Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by: Shivanagouda Biradar Yousof Pakzad This presentation is submitted to Prof. El Saddik in partial fulfillment of the requirements for the course.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented by: Shivanagouda Biradar Yousof Pakzad This presentation is submitted to Prof. El Saddik in partial fulfillment of the requirements for the course."— Presentation transcript:

1 Presented by: Shivanagouda Biradar Yousof Pakzad This presentation is submitted to Prof. El Saddik in partial fulfillment of the requirements for the course ELG 5121: Multimedia Communications June 28, 2015 Multimedia Communications : Introduction to SIP and Securing SIP Solutions School of Information Technology and Engineering (SITE), University of Ottawa

2 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 Overview  Introduction to SIP  Components  Messages  Applications  Benefits  Secured Solutions  Security Requirements  Security Threats  Security Solutions  SIP, Firewall and NAT  Conclusion and Future Directions

3 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 Telecommunication Network Migration  PSTN Network - traditionally centralized voice-centric applications ( $1 trillion industry world wide)  IP network is distributed, mostly used for text data and multimedia applications PSTN PBX IP Router PSTN Network PSTN PBX IP Network IP Router PSTN Phones IP Clients IP Clients PSTN Phones

4 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 IP Network and PSTN Network Convergence  Seamless Integration of telephony and conferencing with many other internet applications, such as e-mail, text messaging, presence and instant messaging IP Soft Phones PSTN Network PSTN PBX IP Network IP Router IP Enabled PBX IP Router IP-PSTN Gateway IP Soft Phones IP Phones PSTN Phones IP-PSTN Gateway

5 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 IP Call Processing Protocols  H.323 - ITU  H.248/MEGACO/MGCP (ITU)  SIP – Session Initiation Protocol (IETF) H.323 MGCP RTP Physical Layer Link Layer IPv4, IPv6 SIP RTSP Multimedia Applications ( text, audio, video) TCP UDP RTCP RSVP Signaling Quality of Service Media Transport

6 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP – Session Initiation Protocol  The SIP is a application layer signaling protocol, used to setup, modify and teardown multimedia sessions  Also used for Presence notification and Instant Messaging over the Internet  IETF Standard (RFC3261, 2002) for real-time multimedia communication signaling  Approved by Third-Generation Partnership Project (3GPP) as the Signaling protocol for Multimedia Applications in 3G Mobile Networks  Resources:  Sponsors:

7 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Network Components  Servers  Proxy, Redirect  Registration, Location  Conference  Gateways  SIP-PSTN  SIP-H.323  SIP-MGCP  Clients  User Agent Client  User Agent Server

8 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Applications  End to End Multimedia Call Setup  Conference call Setup  Instant Messaging  User Presence Notification  Unified Messaging  User Mobility  Value Added Services on IP Enabled PBX

9 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Messages  INVITE - Invite an user  ACK - Response for Invite  BYE - Terminate a Call  CANCEL - Cancel a Call  REGISTER - Register URL  OPTIONS - Media Capabilities  SUBSCRIBE - Request notification  NOTIFY - Event notification  MESSAGE - Instant Message Provisional (info only, not reliable)  100 Trying  180 Ringing Final (guaranteed)  200 OK  400 Bad request  401 Unauthorized  407 Proxy authorization required  Request Messages  Response Messages

10 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 URI Registration User Address user@domain, User@host user@IP_Address im: shiva@yahoo.com sip: shiva@uottawa.cashiva@uottawa.ca sip:shiva@137.122.92.219 sips:yousof@aol.ca pres:shivanna@yahoo.com Telephone Numbers Phone_number@gateway Example: tel:411;phone-context=+1613 tel:5625800;phone-context=+1613 tel:+16135625800 sip:+16135625800@wcom.com;user=phone Location server Registrar Server User Agent User Registration REGISTER sip:shiva@137.122.88.74 REGISTER sip:shiva@137.122.88.74 200 OK Location Server

11 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP - Presence  Presence functionality gives the opportunity to know who is online among your contact lists  SUBSCRIBE, NOTIFY messages are used to subscribe and notify the presence SUBSCRIBE NOTIFY sip:shiva@yahoo.com sip:yousof@aol.com yahoo.com aol.com Presence Agent Presence Server 202 Accepted 200 OK

