issues Jan Seedorf SIP Security Status Quo and Future Issues Jan Seedorf Security in Distributed Systems (SVS) University of Hamburg, Dept. of Informatics Vogt-Kölln-Str. 30, D-22527 Hamburg seedorf@informatik.uni-hamburg.de

More information

This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1.

This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1. This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1. WASv61_SIP_overview.ppt Page 1 of 27 This presentation will provide an overview of

More information

AN IPTEL ARCHITECTURE BASED ON THE SIP PROTOCOL

AN IPTEL ARCHITECTURE BASED ON THE SIP PROTOCOL AN IPTEL ARCHITECTURE BASED ON THE SIP PROTOCOL João Paulo Sousa Instituto Politécnico de Bragança R. João Maria Sarmento Pimentel, 5370-326 Mirandela, Portugal + 35 27 820 3 40 jpaulo@ipb.pt Eurico Carrapatoso

More information

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University Network Security Web Security and SSL/TLS Angelos Keromytis Columbia University Web security issues Authentication (basic, digest) Cookies Access control via network address Multiple layers SHTTP SSL (TLS)

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Best Practices for SIP Security

Best Practices for SIP Security Best Practices for SIP Security IMTC SIP Parity Group Version 21 November 9, 2011 Table of Contents 1. Overview... 33 2. Security Profile... 33 3. Authentication & Identity Protection... 33 4. Protecting

More information