By: Versha Thakur Shravani Aishwarya Sai Kamal. The Session Initiation Protocol (SIP) is a simple...
-
Upload
stewart-boyd -
Category
Documents
-
view
216 -
download
1
Transcript of By: Versha Thakur Shravani Aishwarya Sai Kamal. The Session Initiation Protocol (SIP) is a simple...
Ensuring Information Confidentiality and Securing SIP
Messages
By:
Versha Thakur
Shravani Aishwarya
Sai Kamal
PROJECT PRESENTATION ON
INTRODUCTION
The Session Initiation Protocol (SIP) is a simple text-based protocol that is easy to understand.
SIP has four major functions:
a) Locate and end-point,
b) Initiate a signal,
c) Ensure compatibility and start a session,
d) Terminate the session
CONTD…With SIP you have to solve five major problems:
Caller-I.D
Called Party I.D
Media Privacy
Media Authentication
Signaling Confidentiality
SIP SECURITY ISSUES
There is no way of asserting that the calling party is an authenticated user/peer on the network.
To understand the security detail & to suggest a better deployment technique.
TRANSPORT LAYER SECURITY (TLS)
Provides communication security over Internet.
Session key used to encrypt data flowing between parties.
Property : Forward Secrecy
TLS is successor of SSL(Secure Socket Layer).
PROBLEMS FACED Library that asterisk requires to use TLS is not
there.
Old version of open SSL
SIP registers work but secure TLS need to be secure with asterisk
“Polycom” version of TLS could be outdated, compared to astersik- required new phones.
SSL on phone & server are incompatible.
CONCLUSION
Whether or not all methods have been used.
Few VoIP service providers use these techniques.
No permanent reduction of the effects of SIP hacks & security related problems.
SIP can revolutionize the VoIP industry now with the advent of VoLTE.
But only if the security, media privacy and authentication issues are addressed and solved.
REFERENCES
http://it.med.miami.edu/x904.xml
http://www.tekelec.com/tekelec-blog/index.php/2010/06/sip-and-secure-communication-what-does-it-mean/#.Uo4vin9N-vU