Presentation is loading. Please wait.

Presentation is loading. Please wait.

5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 1 Evaluation of Existing Voice over Internet Protocol Security Mechanisms & A Recommended.

Published byPayton Gladwin Modified over 9 years ago

Similar presentations

Presentation on theme: "5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 1 Evaluation of Existing Voice over Internet Protocol Security Mechanisms & A Recommended."— Presentation transcript:

1 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 1 Evaluation of Existing Voice over Internet Protocol Security Mechanisms & A Recommended Implementation for a SIP-based VoIP Phone Brett Wilson Hakan Evecek

2 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 2 Overview Basic Voice Over IP (VoIP) Architecture Basic Voice Over IP (VoIP) Architecture Basic VoIP Calling Procedure Basic VoIP Calling Procedure VoIP Service Issues VoIP Service Issues Call Setup and Management Security Call Setup and Management Security Session Initiation Protocol (SIP) Overview Session Initiation Protocol (SIP) Overview SIP Security Mechanisms SIP Security Mechanisms Recommended minimum implementation to protect SIP call setup/management Recommended minimum implementation to protect SIP call setup/management Media Stream Security Media Stream Security Secure Real Time Protocol (SRTP), Multimedia Internet Keying (MIKEY) Secure Real Time Protocol (SRTP), Multimedia Internet Keying (MIKEY) Recommended minimum implementation to protect media stream Recommended minimum implementation to protect media stream

3 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 3 Basic VoIP Architecture End Users End Users VoIP handsets, conferencing units, mobile units, PC softphones VoIP handsets, conferencing units, mobile units, PC softphones Network Components Network Components Network Protocols Network Protocols Public Switched Telephone Network (PSTN) gateways provide access to non-VoIP phones Public Switched Telephone Network (PSTN) gateways provide access to non-VoIP phones Call managers, routers, Network Address Translations (NATs), firewalls, gateways Call managers, routers, Network Address Translations (NATs), firewalls, gateways SIP Proxies/H.323 Gatekeepers SIP Proxies/H.323 Gatekeepers

4 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 4 VoIP Calling Procedure Call setup/maintenance Call setup/maintenance H.323 or SIP used as the signaling protocol H.323 or SIP used as the signaling protocol Both are commonly used to establish contact and negotiate the media stream connection and details Both are commonly used to establish contact and negotiate the media stream connection and details SIP is newer and has several advantages over H.323 SIP is newer and has several advantages over H.323 Media connection Media connection After calling session has been created a media connection is created for exchanging media packets After calling session has been created a media connection is created for exchanging media packets A separate connection/protocol A separate connection/protocol RTP is common RTP is common

5 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 5 Link & Physical Layer IP UDP TCP RTP Voice Codec G.711, 723, 729, etc. RTCP H.225 RAS H.225 Call Signaling H.245 Audio Application Terminal Control & Management H.323 Protocol Stack

6 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 6 Link & Physical Layer IP UDP TCP RTP Voice Codec G.711, 723, 729, etc. RTCP SIPSDP Audio Application Terminal Control & Management SIP Protocol Stack

7 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 7 SIP vs H.323 Distinct advantages to both protocols Distinct advantages to both protocols SIP SIP Many recent comparisons regard SIP as the future for VoIP Many recent comparisons regard SIP as the future for VoIP However, H.323 use will continue due to existing implementations and its advantages However, H.323 use will continue due to existing implementations and its advantages Currently receiving most attention from researchers and the VoIP implementers Currently receiving most attention from researchers and the VoIP implementers Our research focused on SIP Our research focused on SIP

8 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 8 Basic SIP Operation Bob wants to place a call to Alice Bob wants to place a call to Alice Bob sends INVITE msg to Alice through his SIP proxy server Bob sends INVITE msg to Alice through his SIP proxy server May require authentication to the proxy May require authentication to the proxy Bob’s proxy server relays request to Alice’s proxy server Bob’s proxy server relays request to Alice’s proxy server Bob’s proxy finds Alice’s proxy using DNS Bob’s proxy finds Alice’s proxy using DNS Alice’s proxy server relays request to Alice’s location Alice’s proxy server relays request to Alice’s location Alice’s location is known only if she “registers” her location with her proxy Alice’s location is known only if she “registers” her location with her proxy Typically done by the user agent on a periodic basis Typically done by the user agent on a periodic basis Alice replies with OK msg to Bob back through the proxies Alice replies with OK msg to Bob back through the proxies Bob sends Alice an ACK directly to his location Bob sends Alice an ACK directly to his location

