While the standards and products for VoIP and SIP services have reached market maturity, security and regulatory aspects of such services are still being discussed. SIP itself specifies only a basic set of security mechanisms that cover a subset of possible security issues. In this book, the authors survey important aspects of securing SIP–based services. This encompasses a description of the problems themselves and the standards–based solutions for such problems. Where a standards–based solution has not been defined, the alternatives are discussed and the benefits and constraints of the different solutions are highlighted.
SJP Security will be of interest of IT staff involved in deploying and developing VoIP, service users of SIP, network engineers, designers and managers. Advanced undergraduate and graduate students studying data/voice/multimedia communications as well as researchers in academia and industry will also find this book valuable.
- Will help the readers to understand the actual problems of using and developing VoIP services, and to distinguish between real problems and the general hype of VoIP security
- Discusses key aspects of SIP security including authentication, integrity, confidentiality, non–repudiation and signalling
- Assesses the real security issues facing users of SIP, and details the latest theoretical and practical solutions to SIP Security issues
- Covers secure SIP access, inter–provider secure communication, media security, security of the IMS infrastructures as well as VoIP services vulnerabilities and countermeasures against Denial–of–Service attacks and VoIP spam
About the Authors.
2 Introduction to Cryptographic Mechanisms.
2.1 Cryptographic Algorithms.
2.2 Secure Channel Establishment.
2.3 Authentication in 3GPP Networks.
2.4 Security Mechanisms Threats and Vulnerabilities.
3 Introduction to SIP.
3.1 What is SIP, Why Should we Bother About it and What are Competing Technologies?
3.2 SIP: the Common Scenarios.
3.3 Introduction to SIP Operation: the SIP Trapezoid.
3.4 SIP Components.
3.5 Addressing in SIP.
3.6 SIP Message Elements.
3.7 SIP Dialogs and Transactions.
3.8 SIP Request Routing.
3.9 Authentication, Authorization, Accounting.
3.10 SIP and Middleboxes.
3.11 Other Parts of the SIP Eco–system.
3.12 SIP Protocol Design and Lessons Learned.
4 Introduction to IMS.
4.1 SIP in IMS.
4.2 General Architecture.
4.3 Session Control and Establishment in IMS.
5 Secure Access and Interworking in IMS.
5.1 Access Security in IMS.
5.2 Network Security in IMS.
6 User Identity in SIP.
6.1 Identity Theft.
6.2 Identity Authentication using S/MIME.
6.3 Identity Authentication in Trusted Environments.
6.4 Strong Authenticated Identity.
6.5 Identity Theft Despite Strong Identity.
6.6 User Privacy and Anonymity.
6.7 Subscription Theft.
6.8 Fraud and SIP.
7 Media Security.
7.1 The Real–time Transport Protocol.
7.2 Secure RTP.
7.3 Key Exchange.
8 Denial–of–service Attacks on VoIP and IMS Services.
8.2 General Classification of Denial–of–service Attacks.
8.3 Bandwidth Consumption and Denial–of–service Attacks on SIP Services.
8.4 Bandwidth Depletion Attacks.
8.5 Memory Depletion Attacks.
8.6 CPU Depletion Attacks.
8.7 Misuse Attacks.
8.8 Distributed Denial–of–service Attacks.
8.9 Unintentional Attacks.
8.10 Address Resolution–related Attacks.
8.11 Attacking the VoIP Subscriber Database.
8.12 Denial–of–service Attacks in IMS Networks.
8.13 DoS Detection and Protection Mechanisms.
8.14 Detection of DoS Attacks.
8.15 Reacting to DoS Attacks.
8.16 Preventing DoS Attacks.
8.17 DDoS Signature Specification.
9 SPAM over IP Telephony.
9.2 Spam Over SIP: Types and Applicability.
9.3 Why is SIP Good for Spam?
9.4 Legal Side of Unsolicited Communication.
9.5 Fighting Unsolicited Communication.
9.6 General Antispam Framework.