Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

Published byJessie Barry Lewis Modified over 9 years ago

Similar presentations

Presentation on theme: "SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and."— Presentation transcript:

1 SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and Donald Papalilo, CoRiTeL — Research Consortium in Telecommunications IEEE Network November/December 2002 通訊所 研一 黃清富

2 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load2 Outline  Security Mechanisms in SIP  The Authentication Procedure in SIP  An Example Scenario of a SIP-Based IP Telephony Service  Methodology for the Evaluation of Processing Cost and Experimental Results  Conclusions  References

3 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load3 SIP Basic Call Flow INVITE F1 INVITE F2 INVITE F4 100 Trying F3 100 Trying F5 180 Ringing F6 180 Ringing F7 180 Ringing F8200 OK F9 200 OK F10 200 OK F11 ACK F12 Media Session BYE F13 200 OK F14

4 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load4 Security Mechanisms in SIP  Two reasons for securing SIP header and body  Security in SIP End-to-end versus hop-by-hop  Caller and/or callee versus two SIP entities  SIP protocol versus TLS or IPsec  Tow main security mechanisms Authentication  To prevent attackers from modifying and/or replaying SIP requests and responses Encryption  To ensure confidentiality

5 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load5 Security Mechanisms in SIP (cont.)

6 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load6 Security Mechanisms in SIP (cont.)  Types of attacks Snooping Modification attacks  DoS (denial of service) Spoofing SIP prone to DoS attacks  e.g., flooding

7 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load7 The Authentication Procedure is SIP SERVER REQUEST nonce, realm username, response REQUEST CHALLENGE nonce, realm CLIENT Generate the nonce value Compute response= = F( nonce, username, password, realm) Authentication: compute F( nonce, username, password, realm) And compare with response

8 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load8 The Authentication Procedure is SIP (cont.) User agent Client (UAC) Proxy server Proxy server User agent server (UAS) INVITE 407 proxy authentication Required ( nonce, … ) ACK INVITE ( nonce, …, response) INVITE 180 ringing 200 OK 180 ringing 200 OK ACK Authentication

9 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load9 An Example Scenario of a SIP-Based IP Telephony Service ITSP (Internet telephony service provider) provides gateway and delivers calls to the PSTN. Proxy authentication Proxy-to-proxy authentication

10 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load10 Methodology for the Evaluation of Processing Cost and Experimental Results

11 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load11 Methodology for the Evaluation of Processing Cost and Experimental Results (cont.)

12 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load12 Methodology for the Evaluation of Processing Cost and Experimental Results (cont.)

13 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load13 Methodology for the Evaluation of Processing Cost and Experimental Results (cont.)

14 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load14 Conclusions  The authentication procedure, based on HTTP Digest authentication, is described.  The performance aspects of SIP authentication are considered with a pure experimental approach.  The processing costs of different security procedures/scenarios are compared.

15 2003/12/08SIP Security Issues: The SIP Authentication Procedure and its Processing Load15 References  “ SIP Security Issues: The SIP Authentication Procedure and Processing Load, ” IEEE Network, Nov/Dec 2002.  “ SIP: Session Initiation Protocol, ” IETF RFC 3261,June 2002.  “ HTTP Authentication: Basic and Digest Access Authentication, ” IETF RFC 2617, June 1999.

Download ppt "SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and."

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
www.dynamicsoft.com U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP 2000-05-10-00 SIP Security Jonathan Rosenberg Chief Scientist.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com VON Europe 2000 - 06-19-00 SIP Update Jonathan Rosenberg Chief Scientist co-chair, IETF SIP Working Group.

VON Europe SIP Update Jonathan Rosenberg Chief Scientist co-chair, IETF SIP Working Group.
Advanced Flooding Attack on a SIP Server Xianglin Deng, Canterbury University Malcolm Shore, Canterbury University & Telecom NZ.

Advanced Flooding Attack on a SIP Server Xianglin Deng, Canterbury University Malcolm Shore, Canterbury University & Telecom NZ.
SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,

SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,
1 Carrier VoIP Security: Threats and Defenses. 2 Agenda Security Philosophy VoIP Basics (IETF SIP-based) VoIP Threats Fundamental VoIP Security Mechanisms.

1 Carrier VoIP Security: Threats and Defenses. 2 Agenda Security Philosophy VoIP Basics (IETF SIP-based) VoIP Threats Fundamental VoIP Security Mechanisms.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, 2008 ~ndk/apanSIP.pdf.

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science 909-607-4651;

1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science ;
SIP Chapter 5. SIP History 1980s – first packet multimedia experiments 1992 – first IETF audio-cast 1996 – first SIP related IETF drafts Session Invitation.

SIP Chapter 5. SIP History 1980s – first packet multimedia experiments 1992 – first IETF audio-cast 1996 – first SIP related IETF drafts Session Invitation.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat 41546342 Supervisor: Dr. Rajan Shankaran.

1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat Supervisor: Dr. Rajan Shankaran.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,

History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,

Similar presentations

Ads by Google