Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session Initiation Protocol

Published byLeslie Bennett Modified over 6 years ago

Similar presentations

Presentation on theme: "Session Initiation Protocol"— Presentation transcript:

1 Session Initiation Protocol

2 Sipsak Demo

3 What is it? SIPSAK: Try it on FreeBSD: Web site:
It’s a small command line tool for developers and administrators of Session Initiation Protocol applications. Try it on FreeBSD: /usr/ports/net/sipsak Web site: sipsak.org

4 How to use it? man sipsak Send an OPTIONS request to and display received replies sipsak -vv -s Send the instant message "Lunch time!" to the colleague and show result: sipsak -M -v -s -B "Lunch time!"

5 SIP Security

6 What problems do users face?
四面楚歌

7 SIP Security SIP security is a vast and challenging field.
Authentication Can users steal other users identity? Integrity Is the SIP message received the same as the one sent? Confidentiality Is someone else listening on your SIP call setup?

8 Threats Fake requests (e.g., fake From) Modification of content
REGISTER Contact SDP to redirect media Insertion of requests into existing dialogs: BYE, re-INVITE Denial of service (DoS) attacks Privacy Trust domains – can proxies be trusted?

9 SIP Security Mechanisms
SIP is HTTP-like How do we secure HTTP services? HTTP HTTPS (SSL) TCP based Transport Layer Security (TSL) PGP (Pretty Good Privacy) S/MIME IP based communication IPsec (IP Security)

10 Solutions for securing SIP

11 HTTP Digest Authentication
Example given in RFC 2617 Client request (user: Mufasa passwd: Circle Of Life) ? Server response:

12 HTTP Digest Authentication
Generating the MD5 values

13 HTTP Digest authentication
parameter meaning realm client domain domain destination algorithm hash algorithm: MD5, MD5-sess nonce server-chosen nonce cnonce client-chosen nonce nc # times nonce has been used digest-uri qop protection (auth, auth-int) opaque string echoed by client username user’s name in specified realm response H(H(A1):nonce:nc:cnonce:qop:H(A2))

14 HTTP Digest authentication
response = H(H(A1):nonce:nc:cnonce:qop:H(A2)) A1 = username:realm:password A2 = method:URI or method:URI:H(body) where H(x) = MD5(x)

15 SIP Proxy Digest Authentication
Proxy Server using Digest Authentication Proxy Server Invite

16 SIP Proxy Digest Authentication
Proxy Server using Digest Authentication Proxy Server Invite Challenge

17 TLS security: SIPS URI SIPS scheme added in RFC 3261
TLS must be used on the whole path. Can not be applied to UDP-based SIP (only TCP or other reliable transport protocol) Applied hop-by-hop All SIP proxies required to implement

18 How to secure the talk? Securing the real-time media streams
Multimedia streams are packet-oriented Encryptions and authentication algorithms should not cause too much delay Transmission must be UDP based Only two security mechanisms are currently available.

19 Securing the real-time media streams

20 Secure Real-Time Transport Protocol (SRTP)
The Secure RTP Packet Format:

21 SRTP Default Encryption Algorithm

22 Secure Real-Time Transport Protocol (SRTP)
The Secure RTCP Packet Format:

23 VoIP security is complex
Conclusion VoIP security is complex Numerous protocols NAT/firewall traversal issues QoS issues Technologies are in place to secure VoIP Solutions we’ve discussed However, no “standard” approach is being used Current VoIP providers do not secure calls

24 SIP Programming

25 SIP Programming SIP follows HTTP programming model
Three mechanisms suggested in IETF Call Processing Language ( SIP – CPL ) Common Gateway Interface ( SIP – CGI ) SIP Servlet Other Options Creation Markup Language (SCML) Voice Extensible Markup Language (VoiceXML) Call Control extensible Markup Language (CCXML)

26 SIP Programming Examples Users and third parties may program
“discard all calls from Monica during my business hours” “redirect authenticated friends to my cell phone, anyone else to my secretary” “if busy, return my homepage and redirect to recorder” Users and third parties may program

27 SIP Programming

28 Where Services Locate? Source: H. Schulzrinne: “Industrial Strength IP Telephony”

29 Common Gateway Interface
Almost identical to HTTP CGI Language independent ( Perl, Tcl, C, C++, ... ) Any binary may be executed as a separate program Communicates through IO and environment variables. More flexible but more risky Unmanaged Resource Allocating Single CGI may crash the server or user client Feb. 1, 2001: RFC 3050 (Common Gateway Interface for SIP) published

