1 / 40

Session Initiation Protocol (SIP)

Session Initiation Protocol (SIP). Features of SIP. SIP is a lightweight, transport-independent, text-based protocol. SIP has the following features: Lightweight, in that SIP has only four methods, reducing complexity Transport-independent, because SIP can be used with UDP, TCP, ATM & so on.

lonna
Download Presentation

Session Initiation Protocol (SIP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session Initiation Protocol (SIP)

  2. Features of SIP • SIP is a lightweight, transport-independent, text-based protocol. SIP has the following features: • Lightweight, in that SIP has only four methods, reducing complexity • Transport-independent, because SIP can be used with UDP, TCP, ATM & so on. • Text-based, allowing for low overhead • SIP is primarily used for VOIP calls

  3. Functions of SIP • Location of an end point • Signal of a desire to communicate • Negotiation of session parameters to establish the session • And teardown of the session once established.

  4. How SIP works • SIP user agents: like cell phones, PCs etc. They initiate message writing. • SIP Registrar servers: They are databases containing User Agent locations; they send agents IP address information to SIP proxy servers. • SIP Proxy servers: accepts session request made by UA and queries SIP registrar server to find recipient UA address. • SIP Redirect servers: they help communicating outside the domain

  5. Continued..

  6. Continued.. • Our user A tries to call user B (1) • Domain SIP proxy server now queries Registrar server in the same domain to know about user B’s address (2) • Registrar responds with the address (3) • SIP proxy server calls B (4) • User B responds to SIP proxy (5) • SIP proxy answers to User A (6) • Now multimedia session is established on RTP protocol (7)

  7. More about SIP.. • SIP relies on SDP and RTP protocols • SIP proxy is a server in a SIP-based IP telephony environment • The SIP proxy takes over call control from the terminals and serves as a central repository for address translation (name to IP address)

  8. SIP Advantages • SIP is a based on HTTP and MIME, which makes it suitable for integrated voice-data applications • SIP is designed for real time transmission

  9. SIP Advantages • Uses fewer resources • Is Less complex than H.323 protocol • SIP uses URLs and is human readable

  10. SIP Disadvantages • First one: One SIP challenge is that SIP message contain information that Client and/or server will like to keep private but SIP header as well as message in the open and distributed architecture of VOIP systems makes it difficult to keep this information confidential. • I will talk about a technique to address it later…

  11. Registration hijacking • When a SIP user is registering with SIP Registrar server the attacker can hijack the registration: 1.By disabling the legitimate user's registration using DOS attack on user machine 2.Send a REGISTER request with the attacker's IP address instead of the legitimate user's • Contact header information is changed by attacker by replacing its own IP in place of original users

  12. Registration hijacking • This leads to the attacker getting the SIP messages intended for our original user- a clearly undesirable condition • Two main reasons for this attack are: SIP messages being sent in clear and no SIP message authentication built into the protocol

  13. Eavesdropping Eavesdropping is a big problem for SIP based VOIP traffic. Many internet tools like Ethereal do that

  14. Eavesdropping….how ethereal works • Eavesdropping in VoIP requires intercepting the signaling and associated media streams of a conversation • Media streams typically are carried over UDP using the RTP

  15. How ethereal works • Capture and decode RTP packets • Analyzing session : here we reassemble the packets • We store this data in audio files (like .wav, .au)

  16. Some remedies…. • IPSEC security for IP packets can be one solution • A more common solution is to use Ethernet switches to restrict broadcasting data to all and sundry on the network.

  17. Spoofing Spoofing is another issue where someone can pose as a user and gets unauthorized access Address authentication between callers built in the underlying transport protocols can resolve this

  18. DOS Denial of service can be caused if the Proxy/registrar servers are somehow flooded The solution lies in configuring servers to tackle this problem in their configuration settings

  19. SIP Security Mechanisms • IPSEC is another way to protect IP packets the secure encryption making them safe from unauthorized access/modification • So with shared keys between parties IPSEC can provide the secure path for communication between SIP partners

  20. TLS • TLS is another answer for security here networked parties during handshake can share their certificates which can be used for the secure transfer later. • It is widely in use in the wired internet market • TLS lies below FTP(ALP) but above TCP thus obviating the need for TCP header encryption.

  21. Session Border Controller for SIP • A Firewall typically helps in the simple browser requesting for some information by ensuring that only the requested content gets transferred back to the browser and not the other information this is not so in a typical SIP using VOIP transfer where there are two holes on the firewall for public access: one for signaling and other for media packets. • Also the firewall in say two LANs connected via internet will otherwise reject the other LANS traffic thinking it malicious.

