Download PPT_692430025

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts
no text concepts found
Transcript 
SIP Security Issues: The SIP
Authentication Procedure and
its Processing Load
Stefano Salsano, DIE — Università di Roma “Tor
Vergata”
Luca Veltri, and Donald Papalilo, CoRiTeL —
Research Consortium in Telecommunications
IEEE Network • November/December 2002
通訊所 研一 黃清富
Outline
 Security Mechanisms in SIP
 The Authentication Procedure in SIP
 An Example Scenario of a SIP-Based IP
Telephony Service
 Methodology for the Evaluation of
Processing Cost and Experimental
Results
 Conclusions
 References
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
2
SIP Basic Call Flow
INVITE F1
100 Trying F3
180 Ringing F8
200 OK F11
INVITE F2
100 Trying F5
INVITE F4
180 Ringing F7
180 Ringing F6
200 OK F9
200 OK F10
ACK F12
Media Session
BYE F13
200 OK F14
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
3
Security Mechanisms in SIP
 Two reasons for securing SIP header and body
 Security in SIP
 End-to-end versus hop-by-hop
 Caller and/or callee versus two SIP entities
 SIP protocol versus TLS or IPsec
 Tow main security mechanisms
 Authentication
 To prevent attackers from modifying and/or
replaying SIP requests and responses
 Encryption
 To ensure confidentiality
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
4
Security Mechanisms in SIP (cont.)
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
5
Security Mechanisms in SIP (cont.)
 Types of attacks
 Snooping
 Modification attacks
 DoS (denial of service)
 Spoofing
 SIP prone to DoS attacks
 e.g., flooding
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
6
The Authentication Procedure is SIP
CLIENT
SERVER
REQUEST
Generate the
nonce value
CHALLENGE
nonce, realm
Compute response=
= F( nonce, username, password, realm)
REQUEST
nonce, realm
username, response
Authentication: compute
F( nonce, username, password, realm)
And compare with response
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
7
The Authentication Procedure is SIP
(cont.)
User agent
Client (UAC)
Proxy
server
Proxy
server
User agent
server (UAS)
INVITE
407 proxy authentication
Required ( nonce, …)
Authentication
ACK
INVITE
( nonce, …, response)
180 ringing
INVITE
180 ringing
INVITE
180 ringing
200 OK
200 OK
200 OK
ACK
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
8
An Example Scenario of a SIP-Based
IP Telephony Service
Proxy-to-proxy
authentication
ITSP (Internet telephony
service provider) provides
gateway and delivers calls
to the PSTN.
Proxy
authentication
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
9
Methodology for the Evaluation of
Processing Cost and Experimental Results
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
10
Methodology for the Evaluation of Processing
Cost and Experimental Results (cont.)
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
11
Methodology for the Evaluation of Processing
Cost and Experimental Results (cont.)
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
12
Methodology for the Evaluation of Processing
Cost and Experimental Results (cont.)
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
13
Conclusions
 The authentication procedure, based on
HTTP Digest authentication, is described.
 The performance aspects of SIP
authentication are considered with a
pure experimental approach.
 The processing costs of different
security procedures/scenarios are
compared.
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
14
References
 “SIP Security Issues: The SIP
Authentication Procedure and Processing
Load,” IEEE Network, Nov/Dec 2002.
 “SIP: Session Initiation Protocol,” IETF
RFC 3261,June 2002.
 “HTTP Authentication: Basic and Digest
Access Authentication,” IETF RFC 2617,
June 1999.
2003/12/08
SIP Security Issues: The SIP Authentication Procedure and its Processing Load
15
Related documents
Presentazione Tesi - Software Engineering Research Group
Presentazione Tesi - Software Engineering Research Group
Intro prakt NGN - Politeknik Elektronika Negeri Surabaya
Intro prakt NGN - Politeknik Elektronika Negeri Surabaya
Network Security
Network Security
Pierluigi Checchi | LinkedIn
Pierluigi Checchi | LinkedIn
Distributed Generation Control Methodologies and Network
Distributed Generation Control Methodologies and Network
Control-based Quality Adaptation in Data Stream Management
Control-based Quality Adaptation in Data Stream Management
SystempaK (Digital/Single Case) Single
SystempaK (Digital/Single Case) Single
SystempaK (Digital/Single Case) Dual Input Arithmetic Relay Module
SystempaK (Digital/Single Case) Dual Input Arithmetic Relay Module
V out - UniMAP Portal
V out - UniMAP Portal
Chapter 31: AC Circuits
Chapter 31: AC Circuits