30 Call Processing Language
Designed by the IETF to support sophisticated telephony services May be used by both SIP or H.323. XML based scripting language Extensive Easily edited by GUI tools Portability allows users to move across servers. Lightweight CPL interpreter is need Better security

31 An Example A simple script that blocks anonymous callers
<?xml version="1.0" ?> <!DOCTYPE cpl PUBLIC "-//IETF//DTD RFCxxxx CPL 1.0//EN" "cpl.dtd"> <cpl>   <incoming>     <address-switch field="origin" subfield="user">       <address is="anonymous">         <reject status="reject"           reason="I don't accept anonymous calls" />       </address>     </address-switch>   </incoming> </cpl>

32 Java Servlets Similar to HTTP servlets Resource Managed By Container
The class runs within a JVM (Java Virtual Machine) on server Security provided by Java Portable between OSs & servers

33 JAIN SIP The Java-standard interface to a SIP signaling stack.
Standardizes the interface to the stack. Standardizes message interface. Standardizes events and event semantics. Application portability -verified via the TCK. Designed for developers who require powerful access to the SIP protocol. JAIN SIP can be utilized in a user agent, proxy, registrar or imbedded into a service container.

34 SIP Implementation Structure

35 Packages General package Address package Message package
Defines the architectural interfaces, the transaction and dialog interfaces and the event objects of the specification. Address package Address package contains a generic URI wrapper and defines SIP URI and Tel URIs interfaces. Message package Defines the interfaces necessary for the Request and Response messages. Header packages Header package defines interfaces for all the supported headers and extension headers

36 Application - Stack Creation
Initialize Stack using SipFactory: try { Properties properties = new Properties(); properties.setProperty("javax.sip.IP_ADDRESS", " "); properties.setProperty("javax.sip.OUTBOUND_PROXY", " :5070/UDP"); ……// Other initialization properties. sipStack = sipFactory.createSipStack(properties); } catch(SipException e) { System.exit(-1); }

37 Application – Request Creation
Initialize Request using Factories: try { SipURI requestURI = addressFactory.createSipURI (toUser, toSipAddress); // … Create other headers Request request = messageFactory.createRequest (requestURI, Request.INVITE, callIdHeader, cSeqHeader, fromHeader, toHeader, viaHeaders, maxForwards); }

38 Application - Sending Requests
Send outgoing messages: try { // Create the client transaction ClientTransaction inviteTid = sipProvider.getNewClientTransaction(request); // send the request inviteTid.sendRequest(); }

39 HIGH-LEVEL SERVICE CREATION FRAMEWORK
Service Creation Environment (SCE) GUI Develop IDE Service Logic Execution Environment (SLEE)

40 HIGH-LEVEL SERVICE CREATION FRAMEWORK

41 Mechanism choosing Portability vs Performance
Portability needed if services deployed at multiple servers or end-devices. Portable languages (CPL) need to be interpreted (processing delay) Deployment scenario decides service creation mechanism.

42 Implementations BaseVoice Vanilla SIPD Meetinghouse SIP Proxy
J2EE-based SIP Server, JAIN SIP API v1.1. SIPD SIP CGI-BIN support Meetinghouse SIP Proxy CPL support Source: “

43 Reference http://netlab.boun.edu.tr/mast/sip/
Creating Value Added Services in Internet Telephony: An Overview and a Case Study on a High-Level Service Creation Environment -- Roch H. Glitho, Ferhat Khendek, and Alessandro De Marco

Download ppt "Session Initiation Protocol"

Similar presentations

SIP, Presence and Instant Messaging

SIP, Presence and Instant Messaging
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
www.dynamicsoft.com IM 2000 -- May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,
Session Initiation Protocol R94922133 張榮宏 R94922143 呂詩禹.

Session Initiation Protocol R 張榮宏 R 呂詩禹.
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.

IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
SIP Chapter 5. SIP History 1980s – first packet multimedia experiments 1992 – first IETF audio-cast 1996 – first SIP related IETF drafts Session Invitation.

SIP Chapter 5. SIP History 1980s – first packet multimedia experiments 1992 – first IETF audio-cast 1996 – first SIP related IETF drafts Session Invitation.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
Phelim O’Doherty Sun Microsystems

Phelim O’Doherty Sun Microsystems
Cmpe 491 Special Project In Computer Engineering SIP User Agent In JAVA Alp Eren YILMAZ & Serdar YALÇINKAYA.

Cmpe 491 Special Project In Computer Engineering SIP User Agent In JAVA Alp Eren YILMAZ & Serdar YALÇINKAYA.
A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University

A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University
SIP Security Matt Hsu.

SIP Security Matt Hsu.
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

Similar presentations

Ads by Google