SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008. Return Routability Check draft-kuthan-sip-derive-00



Similar documents
3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW

SIP Essentials Training

Session Initiation Protocol (SIP)

SIP for Voice, Video and Instant Messaging

SIP : Session Initiation Protocol

Formación en Tecnologías Avanzadas

SIP Introduction. Jan Janak

Media Gateway Controller RTP

Request for Comments: August 2006

SIP and PSTN Connectivity. Jiri Kuthan, iptel.org September 2003

Chapter 2 PSTN and VoIP Services Context

Multimedia Communication in the Internet. SIP: Advanced Topics. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS

For internal circulation of BSNL only

Inter-domain Authentication and Authorization Mechanisms for Roaming SIP Users 1

How To Configure. VoIP Survival. with. Broadsoft Remote Survival

Authentication and Authorisation for Integrated SIP Services in Heterogeneous Environments 1

SIP and ENUM. Overview DENIC. Introduction to SIP. Addresses and Address Resolution in SIP ENUM & SIP

How To Guide. SIP Trunking Configuration Using the SIP Trunk Page

Session Initiation Protocol (SIP)

ARCHITECTURES TO SUPPORT PSTN SIP VOIP INTERCONNECTION

Session Initiation Protocol (SIP) 陳 懷 恩 博 士 助 理 教 授 兼 計 算 機 中 心 資 訊 網 路 組 組 長 國 立 宜 蘭 大 學 資 工 系 TEL: # 340

End-2-End QoS Provisioning in UMTS networks

Lawful Interception in P2Pbased

Conferencing Using the IP Multimedia (IM) Core Network (CN) Subsystem

MODELLING OF INTELLIGENCE IN INTERNET TELEPHONE SYSTEM

3GPP TS V8.2.0 ( )

All-IP Network Emergency Call Support

CommuniGate Pro Real-Time Features. CommuniGate Pro Internet Communications VoIP, , Collaboration, IM

I-TNT: PHONE NUMBER EXPANSION AND TRANSLATION SYSTEM FOR MANAGING INTERCONNECTIVITY ADDRESSING IN SIP PEERING

Preparatory Meeting for Phase 2 of Philippine National ENUM Trial

SIP Tutorial. VoIP Workshop Terena 2005 Poznan Poland. By Stephen Kingham

NAT TCP SIP ALG Support

Session Initiation Protocol (SIP)

SIP: Protocol Overview

Network Working Group. Switch October Session Initiation Protocol (SIP) Extension Header Field for Service Route Discovery During Registration

Part II. Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., National Taiwan University

SOURCE IDENTITY (ORIGIN AUTHENTICATION)

Internet Communications Using SIP

How To Send A Connection From A Proxy To A User Agent Server On A Web Browser On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Webmail Web Browser (For Ipad) On An Ipad Or

Understanding Session Border Controllers. FRAFOS GmbH

Adding Multi-Homing and Dual-Stack Support to the Session Initiation Protocol

Technical Manual 3CX Phone System for Windows

Session Initiation Protocol (SIP) The Emerging System in IP Telephony

EXPLOITING SIMILARITIES BETWEEN SIP AND RAS: THE ROLE OF THE RAS PROVIDER IN INTERNET TELEPHONY. Nick Marly, Dominique Chantrain, Jurgen Hofkens

SIP Session Initiation Protocol Nicolas Montavont

SIP: Session Initiation Protocol

SIP Messages. 180 Ringing The UA receiving the INVITE is trying to alert the user. This response MAY be used to initiate local ringback.

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009

A P2P SIP Architecture - Two Layer Approach - draft-sipping-shim-p2p-arch-00.txt

SIP Basics. CSG VoIP Workshop. Dennis Baron January 5, Dennis Baron, January 5, 2005 Page 1. np119

SIP Trunking. Service Guide. Learn More: Call us at

3 The Network Architecture

SIP A Technology Deep Dive

SIP and Mobility: IP Multimedia Subsystem in 3G Release 5

Internet Engineering Task Force (IETF) Request for Comments: 7088 Category: Informational February 2014 ISSN:

SIP RFC (3261) explained, LIGHT 3.2 (1/2011) -

How to make free phone calls and influence people by the grugq

Integrating Avaya Aura Presence Services with Microsoft OCS

The Design of a Differentiated Session Initiation Protocol to Control VoIP Spam

Session Initiation Protocol

Overview ENUM ENUM. VoIP Introduction (2/2) VoIP Introduction (1/2)

Internet Voice, Video and Telepresence Harvard University, CSCI E-139. Lecture #5

Session Initiation Protocol (SIP) Chapter 5

ENUM: Migrating to VoIP. P2P Voice Applications

A Comparative Study of Signalling Protocols Used In VoIP

Session Initiation Protocol Security Considerations

PPreferredID = "P-Preferred-Identity" HCOLON PPreferredID-value. *(COMMA PPreferredID-value)

H. Tschofenig Nokia Siemens Networks October 04, 2013

Analysis of a VoIP Attack

This specification this document to get an official version of this User Network Interface Specification

MOHAMED EL-SHAER Teaching Assistant. Room TASK Exercises Thu., Nov. 17, 2014 CONTENT

SIP OVER NAT. Pavel Segeč. University of Žilina, Faculty of Management Science and Informatics, Slovak Republic

ETSI TS V6.8.0 ( ) Technical Specification

Application Note Multiple SIParator Distribution

1.1.3 Versions Verified SIP Carrier status as of 18 Sep 2014 : validated on CIC 4.0 SU6.

Interoperability Test Plan for International Voice services (Release 6) May 2014

Multimedia & Protocols in the Internet - Introduction to SIP

EE4607 Session Initiation Protocol

Enhancements to Collaborative Media Streaming with IETF Protocols

Best Practices for SIP Security

Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology

802.11: Mobility Within Same Subnet

3GPP TS V8.1.0 ( )

Network Convergence and the NAT/Firewall Problems

SIP Trunking Application Notes V1.3

NGN NNI Signalling Profile

Alcatel OmniPCX Enterprise R11 Supported SIP RFCs

NCAS National Caller ID Authentication System

SIP SECURITY WILEY. Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne. A John Wiley and Sons, Ltd.

