Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP Security Henning Schulzrinne Columbia University.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "SIP Security Henning Schulzrinne Columbia University."— Presentation transcript:

1 SIP Security Henning Schulzrinne Columbia University

2 6/25/2015 52 nd IETF SLC Priority security requirements REGISTER protection authentication and integrity confidentiality (harder) DOS prevention for non-authenticated requests authenticated requests already prevent DOS and amplification, but not realistic for INVITE End-to-end authentication  for random clients (very hard) for repeat visitors  End-to-end message confidentiality

3 6/25/2015 52 nd IETF SLC Re-using existing technology Options include: Enhanced C/R (digest) authentication IP DOS prevention S/MIME Shared secret via common infrastructure Transport-layer security Pointless to argue about which we don’t need – all have different strengths and weaknesses Does not preclude new mechanisms

4 6/25/2015 52 nd IETF SLC Enhanced digest Protect selectable subset of headers Minimal extension to Digest J Ease of implementation – trivial addition to existing Digest J No infrastructure L No privacy è REGISTER

5 6/25/2015 52 nd IETF SLC IP-reachability security DOSA prevention: Simply ensure that INVITE comes from valid IP address Inherent in Digest, but not likely to be common for INVITE Require guessing of large random number Must be stateless in server Options: NULL authentication Special Digest qop value  Does not prevent use as reflector

6 6/25/2015 52 nd IETF SLC S/MIME Existing solution, existing code Treat SIP message like email attachment: Content-Type: message/sip ??? Requires client certs?  What if ssh-style security is sufficient (same host as last time, but can’t prevent MiM for first attempt)

7 6/25/2015 52 nd IETF SLC Shared secret Avoid SIP-PGP mistakes: canonical form header ordering special headers SIP part is easy once infrastructure is assumed (CMS?)

8 6/25/2015 52 nd IETF SLC Automating future trust Authentication not very helpful for random callers as long as identities are cheap – yes, it’s indeed slimebag@coolmail.com slimebag@coolmail.com Want to ensure subsequent call is from same person D-H works except for active MiM – ssh has the same problem!

9 6/25/2015 52 nd IETF SLC Transport-layer security TLS works for server authentication Is this indeed sip.example.com? Works well iff number of peers small (some evidence in DNS measurements – Zipf distribution) setup delay for new peers reasonable (need measurements!)

Download ppt "SIP Security Henning Schulzrinne Columbia University."

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.
April 23, 20021 XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.

April 23, XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.

© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.
July 2006IETF66 - ECRIT1 RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-00 Henning Schulzrinne.

July 2006IETF66 - ECRIT1 RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-00 Henning Schulzrinne.
SIP Security Matt Hsu.

SIP Security Matt Hsu.
Requirements for Resource Priority Mechanisms for the Session Initiation Protocol draft-ietf-ieprep-sip-reqs-01 Henning Schulzrinne Columbia University.

Requirements for Resource Priority Mechanisms for the Session Initiation Protocol draft-ietf-ieprep-sip-reqs-01 Henning Schulzrinne Columbia University.
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
A “net head” view on SIP Henning Schulzrinne Columbia University IRT Lab Siemens Munich -- January 2003.

A “net head” view on SIP Henning Schulzrinne Columbia University IRT Lab Siemens Munich -- January 2003.
Peer-to-peer approaches for SIP Henning Schulzrinne Dept. of Computer Science Columbia University.

Peer-to-peer approaches for SIP Henning Schulzrinne Dept. of Computer Science Columbia University.

Similar presentations

Ads by Google