9 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 9 Basic SIP Operation

10 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 10 Example SIP INVITE message INVITE sip:bob@biloxi.com SIP/2.0 INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.biloxi.com;branch=z9hG4bK776asdhds Via: SIP/2.0/UDP pc33.biloxi.com;branch=z9hG4bK776asdhds Max-Forwards: 70 Max-Forwards: 70 To: Alice To: Alice From: Bob ;tag=1928301774 From: Bob ;tag=1928301774 Call-ID: a84b4c76e66710@pc33.biloxi.com Call-ID: a84b4c76e66710@pc33.biloxi.com CSeq: 314159 INVITE CSeq: 314159 INVITE Contact: Contact: Content-Type: application/sdp Content-Type: application/sdp Content-Length: 142 Content-Length: 142 (Bob's SDP not shown) (Bob's SDP not shown)

11 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 11 Basic SIP Operation, cont’d SIP does not establish media connection parameters SIP does not establish media connection parameters SIP body typically contains Session Description Protocol (SDP) used to negotiate media parameters SIP body typically contains Session Description Protocol (SDP) used to negotiate media parameters After call is established, SIP can be used to modify call (add more participants, etc) and to end the call After call is established, SIP can be used to modify call (add more participants, etc) and to end the call

12 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 12 VoIP Service Issues QoS QoS Can packet-switched networks provide the same reliability/voice quality as the PSTN? Can packet-switched networks provide the same reliability/voice quality as the PSTN? Latency, jitter, echo Latency, jitter, echo Security Security Confidentiality Confidentiality Concealing signaling details as well as media streams Concealing signaling details as well as media streams Integrity Integrity Ensuring message content is unaltered Ensuring message content is unaltered Providing a way to determine/authenticate message origin Providing a way to determine/authenticate message origin Availability Availability Preventing denial or disruption of service Preventing denial or disruption of service

13 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 13 Disclaimers & Problems Protocol security is only a piece of the big picture security of a system may always be compromised by naïve implementation or administration. Security of a single protocol does not help all participating protocols have to be made secure. Physical security counts as well. Security protocols cannot solve social layer issues.

14 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 14 Disclaimer #4

15 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 15 SIP Issues with Network Address Translation (NAT) traversal NAT presents major difficulties NAT presents major difficulties How to accurately register oneself from inside NAT? How to accurately register oneself from inside NAT? Only know local private IP Only know local private IP How to receive incoming calls? How to receive incoming calls? Proxy only knows public IPs of NAT Proxy only knows public IPs of NAT How to set up public NAT IP/ports for negotiated media stream? How to set up public NAT IP/ports for negotiated media stream? Real Time Protocol (RTP)/RTCP require sequential ports Real Time Protocol (RTP)/RTCP require sequential ports

16 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 16 Solutions for SIP NAT traversal Application Layer Gateways/MIDCOM Application Layer Gateways/MIDCOM Allow control of NAT IP/port assignments Allow control of NAT IP/port assignments Con - Someone at home can’t control ISP’s NAT Con - Someone at home can’t control ISP’s NAT New “Translate” SIP header New “Translate” SIP header Requires registration server to associate translated IP/port with given contact name Requires registration server to associate translated IP/port with given contact name Registration connection must be maintained Registration connection must be maintained Use of Simple Traversal of User Datagram Protocol (STUN)/Traversal Using Relay NAT (TURN) Use of Simple Traversal of User Datagram Protocol (STUN)/Traversal Using Relay NAT (TURN) STUN allows NAT discovery/type determination and public IP/port assignments STUN allows NAT discovery/type determination and public IP/port assignments TURN allows external connection requests to reach application behind NAT TURN allows external connection requests to reach application behind NAT Acts as relay server between external and internal hosts Acts as relay server between external and internal hosts

17 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 17 SIP vulnerabilities Registration Registration Prevent unauthorized registration modification Prevent unauthorized registration modification Impersonation of Registration Server Impersonation of Registration Server Prevent attacker from impersonating a valid registration server Prevent attacker from impersonating a valid registration server Protecting SIP message bodies Protecting SIP message bodies End-to-End security End-to-End security Prevent attackers from interfering with call setup negotiation Prevent attackers from interfering with call setup negotiation Session security Session security Ensuring attackers can not alter sessions Ensuring attackers can not alter sessions Protecting SIP headers Protecting SIP headers Denial of Service Denial of Service Protect against numerous attack strategies that can generate large volume of SIP msgs at target host Protect against numerous attack strategies that can generate large volume of SIP msgs at target host

