RFC4028 Session Timer in the Session Initiation Protocol - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

RFC4028 Session Timer in the Session Initiation Protocol

Description:

Title: PowerPoint Presentation Last modified by: smartderrick Created Date: 1/1/1601 12:00:00 AM Document presentation format: Other titles – PowerPoint PPT presentation

Number of Views:93
Avg rating:3.0/5.0
Slides: 26
Provided by: club49
Learn more at: http://solomon.ipv6.club.tw
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: RFC4028 Session Timer in the Session Initiation Protocol


1
RFC4028Session Timer in theSession Initiation
Protocol
  • SpeakerYing Shun Lin
  • Adviser Quincy Wu

2
Outline
  • Introduction
  • Session-Expires Header field Definition
  • Min-SE Header field Definition
  • 422-Response Code Definition
  • UAC / Proxy / UAS Behavior
  • Security Considerations
  • Example call Flow

3
Introduction (1/3)
  • SIP does not define a keepalive mechanism for the
    sessions it establishes

INVITE
UAC
100 Trying
BYE
call stateful proxy will retain state for the
call
4
Introduction (2/3)
  • This extension defines a keepalive mechanism for
    SIP
  • sessions. UAs send periodic (re-INVITE or
    UPDATE)
  • requests (referred to as session refresh
    requests) to
  • keep the session alive .
  • If a session refresh request is not received
    before the
  • interval passes, the session is considered
    terminated.
  • Both UAs are supposed to send a BYE,and call
  • stateful proxies can remove any state for the
    call.

5
Introduction (3/3)
  • Two new header fields (Session-Expires and
    Min-SE) and a new response code (422) are defined
  • - Session-Expiresconveys the duration of
    the session
  • - Min-SE conveys the minimum
    allowed value for the
  • session
    expiration.
  • - 422 response indicates that the
    session timer duration
  • was too small.

6
Define some terms
  • Session Interval
  • Session Expiration
  • Session Refresh Request
  • Initial Session Refresh Request
  • Subsequent Session Refresh Request
  • Refresh

7
Session-Expires Header Field Definition
  • placed only in requests (INVITE or UPDATE), as
    well as in any 2xx response to request.
  • MUST be prepared to handle Session-Expires header
    field values of any duration greater than 90
  • 1800 seconds (30 minutes) is RECOMMENDED.
  • insert the Session-Expires header field SHOULD
    NOT choose values of less than 30 minutes.

Session-Expires1800refresheruac
8
Min-SE Header Field Definition
  • used in an request (INVITE or UPDATE) , it
    indicates the smallest value of the session
    interval that can be used for that session .
  • MUST NOT be less than 90 seconds
  • - When the header field is not present, its
    default
  • value for is 90 seconds.
  • MUST NOT be used in responses except for those
    with a 422 response code .

Min-SE90
9
422 Response Code Definition
  • Session Interval Too Small
  • - generated by a UAS or proxy when a request
  • contains a Session-Expires header field with
    a
  • duration below the minimum timer for the
    server .
  • MUST contain a Min-SE header field with the
    minimum timer for that server.

10
Session-Expire Min-SE Header Fields
11
UAC Behavior
  • Generating an Initial Session Refresh Request
  • Processing a 2xx Response
  • Processing a 422 Response
  • Generating Subsequent Session Refresh Requests

12
UAC /Proxy Behavior
Supported timer Session Expires XX refresher
uac Min-SE XX
INVITE
UAC
Require timer Supported timer Session-Expires
refresher
200
proxy
Min-SE
422
Session Interval Too Small
13
UAC Behavior
UAC
Min-SE xx
422
proxy
Supported timer Session Expires XX refresher
uac/uas Min-SE XX
INVITE
  • If a UAC knows that its peer supports the UPDATE
    method
  • RECOMMENDED that UPDATE be used instead of a
    re-INVITE

14
Proxy Behavior
  • The proxy processing rules require the proxy
  • to remember information between the
  • request and response, ruling out stateless
  • proxies.
  • - Processing of Requests
  • - Processing of Responses
  • - Session Expiration

15
Proxy Behavior (Request)
Supported timer Session Expires (small)
Proxy 2
call failure
Session Expires XX Min-SE XX
Session Expires XX Min-SE XX
INVITE
INVITE
Proxy 1
16
Proxy Behavior (Response)
UAS did not support the session timer
(proxy remembers UAC did not
support ) There is no session expiration for this
session
UAS
Session Expires
Session-Expires (from the forwarded request
) refresher uac
(proxy remembers that the UAC did support the
session timer )
17
UAS Behavior
Supported timer Session Expires Min-SE
UAS
INVITE
422 Min-SE
Min-SE
proxy
200 ok Session Expires
18
UAS Behavior
UAC supports? Refresher parameter in request refresher parameter in response
N none uas
N uac NA
N uas NA
Y none uas or uac
Y uac uac
Y uas uas
19
Security Considerations(1/3)
  • Inside Attacks
  • Case 1
  • a rogue UAC that wishes to force a UAS to
    generate
  • refreshes at a rapid rate
  • - The UAS or any proxy that objects to this
    low timer
  • will reject the request with a 422, thereby
  • preventing the attack.