12 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP – Instant Messaging  Instant messaging enables you to send short messages to another person.  Very useful for short requests and responses  Has better real-time characteristics than an e-mail  Yahoo, AOL, MSN Messengers etc MESSAGE sip:shiva@yahoo.com sip:yousof@aol.com @yahoo.com @aol.com IM Agent IM Agent Proxy Server Proxy Server 200 OK MESSAGE 200 OK

13 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP - End to End Call Setup (Proxy) INVITE M1 INVITE M2 INVITE M1 200 OK M9 200 OK M10 180 Ringing M7 100 Trying M5 100 Trying M3 180 Ringing M8 200 OK M11 Media Session ACK M12 180 Ringing M6 sip:shiva@yahoo.comsip:yousof@aol.com yahoo.com aol.com User Agent User Agent Proxy Server Proxy Server BYE M13 200 OK M14  SIP Proxy Server forwards requests on behalf of SIP agents  May update the SIP message before forwarding it called party

14 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP - End to End Call Setup (Redirect) INVITE M1 INVITE M4 INVITE M5 200 OK M9 200 OK M10 100 Trying M6 180 Ringing M8 Media Session ACK M11 180 Ringing M7 sip:shiva@yahoo.com sip:yousof@uottawa.ca yahoo..com uottawa.ca User Agent User Agent Proxy Server Redirect Server BYE M12 200 OK M13 302 Moved Temporarily M2 ACK M3  SIP Redirect Server responds to a UA request with redirection response indicating the current location of the called party

15 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP – Conference Setup  Ad hoc  Point to point conversation is expanded with a series of INVITE messages. (Good for small group)  Meet me  Conferencing bridge is used to mix all the media and forward on behalf of each client to other participant as a unicast message  Each participant establishes the point to point call to the conferencing bridge  Good, if all participants are interactive  Interactive Broadcast  Conferencing bridge is used but mixed media is sent to a multicast address instead of being unicast to each participant  Can have active and passive participants  SIP signaling is required for interactive participants only

16 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP - Mobility  Terminal Mobility (Mobile IP- SIP)  SIP user agent will be able to maintain its connections to the Internet as it moves from network to network and possibly changes its point of connection  Personal Mobility (SIP – REGISTER)  SIP URI (similar e-mail address) is device independent.  User can use any end-device to receive and to make calls  Service Mobility  SIP user can keep the same services when mobile  Services resident in user agent can be accessed over Internet (Ex: Call Forwarding etc).

17 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 Benefits of SIP Features Benefits Lightweight, ASCII based protocol similar to HTTP, SMTP Reuses other IETF protocols, such as SDP, DNS, etc Network Independent Increasing market adoption Can be tightly integrated with Web based services Can be used for any real time applications Including voice, video, text messaging, instance messaging and presence Availability of SIP based Products growing Simplifies development of applications Application/media Independent Can be used with non-IP networks such as ATM, MPLS Protocol Interoperability Can inter-work with H.323, PSTN/ISDN, Mobile Networks Protocol Extensibility Can work with non telephony appl.

18 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Security  SIP messages are sent in clear text  SIP security is independent of media security  SIP uses the existing network security mechanism: TLS, S/MIME, PKI, etc Location server Proxy Server SIP UA SIP Text Messages SIP UA Media: RTP

19 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP UA SIP Proxy server SIP UA Location Server DNS Server SIP Proxy server Media: RTP

20 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Security Threats  SIP Snooping, Eavesdropping  Tampering With the Message Bodies  Replaying Attack  Impersonating a Server  Impersonating Users  Registration Hijacking  Tearing Down a Session  Denial of Service and Distributed Dos Attack

21 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015  Authenticating Users  Authenticating Servers (Proxy, Registrar, Redirect)  Message Confidentiality and Integrity  Privacy SIP Security Requirements Location server Proxy Server SIP UA SIP Text Messages SIP UA Media: RTP

22 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Security: Authentication  Authenticating Servers:  TLS: Transport Layer Security, PKI certificates, RFC 2246  HTTP Digest, RFC2617  Authenticating Users:  HTTP Digest, RFC2617  TLS if users have certificates  Authentication:  Hop-by-Hop  End-To-End

