Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat 41546342 Supervisor: Dr. Rajan Shankaran.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat 41546342 Supervisor: Dr. Rajan Shankaran."— Presentation transcript:

1 1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat 41546342 Supervisor: Dr. Rajan Shankaran.

2 Agenda Introduction. The Problem. The Proposed Solution. Conclusion. 2

3 What is VoIP? Voice over Internet Protocol 3

4 SIP Architecture 4 1. User Agent (UA) 2. Registrar Server 3. Proxy server 4. Redirect Server 5. Location Server

5 SIP Scenarios 5 Intra-Domain CommunicationInter-Domain Communication

6 Agenda Introduction. The Problem. The Proposed Solution. Conclusion. 6

7 SIP Attacks SIP attacks include: Eavesdropping. Impersonation. Unauthorized Access. Message Spoofing. Session Hijacking 7

8 Digest Authentication One-way authentication. Server-to-Server is not applicable. Does not protect integrity and confidentiality. 8

9 IPsec Produces high overhead. It is non-scalable. Has NAT and firewall problems. 9

10 TLS (Transport Layer Protocol) Only for connection-oriented communications. Not applicable for UDP protocol. 10

11 Agenda Introduction. The Problem. The Proposed Solution. Conclusion. 11

12 Project Goals We need to secure the SIP protocol by protecting: SIP Integrity. SIP Confidentiality. SIP Authenticity. 12

13 Security Roles User Agent (UA): Hide the security specifications of the session. Declare the security capabilities. Update the security capabilities. Registrar Server: Generation of user certificate. Proxy Server: Generation of security parameters of the session. Verification of certificates in inter-domain communication. 13

14 Security Credentials Intra-domain Communication: 14 Message Credentials 1 UAC  P: {user1, user2, t UAC-P, N UAC-P }K PR(user1) || CERT (user1) 2 P  UAS: {user1,user2, t P-UAS, N P-UAS }K PR(P) || CERT (p) 3 UAS  P: {user1, user2, N P-UAS }K PR(user2) || CERT (user2) 4 P  UAC: K PU(user1) [{K session(user1,user2), N UAC-P } K PR(P) ] || K PU(user2) [ {K session(user1, user2), N P-UAS } K PR(P) ] || CERT (p) 5 UAC  UAS: K PU(user2) [{K session(user1, user2), N P-UAS } K PR(P) ]

15 Security Credentials Inter-domain Communication 15 Message Credentials 1 UAC  P: {user1, user2, t UAC-P1, N UAC-P1 }K PR(UAC) || CERT (user1) 2 P1  P2: {user1, P1, user2, t P1-P2, N P1-P2 }K PR(P1) || CERT (P1) 3 P2  UAS: {user1, t P2-UAS, N P2-UAS }K PR(P2) || CERT (P2) 4 UAS  P2: {user1, user2, N P2-UAS }K PR(user2) || CERT (user2) 5 P2  P1: {user1,user2, N P1-P2, }K PR(P2) || K PU(P1) [{K session(user1, user2), N P1-P2 } K PR(P2) ] || K PU(user2) [{K session(user1, user2), N P2-UAS } K PR(P2) ] || CERT (P2) 6 P1  UAC: K PU(user1) [{K session(user1, user2), N P1-P2 } K PR(P1) ] || K PU(user2) [{K session(user1, user2), N P2-UAS } K PR(P2) ] || CERT (P1) 7 UAC  UAS: K PU(user2) [{K session(user1, user2), N P2-UAS } K PR(P2) ]

16 Message Mapping 16 Security message SIP message 1INVITE 2 3OK 4 5ACK Intra-domain Communication:

17 Message Mapping 17 Security message SIP message 1INVITE 2 3 4OK 5 6 7ACK Inter-domain Communication:

18 SIP Message Body MIME (Multipurpose Internet Mail Extension). Multi-part message. 18

19 Agenda Introduction. The Problem. The Proposed Solution. Conclusion. 19

20 Summary SIP attacks target: Integrity, Confidentiality & Availability. Security roles: User Agent. Registrar server. Proxy server. Security protocol: Intra-domain communication. Inter-domain communication. SIP implementation: Header fields. Message body. 20

Download ppt "1 ITEC 809 Securing SIP in VoIP Domain Iyad Alsmairat 41546342 Supervisor: Dr. Rajan Shankaran."

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
www.dynamicsoft.com Fall IM 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

Fall IM 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com IM 2000 -- May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP 2000-05-10-00 SIP Security Jonathan Rosenberg Chief Scientist.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug 2013 - scotthel.me.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science 909-607-4651;

1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science ;
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

Similar presentations

Ads by Google