1 / 14

SIP

SIP. Greg Nelson Duc Pham. SIP Introduction. Application-layer (signaling) control protocol for initiating a session among users Registrations, invitations, acceptations, and disconnections. SIP Diagram. A. Proxy. Proxy. B. ……. ……. ……. (Registrar local services). Register. Register.

zoie
Télécharger la présentation

SIP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIP Greg Nelson Duc Pham

  2. SIP Introduction • Application-layer (signaling) control protocol for initiating a session among users • Registrations, invitations, acceptations, and disconnections

  3. SIP Diagram A Proxy Proxy B ……. ……. ……. (Registrar local services) Register Register 200 Ok 200 Ok Invite Invite 100 Trying Invite 100 Trying 180 Ringing 180 Ringing 180 Ringing 200 Ok 200 Ok 200 Ok Ack Media Session Bye 200 Ok

  4. SIP Acronyms • UAC: a user agent client making requests. • UAS: a user agent server responding to the requests (the roles of UAC and UAS are logical entities) • SS: flexibly preferred to any middle servers: registrar, proxy servers

  5. SIP Vulnerabilities • Proxy Impersonation • Message Tampering • Session Teardown • Spoofed BYEs • Denial of Service • Malformed packets • REGISTER and INVITE flooding • Registration Hijacking

  6. SIP Security • Registration hijacking • Authenticate originators of requests • Proxy impersonation • Authenticate servers • Message tampering • Secure body and certain headers end-to-end • Session teardown • Authenticate sender of BYE • Confidentiality so attacker can’t learn To, From tags • Denial of Service • Authenticate and authorize registrations

  7. Objectives • Use AVISPA to model basic protocol. • Model SIP URI registration and look for registration hijack attacks. • Model interdomain session setup and look for message tampering and proxy impersonation attacks. • Add proxy-to-proxy authentication and secrecy (TLS) to model. • Discuss other vulnerabilities that we weren’t able to model.

  8. SIP Model (1) Simplified message formats: • REGISTER <Domain> <To> <From> <Contact(device)> • OK <To> <From> • INVITE <To> <From><Via><Content> • BYE <To> <From> • ACK <To> <From>

  9. SIP Model (2) • Register: UAC -> SS: {sipregister.Ns} SS -> UAC: {sipok} • Invite, connect, bye: UAC -> SS: {sipinvite.UAC.UAS.{Ni}} SS -> UAS: {sipinvite.UAC.UAS.SS.{Ni}} UAS -> SS: {sipok.UAS.UAC.SS.{Nj}} SS -> UAC: {sipok.UAS.UAC.{Nj}} UAC -> UAS: {sipack.UAC.UAS} UAC -> UAS: {sipbye.UAS.UAC} UAS -> UAC: {sipok.UAC.UAS}

  10. Discussion --- Authentication • Server Authentication: using TLS: server offers a certificate to the UA, preventing proxy impersonating • User Authentication: using HTTP digest: server challenges a user with a 401 Proxy Authentication, preventing registration hijacking

  11. Discussion --- Interdomain Authentication • Trust relationship needed: client-server, server-server UAC <-> SS <-> UAS UAC <-> SS <-> Evil UAC <-> SS <-> SS <->Evil • More infrastructures required for absolute interdomain authentication: signature verifications, voice recognitions

  12. Discussion --- Message Secrecy • Mechanisms that rely on existence of end-user certificates are seriously limited (S/MIME). • May use self-signed certificates • Susceptible to obvious MITM attack, but… • Attacker can only exploit on initial key exchange. • Difficult for attacker to remain in path of all future dialogs. • Same vulnerability in SSH => key fingerprints. • For VoIP, users could read off key fingerprint. • Or, use preconfigured certificates when there is an established trust between all SIP entities.

  13. Discussion --- DoS Attacks • Floods of messages directed at proxies can lock up resources on the server. • UAs and proxies should challenge questionable requests. • Mutual authentication of proxies (TLS) • Reduces potential for intermediaries to introduce falsified requests or responses. • Harder for attackers to make innocent SIP nodes into agents of amplification.

  14. Conclusions • AVISPA is easy to use, but difficult to model something besides secrecy and authentication, such as DoS. • Registration hijacks are easy to prevent with server authentication (TLS). • TLS prevents MITM, but does nothing if proxy is evil; need end-to-end encryption. • Simple protocol becomes very complex when addressing vulnerabilities.

More Related