Session Initiation Protocol (SIP) - PowerPoint PPT Presentation


PPT – Session Initiation Protocol (SIP) PowerPoint presentation | free to download - id: 400237-YWFlN


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Session Initiation Protocol (SIP)


Session Initiation Protocol (SIP) Features of SIP SIP is a lightweight, transport-independent, text-based protocol. SIP has the following features: Lightweight, in ... – PowerPoint PPT presentation

Number of Views:349
Avg rating:3.0/5.0
Slides: 41
Provided by: Shan210
Learn more at:


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Session Initiation Protocol (SIP)

Session Initiation Protocol (SIP)
Features of SIP
  • SIP is a lightweight, transport-independent,
    text-based protocol. SIP has the following
  • Lightweight, in that SIP has only four methods,
    reducing complexity
  • Transport-independent, because SIP can be used
    with UDP, TCP, ATM so on.
  • Text-based, allowing for low overhead
  • SIP is primarily used for VOIP calls

Functions of SIP
  • Location of an end point
  • Signal of a desire to communicate
  • Negotiation of session parameters to establish
    the session
  • And teardown of the session once established.

How SIP works
  • SIP user agents like cell phones, PCs etc. They
    initiate message writing.
  • SIP Registrar servers They are databases
    containing User Agent locations they send agents
    IP address information to SIP proxy servers.
  • SIP Proxy servers accepts session request made
    by UA and queries SIP registrar server to find
    recipient UA address.
  • SIP Redirect servers they help communicating
    outside the domain

  • Our user A tries to call user B (1)
  • Domain SIP proxy server now queries Registrar
    server in the same domain to know about user Bs
    address (2)
  • Registrar responds with the address (3)
  • SIP proxy server calls B (4)
  • User B responds to SIP proxy (5)
  • SIP proxy answers to User A (6)
  • Now multimedia session is established on RTP
    protocol (7)

More about SIP..
  • SIP relies on SDP and RTP protocols
  • SIP proxy is a server in a SIP-based IP telephony
  • The SIP proxy takes over call control from the
    terminals and serves as a central repository for
    address translation (name to IP address)

SIP Advantages
  • SIP is a based on HTTP and MIME, which makes it
    suitable for integrated voice-data applications
  • SIP is designed for real time transmission

SIP Advantages
  • Uses fewer resources
  • Is Less complex than H.323 protocol
  • SIP uses URLs and is human readable

SIP Disadvantages
  • First one One SIP challenge is that SIP message
    contain information that Client and/or server
    will like to keep private but SIP header as well
    as message in the open and distributed
    architecture of VOIP systems makes it difficult
    to keep this information confidential.
  • I will talk about a technique to address it later

Registration hijacking
  • When a SIP user is registering with SIP Registrar
    server the attacker can hijack the registration
  • 1.By disabling the legitimate user's
    registration using DOS attack on user machine
  • 2.Send a REGISTER request with the attacker's IP
    address instead of the legitimate user's
  • Contact header information is changed by attacker
    by replacing its own IP in place of original users

Registration hijacking
  • This leads to the attacker getting the SIP
    messages intended for our original user- a
    clearly undesirable condition
  • Two main reasons for this attack are SIP
    messages being sent in clear and no SIP message
    authentication built into the protocol

  • Eavesdropping is a big problem for SIP based
    VOIP traffic. Many internet tools like Ethereal
    do that

14 ethereal works
  • Eavesdropping in VoIP requires intercepting the
    signaling and associated media streams of a
  • Media streams typically are carried over UDP
    using the RTP

How ethereal works
  • Capture and decode RTP packets
  • Analyzing session here we reassemble the
  • We store this data in audio files (like .wav,

Some remedies.
  • IPSEC security for IP packets can be one solution
  • A more common solution is to use Ethernet
    switches to restrict broadcasting data to all and
    sundry on the network.

  • Spoofing is another issue where someone can
    pose as a user and gets unauthorized access
  • Address authentication between callers built
    in the underlying transport protocols can resolve

  • Denial of service can be caused if the
    Proxy/registrar servers are somehow flooded
  • The solution lies in configuring servers to
    tackle this problem in their configuration

SIP Security Mechanisms
  • IPSEC is another way to protect IP packets the
    secure encryption making them safe from
    unauthorized access/modification
  • So with shared keys between parties IPSEC can
    provide the secure path for communication between
    SIP partners

  • TLS is another answer for security here networked
    parties during handshake can share their
    certificates which can be used for the secure
    transfer later.
  • It is widely in use in the wired internet market
  • TLS lies below FTP(ALP) but above TCP thus
    obviating the need for TCP header encryption.

