Rfc4028 Session Timer

7/25/2019 Rfc4028 Session Timer

1/25

1

RFC4028Session Timer in the

Session Initiation Protocol

SpeakerYing Shun Lin

!"iser #uinc$ %u


2/25

2

&utline Intro!uction Session'()pires *ea!er +el! ,e+nition

-in'S( *ea!er +el! ,e+nition 422'Response Co!e ,e+nition .C / Pro)$ / .S eha"ior

Securit$ Consi!erations ()ample call Flo


3/25

3

Intro!uction 1/3 SIP !oes not !e+ne a keepali"e

mechanism 5or the sessions it esta6lishes

UACUAC

I7IT(

100 Tr$ing

Y(

call state5ul pro)$ ill retain state 5or the c


4/25

4

Intro!uction 2/3 This e)tension !e+nes a keepali"e mechanism 5or SIP

sessions9 .s sen! perio!ic re'I7IT(or.P,T(

re:uests re5erre! to as session re5resh re:uests to

keep the session ali"e 9

I5 a session re5resh re:uest is not recei"e! 6e5ore the

inter"al passes the session is consi!ere!

terminate!9oth .s are suppose! to sen! aY( an! call

state5ul pro)ies can remo"e an$ state 5or the call9
http://www.voip-telephony.org/rfc/siphttp://www.voip-telephony.org/rfc/sip


5/25

5

Intro!uction 3/3 To ne hea!er +el!s Session'()pires an!

-in'S( an! a ne response co!e 422 are!e+ne!

' Session'()pires con"e$s the !uration o5 the session

' -in'S( con"e$s the minimum alloe! "alue5or the

session e)piration9' 422 response in!icates that the session timer

!uration

as too small9


6/25

6

,e+ne some terms Session Inter"al Session ()piration Session Re5resh Re:uest Initial Session Re5resh Re:uest Su6se:uent Session Re5resh Re:uest

Re5resh


7/25

7

Session'()pires *ea!er Fiel!

,e+nition place! onl$ in re:uests I7IT( or .P,T(; as ell as

in an$ 2)) response to re:uest9

-.ST 6e prepare! to han!le Session'()pireshea!er +el! "alues o5 an$ !uration greater thanre5resher?uac


8/25

8

-in'S( *ea!er Fiel! ,e+nition use! in an re:uest I7IT( or .P,T( it

in!icates the smallest "alue o5 the sessioninter"al that can 6e use! 5or that session 9

-.ST 7&T 6e less than


9/25

9

422 Response Co!e ,e+nition

Session Inter"al Too Small

' generate! 6$ a .S or pro)$ hen a re:uest

contains a Session'()pires hea!er +el! ith a

!uration 6elo the minimum timer 5or theser"er 9

-.ST contain a -in'S( hea!er +el! ith theminimum timer 5or that ser"er9


10/25

10

Session'()pire @ -in'S( *ea!er

Fiel!s


11/25

11

.C eha"ior Aenerating an Initial Session

Re5resh Re:uest Processing a 2)) Response Processing a 422 Response Aenerating Su6se:uent Session

Re5resh Re:uests


12/25

12

.C /Pro)$ eha"ior

UACUAC

pro)$

I7IT(Supporte! =timerSession ()pires= BB > re5resher ?uacD-in'S(=BB

Re:uire= timerSupporte!= timer

Session'()pires = > re5resher?

422

200

Session Inter"al TooSmall

-in'S( =


13/25

13

.C eha"ior

UACUAC

I7IT(

pro)$

EI5 a .C knos that its peer supports the .P,T( metho!R(C&--(7,(, that .P,T( 6e use! instea! o5 a re'I7IT(

Supporte! =timerSession ()pires= BB > re5resher ?uac/uas-in'S(=BB

422Min-SE

=))


14/25

14

Pro)$ eha"ior The pro)$ processing rules re:uire the

pro)$

to remem6er in5ormation 6eteen there:uest an! response; ruling out stateless

pro)ies9

' Processing o5 Re:uests

' Processing o5 Responses

' Session ()piration


15/25

15

Pro)$ eha"ior Re:uest

call 5ailure

Supporte! =timer

Session ()pires=

small

I7IT(

Session ()pires= BB-in'S(=BB

Session ()pires=BB-in'S(=BBI7IT(

Pro)$ 1

Pro)$ 2


16/25

16

.S !i! notsupport the

session timer

Pro)$ eha"ior Response

UASUAS

pro)$ remem6ers .C !i! notsupport

There is no session e)piration 5or thissession

pro)$ remem6ers that the .C !i! support the sessiontimer

Session'()pires 5rom the 5orar!e! re:uest

re5resher =DuacD

Session ()pires


17/25

17

.S eha"ior

UASUAS

Supporte!=timerSession ()pires=-in'S(=

I7IT(

422 -in'S(=

pro)$

200 ok Session()pires=

-in'S(=


18/25

18

.S eha"ior

.C supportsG Re5resherparameter

in re:uest

re5resherparameter

in response7 none uas

7 uac 7

7 uas 7

Y none uas or uac

Y uac uac

Y uas uas


19/25

19

Securit$Consi!erations1/3

Insi!e ttacksCase 1=

a rogue .C that ishes to 5orce a .S to generate

re5reshes at a rapi! rate

' The .S or an$ pro)$ that o6Hects to this lotimer

ill reHect the re:uest ith a 422; there6$

pre"enting the attack9


20/25

20


Case2=

rogue .S that ishes to 5orce a .C to generate

re5reshes at a rapi! rate 9

' .C cop$ the current session inter"al into the

Session'()pires hea!er +el! in the re:uest9

The pro)ies ill reHect this re:uest an! pro"i!e a

-in'S( ith a higher minimum; hich the .C ill

then use9


21/25

21


&utsi!e ttacks' n element that can o6ser"e an! mo!i5$ a re:uest

or response in transit can 5orce rapi! session

re5reshes 9

'pro)ies that recor!'route an! re:uest session timerS*&.L, recor!'route ith a SIPS .RI 9

. that inserts a Session'()pires hea!er into a

re:uest or response S*&.L, inclu!e a Contact .RIthat is a SIPS .RI9

1


22/25

22

()ample Call Flo

lice

Pro)$ P1 Pro)$ P2

o61I7IT(

S(=6ranch?tag?1tag?tag?1tag?1


23/25

23

()ample Call Flo

lice

Pro)$ P1 Pro)$ P2

o6I7IT(S(=300-S(=300

422-S(=4000

MCJ8422-S(=4000

6ranch?


24/25

24

()ample Call Flo

lice

Pro)$ P1 Pro)$ P2

o611I7IT(S(=4000-S(=4000

12I7IT(S(=4000-S(=4000

13200&J

S(=400014200&JS(=4000

1200&JS(=4000

1CJ

1MCJ

1 SIP/290 200 &J ia= SIP/290/TLS pc339atlanta9e)ample9com>6ranch?recei"e!?1re5resher?uac To= o6 Nsips=6o6K6ilo)i9e)ample9comO>tag?tag?1


25/25

25

()ample Call Flo

lice

Pro)$ P1 Pro)$ P2

o6

18.P,T(S(=4000 1tag?tag?1

Documents

Rfc4028 Session Timer