Ensuring Information Confidentiality and Securing SIP

Messages

By:

Versha Thakur

Shravani Aishwarya

Sai Kamal

PROJECT PRESENTATION ON

INTRODUCTION

The Session Initiation Protocol (SIP) is a simple text-based protocol that is easy to understand.

SIP has four major functions:

a) Locate and end-point,

b) Initiate a signal,

c) Ensure compatibility and start a session,

d) Terminate the session

CONTD…With SIP you have to solve five major problems:

Caller-I.D

Called Party I.D

Media Privacy

Media Authentication

Signaling Confidentiality

SIP SECURITY ISSUES

There is no way of asserting that the calling party is an authenticated user/peer on the network.

To understand the security detail & to suggest a better deployment technique.

TRANSPORT LAYER SECURITY (TLS)

Provides communication security over Internet.

Session key used to encrypt data flowing between parties.

Property : Forward Secrecy

TLS is successor of SSL(Secure Socket Layer).

PROBLEMS FACED Library that asterisk requires to use TLS is not

there.

Old version of open SSL

SIP registers work but secure TLS need to be secure with asterisk

“Polycom” version of TLS could be outdated, compared to astersik- required new phones.

SSL on phone & server are incompatible.

CONCLUSION

Whether or not all methods have been used.

Few VoIP service providers use these techniques.

No permanent reduction of the effects of SIP hacks & security related problems.

SIP can revolutionize the VoIP industry now with the advent of VoLTE.

But only if the security, media privacy and authentication issues are addressed and solved.

REFERENCES

http://it.med.miami.edu/x904.xml

http://www.tekelec.com/tekelec-blog/index.php/2010/06/sip-and-secure-communication-what-does-it-mean/#.Uo4vin9N-vU