20
Security Considerations(2/3)
  • Case2
  • rogue UAS that wishes to force a UAC to
    generate
  • refreshes at a rapid rate .
  • - UAC copy the current session interval into
    the
  • Session-Expires header field in the
    request.
  • The proxies will reject this request and
    provide a
  • Min-SE with a higher minimum, which the UAC
    will
  • then use.

21
Security Considerations(3/3)
  • Outside Attacks
  • - An element that can observe and modify a
    request
  • or response in transit can force rapid
    session
  • refreshes .
  • - proxies that record-route and request
    session timer
  • SHOULD record-route with a SIPS URI .
  • A UA that inserts a Session-Expires header
    into a
  • request or response SHOULD include a
    Contact URI
  • that is a SIPS URI.

22
Example Call Flow
(1) INVITE sipsbob_at_biloxi.example.com
SIP/2.0 Via SIP/2.0/TLS pc33.atlanta.example.c
ombranchz9hG4bKnashds8 Supported timer
Session-Expires 90 Max-Forwards 70 To
Bob ltsipsbob_at_biloxi.example.comgt From Alice
ltsipsalice_at_atlanta.example.comgttag1928301774
Call-ID a84b4c76e66710 CSeq 314159 INVITE
Contact ltsipsalice_at_pc33.atlanta.example.comgt
Content-Type application/sdp Content-Length
142
Proxy P2
Proxy P1
Alice
Bob
(1)INVITE SE90
(4) INVITE sipsbob_at_biloxi.example.com SIP/2.0
Via SIP/2.0/TLS pc33.atlanta.example.combranch
z9hG4bKnashds9 Supported timer
Session-Expires 3600 Min-SE 3600
Max-Forwards 70 To Bob ltsipsbob_at_biloxi.examp
le.comgt From Alice ltsipsalice_at_atlanta.example
.comgttag1928301774 Call-ID a84b4c76e66710
CSeq 314160 INVITE Contact
ltsipsalice_at_pc33.atlanta.example.comgt
Content-Type application/sdp Content-Length
142
(2) SIP/2.0 422 Session Interval Too Small
Via SIP/2.0/TLS pc33.atlanta.example.combranchz
9hG4bKnashds8 received192.0.2.1 Min-SE
3600 To Bob ltsipsbob_at_biloxi.example.comgttag
9a8kz From Alice ltsipsalice_at_atlanta.example.c
omgttag1928301774 Call-ID a84b4c76e66710
CSeq 314159 INVITE
(2)422 MSE3600
(3)ACK
(4)INVITE SE3600 MSE3600
23
Example Call Flow
(10) INVITE sipsbob_at_biloxi.example.com
SIP/2.0 Via SIP/2.0/TLS pc33.atlanta.example.c
ombranchz9hG4bKnashds10 Supported timer
Session-Expires 4000 Min-SE 4000
Max-Forwards 70 To Bob ltsipsbob_at_biloxi.examp
le.comgt From Alice ltsipsalice_at_atlanta.example
.comgttag1928301774 Call-ID a84b4c76e66710
CSeq 314161 INVITE Contact
ltsipsalice_at_pc33.atlanta.example.comgt
Content-Type application/sdp Content-Length
142
Proxy P2
Proxy P1
Alice
Bob
(5)INVITE SE3600 MSE3600
(6)422 MSE4000
(7)ACK
(8)422 MSE4000
(9)ACK
(10)INVITESE4000 MSE4000
24
Example Call Flow
(15) SIP/2.0 200 OK Via SIP/2.0/TLS
pc33.atlanta.example.combranchz9hG4bKnashds10
received192.0.2.1 Require timer
Supported timer Record-Route
sipsp1.atlanta.example.com Session-Expires
4000refresheruac To Bob ltsipsbob_at_biloxi.exa
mple.comgttag9as888nd From Alice
ltsipsalice_at_atlanta.example.comgttag1928301774
Call-ID a84b4c76e66710 CSeq 314161 INVITE
Contact ltsipsbob_at_192.0.2.4gt Content-Type
application/sdp Content-Length 142
Proxy P2
Proxy P1
Alice
Bob
(11)INVITESE4000 MSE4000
(12)INVITESE4000 MSE4000
(13)200OK SE4000
(14)200OK SE4000
(15)200OK SE4000
(16)ACK
(17)ACK
25
Example Call Flow
Proxy P2
Proxy P1
Alice
Bob
(18)UPDATESE4000
(19)UPDATESE4000
(18) UPDATE sipsbob_at_192.0.2.4 SIP/2.0
Via SIP/2.0/TLS pc33.atlanta.example.combranchz
9hG4bKnashds12 Route sipsp1.atlanta.example.c
om Supported timer Session-Expires
4000refresheruac Max-Forwards 70 To Bob
ltsipsbob_at_biloxi.example.comgttag9as888nd
From Alice ltsipsalice_at_atlanta.example.comgttag1
928301774 Call-ID a84b4c76e66710 CSeq
314162 UPDATE Contact ltsipsalice_at_pc33.atlanta
.example.comgt
(20)200OK SE4000
(21)200OK SE4000
(22)BYE
(23)BYE
(24)408 (Request Timeout)
About PowerShow.com