analysis of sip security
DESCRIPTION
Analysis of SIP security. Ashwini Sanap (006312787) Deepti Agashe (006331234). Agenda. Introduction SIP Entities and messages Security Mechanism Security Attacks Conclusion. Introduction. Session Initiation Protocol (SIP) Application Layer Signaling Protocol - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/1.jpg)
Analysis of SIP security
Ashwini Sanap (006312787)
Deepti Agashe (006331234)
![Page 2: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/2.jpg)
Agenda
Introduction SIP Entities and messages Security Mechanism Security Attacks Conclusion
![Page 3: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/3.jpg)
Introduction
Session Initiation Protocol (SIP)
Application Layer Signaling Protocol
Create, Terminate and Manage Session
Similar to HTTP (Request/Response)
SIP Identity (URI)
![Page 4: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/4.jpg)
SIP Entities and Messages
![Page 5: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/5.jpg)
Security Mechanisms
SIP Security
Application Layer Transport Layer Network Layer
HTTP Basic Authentication
Secure MIMEHTTP Digest Authentication
TLS IPSec
![Page 6: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/6.jpg)
Digest Authentication
Challenge based AuthenticationEncryption
not provided
Confidentiality lost
![Page 7: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/7.jpg)
Secure MIME
Multipurpose Internet Mail Extension End to End security Encrypts MIME body using public key of
receiver PK Exchanged thru Certificates Entity Authentication
![Page 8: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/8.jpg)
Transport Layer Security (TLS)
TCP->TLS SIPS (Similar to HTTPS) SIPS ensures parameters passed
securely SRTP ensures media is also secured SIPS+SRTP = Protection
![Page 9: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/9.jpg)
IPSec
Network Layer Security Hop by Hop Creates VPN between sites Provides Encryption (DES,IDEA), Authentication and
Integrity(MD5, SHA)
![Page 10: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/10.jpg)
SIP Based network attacks
Registration Hijacking Authenticate originators of requests
![Page 11: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/11.jpg)
SIP Based network attacks
Session Hijacking
![Page 12: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/12.jpg)
SIP Based network attacks
Impersonating a Server
![Page 13: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/13.jpg)
SIP Based network attacks :
Tearing Down Sessions
![Page 14: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/14.jpg)
SIP Based network attacks :
Other attacks include :
Tampering with Message Bodies
Denial of Service and Amplification
Bots and DDOS Attacks
![Page 15: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/15.jpg)
Conclusion
SIP is expected to be the future VoIP protocol of choice.
Use SIP-optimized firewalls, which both support use of standards-based security and provide the best possible protection where system-wide standards-based security is not possible.
![Page 16: Analysis of SIP security](https://reader035.vdocuments.us/reader035/viewer/2022062723/56813e7a550346895da8a2c0/html5/thumbnails/16.jpg)