23 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Security: Confidentiality and Message Integrity  End-to-End Encryption:  From Caller’s UA to Callee’s UA  Message Body and Some parts of the Headers  Using S/MIME, Secure Multipurpose Internet Mail Extension, RFC 2633  Hop-by-Hop Encryption:  To protect header information that needed by intermediaries  Rely on Network Level (IPSec) or Transport level(TLS) protocols

24 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Security Mechanisms: HTTP DIGEST  A challenge-based Authentication mechanism  Based on MD5 hash function  Limitations of HTTP Digest  It requires a pre-existing shared secret keys  Scope of realm  Not secure enough, based on secret keys not PKI  No Message Integrity Protection  No Confidentiality

25 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Security Mechanisms: S/MIME  S/MIME: Secure Multipurpose Internet Mail Extension  Confidentiality and integrity of MIME message bodies  SIP headers can also be encapsulated in MIME body for end-to-end Authentication, integrity and confidentiality  End-to-End Mutual Authentication  S/MIME Authentication Does Not Require a Shared Secret Key  Requires a common PKI Certificate Aauthority  Limitations of S/MIME  Lack of infrastructure for user Public Key Exchange  It can result in very large messages

26 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Security Mechanisms: TLS  Authentication, Integrity, Confidentiality  Usually used for server authentication  Can authenticate clients, but requires distribution of client certificates  Limitations of TLS:  Runs on TCP Only, not UDP  Offers only hop-by-hop authentication  Security in one hop doesn’t mean security in other hops  More Tightly Integrated with SIP Application

27 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP Security Mechanisms: IPSec  IPSec  Confidentiality, Authentication and Integrity  Supports TCP and UDP  Requires Pre-Shared Keys  Does not requires integration with SIP

28 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 Secure SIP URI Scheme  SIPS URI Scheme  New URI Scheme  SIPS:user@example.com  MUST Implement If You Support TLS  If Request-URI Is SIPS, All Hops MUST Be Secure  If a hop cannot be secured, the transaction fails

29 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP and Firewall  Challenges for SIP  Problem for the Media Stream  RTP will be blocked by FWs  Solutions:  FW must understand SIP and open ‘pin-holes’ for the RTP  Use Application-Level Gateways(ALG) trusted by FW  Some FWs have built-in ALG  Auth’n and Security policy controlled by ALG, not FW  ALG is B2BUA which proxies both the SIP signalling and Media Stream

30 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 SIP and NAT  Network Address Translators: Serious problems for SIP !  Changes IP Addresses and Port Numbers  SIP messages not routable ! Solutions:  SIP has a mechanism to detect presence of NAT  UAs and Proxy Sever can fix the IP addresses  This solves SIP signaling problem but NOT the Media Stream problem !  New Protocols and Extensions for NAT traversal under development: STUN, ICE, rport, symmetric RTP, TURN, connection reuse, SDP attribute for RTCP, and others.  Best Current Practices for NAT Traversal for SIP draft-ietf- sipping-nat-scenarios-01

31 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 Conclusion  SIP is a power application layer signalling protocol for multimedia applications  SIP inter-work with PSTN, H.323  SIP is widely accepted as Internet signalling protocol for both fixed and mobile 3G networks  SIP has many extensions under development  STUN: Simple Traversal of UDP Through NATs  SIMPLE: SIP for Instant Messaging Leveraging Extensions  SIP Compression for wireless networks

32 Shivangouda Biradar and Yousof Pakzad: Introduction to SIP and Securing SIP Solutions, SITE, June 28, 2015 Questions? Thank You !

Download ppt "Presented by: Shivanagouda Biradar Yousof Pakzad This presentation is submitted to Prof. El Saddik in partial fulfillment of the requirements for the course."

Similar presentations

SIP, Presence and Instant Messaging

SIP, Presence and Instant Messaging
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
www.dynamicsoft.com Fall IM 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

Fall IM 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com IM 2000 -- May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com VON Europe 2000 -- 06/19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.

IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science 909-607-4651;

1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science ;
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Similar presentations

Ads by Google