  22. SBC • For these addresses to be on public side of firewall the IP address based attacks become a real possibility • The SBC works by making all communication work outwards for media and signaling even the incoming ones

  23. SBC

  24. SBC • When our Client starts it registers with the registration server now SBC takes over the function of a PO Box so an incoming party knows your PO Box address but only your PO Box (your SBC) knows your real IP address. • So primarily for both signaling and media exchange SBC acts as the bridge between outside client and us.

  25. SBC • SBC allows: signaling and media connections to be dynamically opened and outbound connected. • SBC hides your real IP and polices the signaling and media connections.

  26. SIP Denial of Service • DOS attacks are based on exhausting some server response and thus rendering it incapable for some/all functionalities • SIP server copies each incoming request in its internal buffers

  27. Types of SIP servers (proxy server) • Stateless servers: They just keep a copy of message while message is being sent out then delete it. • Stateful servers: In general, we can distinguish between two types of states in SIP: • Transaction state: A transaction stateful server stores a copy of the received request as well as the forwarded request • Session state: In certain cases servers need to maintain some information about the session throughout the lifetime of the session.

  28. Continued… • Regardless the server will need to maintain the buffered data while contacting another entity like an authentication, authorization, and accounting (AAA) server, a Domain Name Service (DNS) server

  29. CPU based DOS • When a SIP message is received SIP server needs to parse this message, do some processing (e.g., authentication) and forward the message • Though Server CPU is high speed still a lot of parallel loads and following resource depletion can cause server blocks and other malfunctions causing a DOS

  30. Bandwidth based DOS • Sometimes access links connecting a SIP server are so much overloaded as to cause congestion Losses • So SIP messages get lost causing further delay and at least a transient DOS occurs • DOS attacks can both be with or without malicious intent. SIP and its supporting transport protocols both need protection and safeguarding from attack.

  31. DOS based on Memory exhaustion • A Stateful server is an easy target for flooding with many requests for different transactions. • Memory based exploitation can have two basic types: to initiate a number of SIP sessions with different SIP identities and broken session attacks where a receiver gets an INVITE but then no response from the initiator many such pending invites can cause memory exhaustion

  32. Some Countermeasures • Just like for a web or email server make a list of suspected users and blacklist them • Using authentication strategies is also preferable. But more CPU resources are needed to tighten these security problems

  33. Continued.. • Also having SIP proxy server and applications server on the same hardware can really slow down the response time. SIP proxy may need some other server’s service and this can cause other request to be suspended sometimes • Having dedicated hardware for servers is important

  34. Continued.. • The first line of Defense for DOS is having high speed CPU, big efficient memory and many access links • Clean memory allocation and parsing schemes is equally important • Parallel processing can lead to many request being served simultaneously and parallel execution of message parsing and forwarding of messages.

  35. Challenges… • Text based nature of SIP renders it vulnerable to spoofing, hijacking and message tampering • SIP utilizes transport layer protocols like TCP, UDP. So its vulnerable to their set of attacks too like for TCP: SYN Flood and TCP session hijacking • FOR SIP software virus/bugs are also an issue which can be dealt by using antivirus software

  36. SIP Security Mechanism SIP specification does not include any specific security mechanism but relies on other internet security mechanisms like HTTPS Digest, TLS, and IPSEC.

  37. How this authentication works

  38. Continued.. SIP authentication works this way: • SIP client sends a SIP INVITE which gets answered by a 407 reply which is the authenticator from the SIP Proxy server. • Client now uses this authenticator to create information for its new header • With this new header attached it sends back REINVITE to Proxy server

  39. Continued.. IPSEC is another way to protect IP packets the secure encryption making them safe from unauthorized access/modification So in one traditional way with shared keys between communicating parties IPSEC can provide the secure path for communication between SIP partners

  40. References… • SIP: Wikipedia • SIP Security Mechanisms: A state-of-the-art review Dimitris Geneiatakis, Georgios Kambourakis, Tasos Dagiuklas,Costas Lambrinoudakis and Stefanos Gritzalis • Newport Networks SBC Whitepaper • Denial of Service Attacks Targeting a SIP VoIP Infrastructure: Attack Scenarios and Prevention Mechanisms Dorgham Sisalem and Jiri Kuthan, Tekelec Sven Ehlert, Fraunhofer Fokus • http://www.securityfocus.com/infocus/1862/2 • Many information chunks from certain websites

More Related