An INVITE message typically carries a description of the session parameters. When the recipient accepts the request and the initiator is notified, the actual data flow begins, usually taking a path other than the one taken by the SIP signaling messages. A SIP user registers with the SIP register to indicate its presence in the network and its willingness to receive incoming session initiation requests from other users.Ī typical session in SIP begins with a user sending an INVITE message to a peer through SIP proxies. However, an IP address is associated with the user in order to route SIP signaling from the SIP register. In SIP, each user is uniquely identified by an SIP universal resource indicator, which is used as the identifier to address the called user when the sending session initiation requests.
SIP specifications define an architecture of user agents and servers (proxy server, redirect server, register) that support communications between SIP peers through user tracking, call routing, and so on. SIP is used for provisioning services in IP-based mobile networks. Garg, in Wireless Communications & Networking, 2007 14.6.2 Session Initiation Protocol (SIP) This leaves the voice streams open for eavesdropping, modification, and spoofing. In addition, hardly any currently deployed VoIP services uses SRTP to protect the voice streams between the VoIP phones and the VoIP servers. These enable the adversary to modify, spoof many SIP messages and their fields without being detected. Most currently deployed SIP-based VoIP services (e.g., Vonage, AT&T) only authenticate selected SIP messages from the UAC (i.e., SIP phone) to the SIP server, and leave all the SIP messages from the SIP server to the UAC unprotected.Īlthough SIP specification suggests using TLS or IPsec to protect the SIP messages and the VoIP streams between the VoIP phones and the VoIP servers, hardly any currently deployed VoIP services (e.g., Vonage, AT&T) uses TLS or IPsec. This leaves all other fields such From, To unprotected.
SIP authentication only protects three fields of those protected SIP messages: request-URI, username, and realm. This allows the adversary to freely modify and forge those unprotected SIP messages (e.g., ACK, CANCEL, OPTION) without being detected. SIP authentication only applies to three SIP request messages INVITE, BYE, and REGISTER, and leaves other SIP messages unprotected.
#Sip definition electronic records full
However, SIP authentication does not provide full integrity protection of SIP messages. Existing SIP authentication is based on HTTP digest.
0 kommentar(er)
