Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

Published byGinger Walker Modified over 8 years ago

Similar presentations

Presentation on theme: "SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)"— Presentation transcript:

1 SIP Greg Nelson Duc Pham

2 SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling) control protocol for initiating a session among users Registrations, invitations, acceptations, and disconnections Registrations, invitations, acceptations, and disconnections

3 SIP Diagram ABProxy (Registrar local services) ……. Register 200 Ok Register 200 Ok Invite 100 Trying Invite 100 Trying Invite 180 Ringing 200 Ok Ack Media Session Bye 200 Ok

4 SIP Acronyms UAC: a user agent client making requests. UAC: a user agent client making requests. UAS: a user agent server responding to the requests (the roles of UAC and UAS are logical entities) UAS: a user agent server responding to the requests (the roles of UAC and UAS are logical entities) SS: flexibly preferred to any middle servers: registrar, proxy servers SS: flexibly preferred to any middle servers: registrar, proxy servers

5 SIP Vulnerabilities Proxy Impersonation Proxy Impersonation Message Tampering Message Tampering Session Teardown Session Teardown Spoofed BYEs Spoofed BYEs Denial of Service Denial of Service Malformed packets Malformed packets REGISTER and INVITE flooding REGISTER and INVITE flooding Registration Hijacking Registration Hijacking

6 SIP Security Registration hijacking Registration hijacking Authenticate originators of requests Authenticate originators of requests Proxy impersonation Proxy impersonation Authenticate servers Authenticate servers Message tampering Message tampering Secure body and certain headers end-to-end Secure body and certain headers end-to-end Session teardown Session teardown Authenticate sender of BYE Authenticate sender of BYE Confidentiality so attacker can’t learn To, From tags Confidentiality so attacker can’t learn To, From tags Denial of Service Denial of Service Authenticate and authorize registrations Authenticate and authorize registrations

7 Objectives Use AVISPA to model basic protocol. Use AVISPA to model basic protocol. Model SIP URI registration and look for registration hijack attacks. Model SIP URI registration and look for registration hijack attacks. Model interdomain session setup and look for message tampering and proxy impersonation attacks. Model interdomain session setup and look for message tampering and proxy impersonation attacks. Add proxy-to-proxy authentication and secrecy (TLS) to model. Add proxy-to-proxy authentication and secrecy (TLS) to model. Discuss other vulnerabilities that we weren’t able to model. Discuss other vulnerabilities that we weren’t able to model.

8 SIP Model (1) Simplified message formats: REGISTER REGISTER OK OK INVITE INVITE BYE BYE ACK ACK

9 SIP Model (2) Register: Register: UAC -> SS: {sipregister.Ns} SS -> UAC: {sipok} Invite, connect, bye: Invite, connect, bye: UAC -> SS: {sipinvite.UAC.UAS.{Ni}} SS -> UAS: {sipinvite.UAC.UAS.SS.{Ni}} UAS -> SS: {sipok.UAS.UAC.SS.{Nj}} SS -> UAC: {sipok.UAS.UAC.{Nj}} UAC -> UAS: {sipack.UAC.UAS} UAC -> UAS: {sipbye.UAS.UAC} UAS -> UAC: {sipok.UAC.UAS}

10 Discussion --- Authentication Server Authentication: using TLS: server offers a certificate to the UA, preventing proxy impersonating Server Authentication: using TLS: server offers a certificate to the UA, preventing proxy impersonating User Authentication: using HTTP digest: server challenges a user with a 401 Proxy Authentication, preventing registration hijacking User Authentication: using HTTP digest: server challenges a user with a 401 Proxy Authentication, preventing registration hijacking

11 Discussion --- Interdomain Authentication Trust relationship needed: client-server, server- server Trust relationship needed: client-server, server- server UAC SS UAS UAC SS Evil UAC SS SS Evil More infrastructures required for absolute interdomain authentication: signature verifications, voice recognitions More infrastructures required for absolute interdomain authentication: signature verifications, voice recognitions

12 Discussion --- Message Secrecy Mechanisms that rely on existence of end-user certificates are seriously limited (S/MIME). Mechanisms that rely on existence of end-user certificates are seriously limited (S/MIME). May use self-signed certificates May use self-signed certificates Susceptible to obvious MITM attack, but… Susceptible to obvious MITM attack, but… Attacker can only exploit on initial key exchange. Attacker can only exploit on initial key exchange. Difficult for attacker to remain in path of all future dialogs. Difficult for attacker to remain in path of all future dialogs. Same vulnerability in SSH => key fingerprints. Same vulnerability in SSH => key fingerprints. For VoIP, users could read off key fingerprint. For VoIP, users could read off key fingerprint. Or, use preconfigured certificates when there is an established trust between all SIP entities. Or, use preconfigured certificates when there is an established trust between all SIP entities.

13 Discussion --- DoS Attacks Floods of messages directed at proxies can lock up resources on the server. Floods of messages directed at proxies can lock up resources on the server. UAs and proxies should challenge questionable requests. UAs and proxies should challenge questionable requests. Mutual authentication of proxies (TLS) Mutual authentication of proxies (TLS) Reduces potential for intermediaries to introduce falsified requests or responses. Reduces potential for intermediaries to introduce falsified requests or responses. Harder for attackers to make innocent SIP nodes into agents of amplification. Harder for attackers to make innocent SIP nodes into agents of amplification.

14 Conclusions AVISPA is easy to use, but difficult to model something besides secrecy and authentication, such as DoS. AVISPA is easy to use, but difficult to model something besides secrecy and authentication, such as DoS. Registration hijacks are easy to prevent with server authentication (TLS). Registration hijacks are easy to prevent with server authentication (TLS). TLS prevents MITM, but does nothing if proxy is evil; need end-to-end encryption. TLS prevents MITM, but does nothing if proxy is evil; need end-to-end encryption. Simple protocol becomes very complex when addressing vulnerabilities. Simple protocol becomes very complex when addressing vulnerabilities.

Download ppt "SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)"

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
www.dynamicsoft.com U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP 2000-05-10-00 SIP Security Jonathan Rosenberg Chief Scientist.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.
SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,

SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
Signalling Flows for the IP Multimedia Call Control in 3G Wireless Network Master’s Project By Sanjeev Kayath.

Signalling Flows for the IP Multimedia Call Control in 3G Wireless Network Master’s Project By Sanjeev Kayath.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
SIP Security Mechanisms Through a secure Software Engineering approach Prajwalan Karanjit

SIP Security Mechanisms Through a secure Software Engineering approach Prajwalan Karanjit
© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.

© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.
1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat 41546342 Supervisor: Dr. Rajan Shankaran.

1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat Supervisor: Dr. Rajan Shankaran.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Similar presentations

Ads by Google