Session Border Controller for SIP
  • A Firewall typically helps in the simple browser
    requesting for some information by ensuring that
    only the requested content gets transferred back
    to the browser and not the other information this
    is not so in a typical SIP using VOIP transfer
    where there are two holes on the firewall for
    public access one for signaling and other for
    media packets.
  • Also the firewall in say two LANs connected via
    internet will otherwise reject the other LANS
    traffic thinking it malicious.

  • For these addresses to be on public side of
    firewall the IP address based attacks become a
    real possibility
  • The SBC works by making all communication work
    outwards for media and signaling even the
    incoming ones

  • When our Client starts it registers with the
    registration server now SBC takes over the
    function of a PO Box so an incoming party knows
    your PO Box address but only your PO Box (your
    SBC) knows your real IP address.
  • So primarily for both signaling and media
    exchange SBC acts as the bridge between outside
    client and us.

  • SBC allows signaling and media connections to be
    dynamically opened and outbound connected.
  • SBC hides your real IP and polices the signaling
    and media connections.

SIP Denial of Service
  • DOS attacks are based on exhausting some server
    response and thus rendering it incapable for
    some/all functionalities
  • SIP server copies each incoming request in its
    internal buffers

Types of SIP servers (proxy server)
  • Stateless servers They just keep a copy of
    message while message is being sent out then
    delete it.
  • Stateful servers In general, we can distinguish
    between two types of states in SIP
  • Transaction state A transaction stateful
    server stores a copy of the received request as
    well as the forwarded request
  • Session state In certain cases servers need
    to maintain some information about the session
    throughout the lifetime of the session.

  • Regardless the server will need to maintain the
    buffered data while contacting another entity
    like an authentication, authorization, and
    accounting (AAA) server, a Domain Name Service
    (DNS) server

CPU based DOS
  • When a SIP message is received SIP server needs
    to parse this message, do some processing (e.g.,
    authentication) and forward the message
  • Though Server CPU is high speed still a lot of
    parallel loads and following resource depletion
    can cause server blocks and other malfunctions
    causing a DOS

Bandwidth based DOS
  • Sometimes access links connecting a SIP server
    are so much overloaded as to cause congestion
  • So SIP messages get lost causing further delay
    and at least a transient DOS occurs
  • DOS attacks can both be with or without malicious
    intent. SIP and its supporting transport
    protocols both need protection and safeguarding
    from attack.

DOS based on Memory exhaustion
  • A Stateful server is an easy target for flooding
    with many requests for different transactions.
  • Memory based exploitation can have two basic
    types to initiate a number of SIP sessions with
    different SIP identities and broken session
    attacks where a receiver gets an INVITE but then
    no response from the initiator many such pending
    invites can cause memory exhaustion

Some Countermeasures
  • Just like for a web or email server make a list
    of suspected users and blacklist them
  • Using authentication strategies is also
    preferable. But more CPU resources are needed to
    tighten these security problems

  • Also having SIP proxy server and applications
    server on the same hardware can really slow down
    the response time. SIP proxy may need some other
    servers service and this can cause other request
    to be suspended sometimes
  • Having dedicated hardware for servers is important

  • The first line of Defense for DOS is having high
    speed CPU, big efficient memory and many access
  • Clean memory allocation and parsing schemes is
    equally important
  • Parallel processing can lead to many request
    being served simultaneously and parallel
    execution of message parsing and forwarding of

  • Text based nature of SIP renders it vulnerable to
    spoofing, hijacking and message tampering
  • SIP utilizes transport layer protocols like TCP,
    UDP. So its vulnerable to their set of attacks
    too like for TCP SYN Flood and TCP session
  • FOR SIP software virus/bugs are also an issue
    which can be dealt by using antivirus software

SIP Security Mechanism
  • SIP specification does not include any specific
    security mechanism but relies on other internet
    security mechanisms like HTTPS Digest, TLS, and

How this authentication works
  • SIP authentication works this way
  • SIP client sends a SIP INVITE which gets answered
    by a 407 reply which is the authenticator from
    the SIP Proxy server.
  • Client now uses this authenticator to create
    information for its new header
  • With this new header attached it sends back
    REINVITE to Proxy server

  • IPSEC is another way to protect IP packets the
    secure encryption making them safe from
    unauthorized access/modification
  • So in one traditional way with shared keys
    between communicating parties IPSEC can provide
    the secure path for communication between SIP

  • SIP Wikipedia
  • SIP Security Mechanisms A state-of-the-art
    review Dimitris Geneiatakis, Georgios
    Kambourakis, Tasos Dagiuklas,Costas
    Lambrinoudakis and Stefanos Gritzalis
  • Newport Networks SBC Whitepaper
  • Denial of Service Attacks Targeting a SIP VoIP
    Infrastructure Attack Scenarios and Prevention
    Mechanisms Dorgham Sisalem and Jiri Kuthan,
    Tekelec Sven Ehlert, Fraunhofer Fokus
  • http//
  • Many information chunks from certain websites