18 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 18 Considerations for securing SIP Entire SIP message can not be encrypted end- to-end Entire SIP message can not be encrypted end- to-end SIP relies on proxies to modify/insert header fields SIP relies on proxies to modify/insert header fields SIP transport mechanisms are specified on a hop-by-hop basis SIP transport mechanisms are specified on a hop-by-hop basis User has no control over how proxy server relays request User has no control over how proxy server relays request Firewalls/NATs present major challenges Firewalls/NATs present major challenges

19 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 19 Securing SIP HTTP Authentication HTTP Authentication Digest authentication allows for one-way authentication and replay-attack prevention Digest authentication allows for one-way authentication and replay-attack prevention Network/Transport Layer Network/Transport Layer IPSec IPSec Can provide hop-by-hop security for UDP, TCP SCTP Can provide hop-by-hop security for UDP, TCP SCTP An IPsec profile detailing protocols/mechanisms for securing SIP would be needed An IPsec profile detailing protocols/mechanisms for securing SIP would be needed Key management issues Key management issues TLS TLS Can not be applied to UDP-based SIP (only TCP or other reliable transport protocol) Can not be applied to UDP-based SIP (only TCP or other reliable transport protocol) Applied hop-by-hop Applied hop-by-hop All SIP proxies required to implement All SIP proxies required to implement

20 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 20 Securing SIP, cont’d S/MIME S/MIME Use for public key distribution, authentication, integrity, and confidentiality of SIP signaling data Use for public key distribution, authentication, integrity, and confidentiality of SIP signaling data Protect SIP header fields through tunneling entire SIP message as an S/MIME body Protect SIP header fields through tunneling entire SIP message as an S/MIME body SIP Authenticated Identity Body SIP Authenticated Identity Body Basically same as S/MIME tunneling, but instead of “tunneling” the entire message, only a specific subset of headers are signed Basically same as S/MIME tunneling, but instead of “tunneling” the entire message, only a specific subset of headers are signed

21 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 21 AIB Minimum Content Content-Type: message/sipfrag Content-Type: message/sipfrag Content-Disposition: aib; handling=optional Content-Disposition: aib; handling=optional From: Alice From: Alice To: Bob To: Bob Contact: Contact: Date: Thu, 21 Feb 2002 13:02:03 GMT Date: Thu, 21 Feb 2002 13:02:03 GMT Call-ID: a84b4c76e66710 Call-ID: a84b4c76e66710 CSeq: 314159 INVITE CSeq: 314159 INVITE

22 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 22 AIB Example INVITE sip:bob@example.net SIP/2.0 Via: SIP/2.0/UDP pc33.example.com;branch=z9hG4bKnashds8 Via: SIP/2.0/UDP pc33.example.com;branch=z9hG4bKnashds8 To: Bob To: Bob From: Alice ;tag=1928301774 From: Alice ;tag=1928301774 Call-ID: a84b4c76e66710 Call-ID: a84b4c76e66710 CSeq: 314159 INVITE CSeq: 314159 INVITE Max-Forwards: 70 Max-Forwards: 70 Date: Thu, 21 Feb 2002 13:02:03 GMT Date: Thu, 21 Feb 2002 13:02:03 GMT Contact: Contact: Content-Type: multipart/mixed; boundary=unique-boundary-1 Content-Type: multipart/mixed; boundary=unique-boundary-1 --unique-boundary-1 --unique-boundary-1 Content-Type: application/sdp Content-Type: application/sdp Content-Length: 147 Content-Length: 147 v=0 v=0 o=UserA 2890844526 2890844526 IN IP4 example.com o=UserA 2890844526 2890844526 IN IP4 example.com s=Session SDP s=Session SDP c=IN IP4 pc33.example.com c=IN IP4 pc33.example.com t=0 0 t=0 0 m=audio 49172 RTP/AVP 0 m=audio 49172 RTP/AVP 0 a=rtpmap:0 PCMU/8000 a=rtpmap:0 PCMU/8000

23 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 23 AIB Example, cont’d --unique-boundary-1 Content-Type: multipart/signed; Content-Type: multipart/signed; protocol="application/pkcs7-signature"; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 micalg=sha1; boundary=boundary42 Content-Length: 608 Content-Length: 608 --boundary42 --boundary42 Content-Type: message/sipfrag Content-Type: message/sipfrag Content-Disposition: aib; handling=optional Content-Disposition: aib; handling=optional From: Alice From: Alice To: Bob To: Bob Contact: Contact: Date: Thu, 21 Feb 2002 13:02:03 GMT Date: Thu, 21 Feb 2002 13:02:03 GMT Call-ID: a84b4c76e66710 Call-ID: a84b4c76e66710 CSeq: 314159 INVITE CSeq: 314159 INVITE --boundary42 --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s; Content-Disposition: attachment; filename=smime.p7s; handling=required handling=required ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 7GhIGfHfYT64VQbnj756 --boundary42-- --boundary42-- --unique-boundary-1-- --unique-boundary-1--

