1 / 15

Elin Sundby Boysen Lars Strand Norwegian Defence Research Establishment (FFI)

SIP Handover Extension -security issues and possible solutions. Elin Sundby Boysen Lars Strand Norwegian Defence Research Establishment (FFI) Norwegian Computing Center (NR) University Graduate Center (UNIK) November 24, 2009.

edna
Télécharger la présentation

Elin Sundby Boysen Lars Strand Norwegian Defence Research Establishment (FFI)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIP Handover Extension -security issues and possible solutions Elin Sundby Boysen Lars Strand Norwegian Defence Research Establishment (FFI) Norwegian Computing Center (NR) University Graduate Center (UNIK) November 24, 2009

  2. This presentation will introduce the SIP Handover Extension and discuss some security issues • Introduction to SIP • Session handover using the SIP Handover Extension • Security issues

  3. People are connected through voice and data,everywhere, all the time

  4. SIP is an application-layer protocol used to set up, modify and terminate sessions 100 Trying 180 Ringing 200 OK ACK RTP / RTCP BYE 200 OK INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds Max-Forwards: 70 To: Bob <sip:bob@biloxi.com> From: Alice <sip:alice@atlanta.com>;tag=1928301774 Call-ID: a84b4c76e66710@pc33.atlanta.com CSeq: 314159 INVITE Contact: <sip:alice@pc33.atlanta.com> Content-Type: application/sdp Content-Length: 142 INVITE

  5. The handover time is too long, resulting in poor user experience

  6. The handover time is too long, resulting in poor user experience

  7. The suggested SIP extension—the Handover Extension–will eliminate packet loss during handover 7

  8. The SIP Handover Extension with various degrees of help from an intermediary node in the MN’s home network 8

  9. The SIP Handover Extension with various degrees of help from an intermediary node in the MN’s home network 9

  10. The SIP Handover Extension with various degrees of help from an intermediary node in the MN’s home network 10

  11. The main security issue introduced by the Handover Extension is forged Handover INVITE-messages INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds Max-Forwards: 70 To: Bob <sip:bob@biloxi.com> From: Alice <sip:alice@atlanta.com>;tag=1928301774 Call-ID: a84b4c76e66710@pc33.atlanta.com Handover: Call-Id=33d9f110cdb0@193.156.96.196; To-tag=5f7b910a; From-tag=as14ff55c1 CSeq: 314159 INVITE Contact: <sip:alice@pc33.atlanta.com> Content-Type: application/sdp Content-Length: 142

  12. The main security issue introduced by the Handover Extension is forged Handover INVITE-messages

  13. The main security issue introduced by the Handover Extension is forged Handover INVITE-messages

  14. SIP already supports different types of security mechanisms. • Hop-by Hop security between proxies • SIPS, TLS and IPSec • Authentication using Digest Access Authentication (DAA) • Requires re-sending messages. • Authentication and intergrity • using S/MIME • Hides vital headers. Shows headers needed in proxies.

  15. In summary, we propose the SIP Handover Extension to support seamless handover in heterogeneous networks • We have looked at security issues particular to the extension • Among the current security solutions supported by SIP, S/MIME is currently the only method that provides integrity and authentication Questions?

More Related