Session Initiation Protocol and Services

Mobile P2PSIP. Peer-to-Peer SIP Communication in Mobile Communities

A Model for Spam Prevention in IP Telephony Networks using Anonymous Verifying Authorities

Identity based Authentication in Session Initiation. Session Initiation Protocol

Programming SIP Services University Infoline Service

Unregister Attacks in SIP

How To Write A Sip Message On A Microsoft Ipa (Sip) On A Pcode (Siph) On An Ipa Or Ipa On A Ipa 2 (Sips) On Pcode On A Webmail (

1 SIP Carriers. 1.1 Tele Warnings Vendor Contact Versions Verified Interaction Center 2015 R2 Patch

Multimedia Communication in the Internet. SIP Security Threads. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS 1

Service Announcements for Hot-Spots: Enabling Automated Access and Provider Selection for (WLAN-based) Voice Upperside WiFi Voice 2005

NAT and Firewall Traversal with STUN / TURN / ICE

Transcription:

SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008 Return Routability Check draft-kuthan-sip-derive-00 Jiri Kuthan Dorgham Sisalem Raphael Coeffic Victor Pascual Jiri.Kuthan@tekelec.com Dorgham.Sisalem@tekelec.com Raphael.Coeffic@tekelec.com Victor.Pascual@tekelec.com 1

Problem statement When someone is calling you, you d like to be able to know the identity of the caller who are you? But this is not always possible to determine draft-elwell-sip-e2e-identity-important Are we comfortable enough to answer the question are you calling me? by determining: whoever is calling me (even unknown party) can be reached at the address it is claiming in the From header field 2

Return Routability Check in a nutshell It is a simple better-than-nothing approach to URI verification End-to-end solution based on SIP routing It leverages the location service retargeting No trust models No additional infrastructures apart from what it takes to route the INVITE message It is NOT a solution for the whole identity problem It does not determine identity ( who are you? ), just the source URI of the call ( are you calling me? ) 3

Known Limitations It can at best confirm URI veracity. DERIVE cannot provide a refute claim Reverse Routability is known not to be available in many cases unregistered phone, call forwarding, etc. Additional latency in call setup 4

Security Considerations Reliance on security of the Registrar, DNS and IP routing systems DoS opportunity with indirection DERIVE allows attacker to drive other UAs to send DERIVE requests to a victim Privacy In the absence of some sort of authorization mechanism it can reveal sensitive information 5

Open Issues (1/3): Is Dialog Package Usable for This? Dialog package support exists Interpretations differ in how they may implement the negative case: 4xx vs empty NOTIFY Only for INVITE-initiated dialogs If we don't re-use the dialog event package we need to find some other widely-deployed and welldefined UA behavior that we can leverage or we need to define new behavior on both the caller and callee equipment new method for call-back validation? 6

Open Issues (2/3): B2BUA traversal There is no normative reference in B2BUA behavior we can lean upon and which would be guaranteed to travel end-to-end Possible solutions: if you break it, you fix it (if you are lucky to be on the reverse path) start working on a token that normatively survives B2BUA traversal draft-kaplan-sip-session-id 7

Open Issues (3/3): PSTN interworking SIP URIs (even with telephone numbers) verifiable with the originating domain using DERIVE Unlike TEL URIs which are not clearly associated with an owner Do you think it makes sense to attack the TEL URIs? 8

WG Survey Who thinks that life is good without a light-weight way to verify a SIP URI? (and who thinks it isn t?) If folks see the problem, who thinks that reverse URI checking can help to solve it? (not necessarily based on the dialog-package) And out of those who would actually like to contribute to this? 9

BACKUP 10

A proposed solution Use SIP to ask the caller as claimed in From URI are you calling me? alice@atlanta.com atlanta.com biloxi.com bob@biloxi.com Call Call Call Are you calling me? Are you calling me? Yes Yes Ring Ring Ring 11

A Proposed Solution (cont.) A subscription to the Dialog event package is used to check if the UA registered at the AOR in the From header is aware of the call. The subscription is restricted to the half-dialog formed by Call-ID and From-tag from the INVITE. For this, a SUBSCRIBE message is sent to the AOR in the From header field from the original INVITE. Depending on the result of the subscription, we conclude that the From was legitimate, or that we do not know exactly. Assumptions: The Location Service at atlanta.com (caller s domain) is somehow trustworthy Alice is currently registered at atlanta.com IP routing and DNS are not compromised 12

A Proposed Solution (cont.) Provisional responses are omitted from the illustration for the sake of clarity 13

Related work Return routability check: draft-wing-sip-e164-rrc Identity: RFC 4474, RFC 3325, RFC 3893, RFC 4916 draft-ietf-sipping-update-pai draft-elwell-sip-identity-handling-ua draft-elwell-sip-e2e-identity-important draft-york-sip-visual-identifier-trusted-identity draft-ietf-sip-privacy draft-kaplan-sip-asserter-identity Issues with e164 URIs: draft-elwell-sip-e164-problem-statement Identity / security on the media path: draft-fischer-sip-e2e-sec-media (expired) draft-wing-sip-identity-media (expired)... And many others 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information