24 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 24 Securing SIP, cont’d SIP Authenticated Identity Management SIP Authenticated Identity Management Proposes that each SIP proxy provide authentication services and then sign such authentication with a trusted certificate Proposes that each SIP proxy provide authentication services and then sign such authentication with a trusted certificate Insert into new “Identity” header Insert into new “Identity” header Addresses the fact that most end users don’t have their own certificate Addresses the fact that most end users don’t have their own certificate “Signs” the assertion that the user in the “from” field has the authority to use that Address of Record “Signs” the assertion that the user in the “from” field has the authority to use that Address of Record

25 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 25 Recommended Implementation to Secure SIP Ability to establish and maintain a TLS connection for registration and requests Ability to establish and maintain a TLS connection for registration and requests Provides complete confidentiality, authenticity, integrity Provides complete confidentiality, authenticity, integrity Ability to respond to digest authentication challenges Ability to respond to digest authentication challenges Authenticate with proxy for registration/service Authenticate with proxy for registration/service Ability to use AIB to protect SIP body and headers Ability to use AIB to protect SIP body and headers In absence of TLS anywhere along route will still provide authentication and integrity of original SIP request In absence of TLS anywhere along route will still provide authentication and integrity of original SIP request Ability to handle receipt of an AIB payload and correctly deduce whether security violations have occurred in transit Ability to handle receipt of an AIB payload and correctly deduce whether security violations have occurred in transit Must be able to determine whether changes in SIP headers are legitimate (due to intermediaries) or represent a security breach Must be able to determine whether changes in SIP headers are legitimate (due to intermediaries) or represent a security breach

26 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 26 Securing the Media Stream Encryption of media content May take place either at IP or RTP layer Performance overhead considerable New established solutions for keying – Multimedia Internet Keying (MIKEY) protocol

27 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 27 The Secure Real – Time Transport Protocol (SRTP) The security goals for SRTP are to ensure: · The confidentiality of the RTP and RTCP payloads, · The integrity of the entire RTP and RTCP packets, together with protection against replayed packets. Goals for the protocol are: Goals for the protocol are: A framework that permits upgrading with new cryptographic transforms, A low computational cost, A framework that permits upgrading with new cryptographic transforms, A low computational cost, Low bandwidth cost, a framework preserving RTP header compression efficiency, and, asserted by the pre-defined transforms, A small footprint (i.e., small code size and data memory for keying information and replay lists), Low bandwidth cost, a framework preserving RTP header compression efficiency, and, asserted by the pre-defined transforms, A small footprint (i.e., small code size and data memory for keying information and replay lists), Independence from the underlying transport, network, and physical layers used by RTP, in particular high tolerance to packet loss and re-ordering. Independence from the underlying transport, network, and physical layers used by RTP, in particular high tolerance to packet loss and re-ordering.

28 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 28 Key Management for SRTP – MIKEY A key management scheme that addresses real-time multimedia scenarios (e.g. SIP calls and RTSP sessions, streaming, unicast, groups, multicast). A key management scheme that addresses real-time multimedia scenarios (e.g. SIP calls and RTSP sessions, streaming, unicast, groups, multicast). MIKEY uses a 160-bit authentication tag, generated by HMAC with SHA-1 MIKEY uses a 160-bit authentication tag, generated by HMAC with SHA-1 MIKEY defines three options for the user authentication and negotiation of the master keys all as 2 way- handshakes. They are: MIKEY defines three options for the user authentication and negotiation of the master keys all as 2 way- handshakes. They are: Symmetric key distribution (pre-shared keys, MAC for integrity protection· Symmetric key distribution (pre-shared keys, MAC for integrity protection· Asymmetric key distribution public keys Asymmetric key distribution public keys Diffie-Hellman key agreement protected by digital signatures; needs a certificate like in the public key case. Diffie-Hellman key agreement protected by digital signatures; needs a certificate like in the public key case.

