Добавил:
Upload Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
understanding-SIP.pdf
Скачиваний:
115
Добавлен:
01.03.2016
Размер:
3.99 Mб
Скачать

312

SIP: Understanding the Session Initiation Protocol

A man in the middle (MitM) attack is when an attacker is in the middle of communications between two parties and is able to modify any message, delete any message, and inject any message into the communication. A MitM attack is difficult to launch, although it is possible if an attacker has control of a router or wireless hub that packets are routing through. A MitM attacker can introduce false messages, change parts of messages, and introduce new messages into the session. A MitM attacker can usually prevent communication from taking place, and can hijack or misdirect communication.

Theft of service is when an attacker uses resources that would normally be chargeable or have limitations. For example, calls to a PSTN gateway usually involve changes, so an attacker presenting false authentication credentials to place calls to the PSTN is a theft of service attack.

Eavesdropping is an attack that involves monitoring or listening in to a session. This could be the signaling, indicating who is communicating with whom, or it could be the actual conversation itself. As such, this can be a signaling (SIP) or media (RTP) attack. Impersonation is pretending to be someone else in a communication. An attacker could pretend to be either a SIP user or a server, depending on the attack. DNS poisoning is when an attacker modifies or gives false DNS records for the purpose of disrupting communications. Credential theft is when an attacker steals the credentials of a user. These credentials could then be used in an impersonation attack or theft of service attack, for example. Redirection or hijacking is when an attacker redirects a call or session. Session disruption is when an attacker attempts to disrupt a session by injecting false or misleading packets or messages. A replay attack is when an attacker stores and then resends valid packets or messages in a session in an attempt to disrupt a session.

Most of these threats apply regardless of whether SIP is used to establish a session or to exchange presence or instant messaging information. The next section will introduce some security protocols that SIP can use to protect against these threats.

14.3 Security Protocols

This section will cover common security protocols including IPSec, TLS, DNSSec, and S/MIME.

14.3.1 IPSec

IPSec or IP security [12] is a protocol that operates at the IP layer of the protocol stack. As a result, it works with any transport protocol above it in the protocol stack, such as TCP and UDP, and protocols such as SIP and RTP run over it without any changes. In general, an IPSec session needs to be established between hosts on the Internet. Sometimes, this session is called a virtual private

SIP Security

313

network or VPN. IPSec can provide just authentication and integrity protection, or confidentiality and authentication. Key management can be a difficult issue with IPSec since it needs symmetric keys in both hosts. IPSec is commonly used between hosts or between gateways where there is significant traffic exchanged. For example, it is commonly used between an enterprise and a service provider, or between enterprise locations. The fact that a single IPSec VPN tunnel can protect both SIP signaling and RTP media for multiple sessions and users is a distinct advantage. However, for general SIP communications, which might go to multiple hosts, establishing multiple VPNs to all hosts prior to sending SIP or RTP is difficult. Also, since IPSec is commonly done in the OS or kernel layer, SIP and other applications often are unaware if they are riding on top of IPSec or if IPSec has been disabled or failed to be setup. As a result, there are advantages for security at layers above the IP layer, as in the next protocol.

14.3.2 TLS

Transmission layer security (TLS) [13] is a security protocol that operates at a shim layer between the application layer and the TCP transport layer. The current version of TLS is 1.1, although versions 1.0 [14] and earlier versions, known as secure sockets layer (SSL), are also sometimes used. TLS provides confidentiality, authentication, and integrity protection. Because it operates above the transport layer, applications, such as SIP, are aware of whether a connection has been successfully secured with TLS or not. TLS is widely used on the Internet today for secure Web browsing. TLS is actually two protocols, one being a handshake protocol used to setup connections, perform authentication, and generate a shared secret. The other protocol is the transport protocol, which uses the shared secret for bulk data encryption. The handshake protocol usually uses digital certificates for authentication while the transport protocol uses a symmetric cipher such as AES or 3DES to encrypt the data. TLS is often used to secure SIP on a hop by hop basis, as will be described in Section 14.4.2. Datagram TLS or DTLS [15] is a version of TLS that uses UDP transport and may be used to secure SIP in the future.

14.3.3 DNSSec

DNS security (DNSSec) [16] is a security protocol, which provides authentication and integrity to DNS queries. DNSSec adds four new resource records listed in Table 14.1. Today, nearly all users of DNS employ it without any security, and must trust DNS servers to give correct answers to queries. In the future when resolvers and servers support DNSSec, a user of DNS will be able to validate responses received. However, DNSSec only works if the entire DNS hierarchy is signed, which represents a significant deployment hurdle. So far, DNSSec is only used in limited environments.

Соседние файлы в предмете [НЕСОРТИРОВАННОЕ]