Download presentation
Presentation is loading. Please wait.
Published byIsabel Potter Modified over 9 years ago
1
Elin Sundby Boysen Lars Strand Norwegian Defence Research Establishment (FFI) Norwegian Computing Center (NR) University Graduate Center (UNIK) November 24, 2009 SIP Handover Extension -security issues and possible solutions
2
2 This presentation will introduce the SIP Handover Extension and discuss some security issues Introduction to SIP Session handover using the SIP Handover Extension Security issues
3
3 People are connected through voice and data, everywhere, all the time
4
INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asd hds Max-Forwards: 70 To: Bob From: Alice ;tag=1928301774 Call-ID: a84b4c76e66710@pc33.atlanta.com CSeq: 314159 INVITE Contact: Content-Type: application/sdp Content-Length: 142 SIP is an application-layer protocol used to set up, modify and terminate sessions INVITE 100 Trying 180 Ringing 200 OK ACK RTP / RTCP BYE 200 OK
5
The handover time is too long, resulting in poor user experience
7
7 The suggested SIP extension—the Handover Extension–will eliminate packet loss during handover
8
8 The SIP Handover Extension with various degrees of help from an intermediary node in the MN’s home network
9
9
10
10 The SIP Handover Extension with various degrees of help from an intermediary node in the MN’s home network
11
INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds Max-Forwards: 70 To: Bob From: Alice ;tag=1928301774 Call-ID: a84b4c76e66710@pc33.atlanta.com Handover: Call-Id=33d9f110cdb0@193.156.96.196; To-tag=5f7b910a; From-tag=as14ff55c1 CSeq: 314159 INVITE Contact: Content-Type: application/sdp Content-Length: 142 The main security issue introduced by the Handover Extension is forged Handover INVITE-messages
14
SIP already supports different types of security mechanisms. SIPS, TLS and IPSec Hop-by Hop security between proxies Authentication using Digest Access Authentication (DAA) Requires re-sending messages. Authentication and intergrity using S/MIME Hides vital headers. Shows headers needed in proxies.
15
15 In summary, we propose the SIP Handover Extension to support seamless handover in heterogeneous networks Among the current security solutions supported by SIP, S/MIME is currently the only method that provides integrity and authentication Questions? We have looked at security issues particular to the extension
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.