29 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 29 Recommended Implementation to Secure VoIP Media Stream Support for SRTP Support for SRTP AES – Counter Mode Encryption AES – Counter Mode Encryption Support for MIKEY Support for MIKEY

30 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 30 Conclusion VoIP security is complex VoIP security is complex Numerous protocols Numerous protocols NAT/firewall traversal issues NAT/firewall traversal issues QoS issues QoS issues Technologies are in place to secure VoIP Technologies are in place to secure VoIP Solutions we’ve discussed Solutions we’ve discussed However, no “standard” approach is being used However, no “standard” approach is being used Current VoIP providers do not secure calls Current VoIP providers do not secure calls http://www.vonage.com/help_knowledgeBase_article. php?article=841 http://www.vonage.com/help_knowledgeBase_article. php?article=841 http://www.vonage.com/help_knowledgeBase_article. php?article=841 http://www.vonage.com/help_knowledgeBase_article. php?article=841 Searches of AT&T and Earthlink turned up no info on secure VoIP Searches of AT&T and Earthlink turned up no info on secure VoIP

31 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 31 Future Research/Tests Evaluate the effects of the recommended security systems on different VoIP platforms. Evaluate the effects of the recommended security systems on different VoIP platforms. PC-to-Phone or PC-to-PC quality testing with security measures setup. PC-to-Phone or PC-to-PC quality testing with security measures setup. Evaluate new mechanisms for Firewall/NAT problems. How Advanced Services (transfer,conferencing, instant messaging) are affected with these security parameters.

32 5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 32 References Dorgham Sisalem, Jiri Kuthan: Understanding SIP Dorgham Sisalem, Jiri Kuthan: Understanding SIPUnderstanding SIPUnderstanding SIP D. Richard Kuhn, Thomas J. Walsh, Steffen Fries: Security Considerations for Voice Over IP Systems D. Richard Kuhn, Thomas J. Walsh, Steffen Fries: Security Considerations for Voice Over IP SystemsSecurity Considerations for Voice Over IP SystemsSecurity Considerations for Voice Over IP Systems Daniel Collins: Carrier Grade Voice over IP, 2002 Daniel Collins: Carrier Grade Voice over IP, 2002 Using AES Counter Mode With IPsec ESP, Jan 2004 RFC 3686 Using AES Counter Mode With IPsec ESP, Jan 2004 RFC 3686RFC 3686RFC 3686 M. Baugher [Cisco Systems, Inc.], D. McGrew [Cisco Systems, Inc.], M. Naslund [Ericsson Research], E. Carrara [Ericsson Research], K. Norrman [Ericsson Research], The Secure Real- Time Transport Protocol (SRTP) M. Baugher [Cisco Systems, Inc.], D. McGrew [Cisco Systems, Inc.], M. Naslund [Ericsson Research], E. Carrara [Ericsson Research], K. Norrman [Ericsson Research], The Secure Real- Time Transport Protocol (SRTP)The Secure Real- Time Transport Protocol (SRTP)The Secure Real- Time Transport Protocol (SRTP) Tim Greene, Phil Hochmuth, VoIP security a Moving Target Tim Greene, Phil Hochmuth, VoIP security a Moving TargetVoIP security a Moving TargetVoIP security a Moving Target Colin Perkins: RTP Audio and Video for Internet, 2003 Colin Perkins: RTP Audio and Video for Internet, 2003 RFC 3329, Security Mechanism Agreement for the Session Initiation Protocol (SIP) http://www.ietf.org/rfc/rfc3686.txt?number=3686 RFC 3329, Security Mechanism Agreement for the Session Initiation Protocol (SIP) http://www.ietf.org/rfc/rfc3686.txt?number=3686 http://www.ietf.org/rfc/rfc3686.txt?number=3686 RFC 3893, SIP Authenticated Identity Body (AIB) Format, http://www.ietf.org/rfc/rfc3686.txt?number=3686 RFC 3893, SIP Authenticated Identity Body (AIB) Format, http://www.ietf.org/rfc/rfc3686.txt?number=3686 http://www.ietf.org/rfc/rfc3686.txt?number=3686 Useful links: VoIP-WLAN-QoS Useful Links Useful links: VoIP-WLAN-QoS Useful LinksVoIP-WLAN-QoS Useful LinksVoIP-WLAN-QoS Useful Links

Download ppt "5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 1 Evaluation of Existing Voice over Internet Protocol Security Mechanisms & A Recommended."

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Session Initiation Protocol Winelfred G. Pasamba.

Session Initiation Protocol Winelfred G. Pasamba.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
SIP/RTP/RTCP Implementation by George Fu, UCCS CS 525 Semester Project Fall 2006.

SIP/RTP/RTCP Implementation by George Fu, UCCS CS 525 Semester Project Fall 2006.
VoIP Using SIP/RTP by George Fu, UCCS CS 522 Semester Project Fall 2004.

VoIP Using SIP/RTP by George Fu, UCCS CS 522 Semester Project Fall 2004.
SIP Security Matt Hsu.

SIP Security Matt Hsu.
VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.

VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Similar presentations

Ads by Google