1 / 15

SIP Security Issues: The SIP Authentication Procedure and its Processing Load

SIP Security Issues: The SIP Authentication Procedure and its Processing Load. Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and Donald Papalilo, CoRiTeL — Research Consortium in Telecommunications IEEE Network • November/December 2002 通訊所 研一 黃清富. Outline.

viveka
Download Presentation

SIP Security Issues: The SIP Authentication Procedure and its Processing Load

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Università di Roma “Tor Vergata” Luca Veltri, and Donald Papalilo, CoRiTeL — Research Consortium in Telecommunications IEEE Network • November/December 2002 通訊所 研一 黃清富

  2. Outline • Security Mechanisms in SIP • The Authentication Procedure in SIP • An Example Scenario of a SIP-Based IP Telephony Service • Methodology for the Evaluation of Processing Cost and Experimental Results • Conclusions • References SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  3. INVITE F1 INVITE F2 INVITE F4 200 OK F11 200 OK F10 180 Ringing F8 200 OK F9 100 Trying F5 100 Trying F3 180 Ringing F7 180 Ringing F6 Media Session ACK F12 200 OK F14 BYE F13 SIP Basic Call Flow SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  4. Security Mechanisms in SIP • Two reasons for securing SIP header and body • Security in SIP • End-to-end versus hop-by-hop • Caller and/or callee versus two SIP entities • SIP protocol versus TLS or IPsec • Tow main security mechanisms • Authentication • To prevent attackers from modifying and/or replaying SIP requests and responses • Encryption • To ensure confidentiality SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  5. Security Mechanisms in SIP (cont.) SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  6. Security Mechanisms in SIP (cont.) • Types of attacks • Snooping • Modification attacks • DoS (denial of service) • Spoofing • SIP prone to DoS attacks • e.g., flooding SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  7. CLIENT REQUEST CHALLENGE nonce, realm REQUEST nonce, realm username, response The Authentication Procedure is SIP SERVER Generate the nonce value Compute response= = F( nonce, username, password, realm) Authentication: compute F( nonce, username, password, realm) And compare with response SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  8. User agent Client (UAC) Proxy server Proxy server User agent server (UAS) INVITE INVITE INVITE ACK INVITE 407 proxy authentication Required ( nonce, …) Authentication ( nonce, …, response) 180 ringing 180 ringing 200 OK 180 ringing 200 OK 200 OK ACK The Authentication Procedure is SIP (cont.) SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  9. An Example Scenario of a SIP-Based IP Telephony Service ITSP (Internet telephony service provider) provides gateway and delivers calls to the PSTN. Proxy-to-proxy authentication Proxy authentication SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  10. Methodology for the Evaluation of Processing Cost and Experimental Results SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  11. Methodology for the Evaluation of Processing Cost and Experimental Results (cont.) SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  12. Methodology for the Evaluation of Processing Cost and Experimental Results (cont.) SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  13. Methodology for the Evaluation of Processing Cost and Experimental Results (cont.) SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  14. Conclusions • The authentication procedure, based on HTTP Digest authentication, is described. • The performance aspects of SIP authentication are considered with a pure experimental approach. • The processing costs of different security procedures/scenarios are compared. SIP Security Issues: The SIP Authentication Procedure and its Processing Load

  15. References • “SIP Security Issues: The SIP Authentication Procedure and Processing Load,” IEEE Network, Nov/Dec 2002. • “SIP: Session Initiation Protocol,” IETF RFC 3261,June 2002. • “HTTP Authentication: Basic and Digest Access Authentication,” IETF RFC 2617, June 1999. SIP Security Issues: The SIP Authentication Procedure and its Processing Load

More Related