Upload
candie
View
31
Download
2
Embed Size (px)
DESCRIPTION
Analysis of SIP security. Ashwini Sanap (006312787) Deepti Agashe (006331234). Agenda. Introduction SIP Entities and messages Security Mechanism Security Attacks Conclusion. Introduction. Session Initiation Protocol (SIP) Application Layer Signaling Protocol - PowerPoint PPT Presentation
Citation preview
Analysis of SIP security
Ashwini Sanap (006312787)
Deepti Agashe (006331234)
Agenda
Introduction SIP Entities and messages Security Mechanism Security Attacks Conclusion
Introduction
Session Initiation Protocol (SIP)
Application Layer Signaling Protocol
Create, Terminate and Manage Session
Similar to HTTP (Request/Response)
SIP Identity (URI)
SIP Entities and Messages
Security Mechanisms
SIP Security
Application Layer Transport Layer Network Layer
HTTP Basic Authentication
Secure MIMEHTTP Digest Authentication
TLS IPSec
Digest Authentication
Challenge based AuthenticationEncryption
not provided
Confidentiality lost
Secure MIME
Multipurpose Internet Mail Extension End to End security Encrypts MIME body using public key of
receiver PK Exchanged thru Certificates Entity Authentication
Transport Layer Security (TLS)
TCP->TLS SIPS (Similar to HTTPS) SIPS ensures parameters passed
securely SRTP ensures media is also secured SIPS+SRTP = Protection
IPSec
Network Layer Security Hop by Hop Creates VPN between sites Provides Encryption (DES,IDEA), Authentication and
Integrity(MD5, SHA)
SIP Based network attacks
Registration Hijacking Authenticate originators of requests
SIP Based network attacks
Session Hijacking
SIP Based network attacks
Impersonating a Server
SIP Based network attacks :
Tearing Down Sessions
SIP Based network attacks :
Other attacks include :
Tampering with Message Bodies
Denial of Service and Amplification
Bots and DDOS Attacks
Conclusion
SIP is expected to be the future VoIP protocol of choice.
Use SIP-optimized firewalls, which both support use of standards-based security and provide the best possible protection where system-wide standards-based security is not possible.