1. Trang chủ
  2. » Tất cả

SIP Security

355 3 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 355
Dung lượng 3,54 MB

Nội dung

SIP SECURITY Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne A John Wiley and Sons, Ltd., Publication SIP SECURITY SIP SECURITY Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne A John Wiley and Sons, Ltd., Publication This edition first published 2009  2009, John Wiley & Sons Ltd., Registered office John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com The right of the author to be identified as the author of this work has been asserted in accordance with the Copyright, Designs and Patents Act 1988 All rights reserved No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books Designations used by companies to distinguish their products are often claimed as trademarks All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners The publisher is not associated with any product or vendor mentioned in this book This publication is designed to provide accurate and authoritative information in regard to the subject matter covered It is sold on the understanding that the publisher is not engaged in rendering professional services If professional advice or other expert assistance is required, the services of a competent professional should be sought Library of Congress Cataloging-in-Publication Data: SIP security / Dorgham Sisalem [et al.] p cm Includes bibliographical references and index ISBN 978-0-470-51636-2 (cloth) Computer networks–Security measures Session Initiation Protocol (Computer network protocol) I Sisalem, Dorgham TK5105.59.S564 2009 005.8– dc22 2008053852 A catalogue record for this book is available from the British Library ISBN 978-0-470-51636-2 (H/B) Typeset in 10/12pt Times by Laserwords Private Limited, Chennai, India Printed and bound in Great Britain by Antony Rowe, Chippenham, UK Contents Foreword About the Authors Acknowledgment xi xiii xv Introduction 2.1 Introduction to Cryptographic Mechanisms Cryptographic Algorithms 2.1.1 Symmetric Key Cryptography 2.1.2 Public Key Cryptography 2.1.3 Key-less Cryptographic Functions Secure Channel Establishment 2.2.1 IP Layer Security 2.2.2 Application Layer Security Authentication in 3GPP Networks 2.3.1 AKA Authentication Vectors 2.3.2 AKA Mutual Authentication 2.3.3 AKA Resynchronization Security Mechanisms Threats and Vulnerabilities 6 11 20 21 22 28 32 35 37 37 38 Introduction to SIP What is SIP, Why Should we Bother About it and What are Competing Technologies? SIP: the Common Scenarios Introduction to SIP Operation: the SIP Trapezoid SIP Components 3.4.1 User Agent 3.4.2 Registrar 3.4.3 Redirect Server 3.4.4 Proxy 3.4.5 Real-world Servers Addressing in SIP 43 2.2 2.3 2.4 3.1 3.2 3.3 3.4 3.5 44 46 49 51 51 53 55 55 58 60 vi 3.6 3.7 3.8 3.9 3.10 3.11 3.12 4.1 4.2 4.3 5.1 5.2 Contents SIP Message Elements 3.6.1 Who are you Calling? 3.6.2 Who is Calling You? 3.6.3 How to Route SIP Traffic 3.6.4 Even More Header-fields 3.6.5 SIP Message Body 3.6.6 SIP Methods SIP Dialogs and Transactions SIP Request Routing 3.8.1 User Location Routing 3.8.2 User-provisioned Routing 3.8.3 ENUM: Public Phone Number Directory 3.8.4 Interdomain Routing: DNS 3.8.5 Routing Tables Authentication, Authorization, Accounting 3.9.1 User Authentication in SIP 3.9.2 Authorization Policies 3.9.3 Accounting SIP and Middleboxes Other Parts of the SIP Eco-system SIP Protocol Design and Lessons Learned 62 63 63 66 67 67 68 68 73 74 74 75 75 76 76 77 83 86 86 89 89 Introduction to IMS SIP in IMS 4.1.1 Quality of Service Control 4.1.2 Support for Roaming 4.1.3 Security 4.1.4 Efficient Resource Usage General Architecture 4.2.1 Subscriber and User Equipment 4.2.2 Signaling Components 4.2.3 Interworking Components 4.2.4 QoS-related Components 4.2.5 Application and Service Provisioning-related Components 4.2.6 Database-related Components Session Control and Establishment in IMS 4.3.1 UE Registration in IMS 4.3.2 Session Establishment in IMS 93 93 94 94 95 95 98 99 102 106 109 111 111 112 112 114 Secure Access and Interworking in IMS Access Security in IMS 5.1.1 IMS AKA Access Security 5.1.2 Access-bundled Authentication 5.1.3 HTTP Digest-based Access Security 5.1.4 Authentication Mechanism Selection Network Security in IMS 123 123 123 133 136 140 141 Contents 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 7.1 7.2 7.3 8.1 8.2 8.3 8.4 8.5 8.6 8.7 vii User Identity in SIP Identity Theft Identity Authentication using S/MIME 6.2.1 Providing Encryption with S/MIME 6.2.2 Providing Integrity and Authentication with S/MIME Identity Authentication in Trusted Environments Strong Authenticated Identity Identity Theft Despite Strong Identity User Privacy and Anonymity 6.6.1 User-provided Privacy 6.6.2 Network-provided Privacy Subscription Theft Fraud and SIP 6.8.1 Theft of SIP Services 145 145 147 148 150 150 153 158 161 162 163 165 168 169 Media Security The Real-time Transport Protocol Secure RTP 7.2.1 The SRTP Cryptographic Context 7.2.2 The SRTP Payload Structure 7.2.3 Sequence Numbering 7.2.4 The Key Derivation Procedure 7.2.5 The SRTP Interaction with Forward Error Correction Key Exchange 7.3.1 SDP Security Descriptions for Media Streams 7.3.2 Multimedia Internet Keying 7.3.3 ZRTP 7.3.4 DTLS-SRTP 7.3.5 The Capability Negotiation Framework 7.3.6 Summary 173 174 175 177 179 181 181 183 184 187 191 202 214 219 221 Denial-of-service Attacks on VoIP and IMS Services Introduction General Classification of Denial-of-service Attacks Bandwidth Consumption and Denial-of-service Attacks on SIP Services Bandwidth Depletion Attacks Memory Depletion Attacks 8.5.1 General Memory Depletion Attacks 8.5.2 Memory Depletion Attacks on SIP Services CPU Depletion Attacks 8.6.1 Message parsing 8.6.2 Security checks 8.6.3 Application execution Misuse Attacks 8.7.1 TCP/IP Protocol Deviation Attacks 8.7.2 Buffer Overflow Attacks 225 225 229 230 233 234 234 235 243 244 245 245 246 246 247 .. .SIP SECURITY Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne A John Wiley and Sons, Ltd., Publication SIP SECURITY SIP SECURITY Dorgham Sisalem... Introduction to SIP What is SIP, Why Should we Bother About it and What are Competing Technologies? SIP: the Common Scenarios Introduction to SIP Operation: the SIP Trapezoid SIP Components 3.4.1... 3.6.2 Who is Calling You? 3.6.3 How to Route SIP Traffic 3.6.4 Even More Header-fields 3.6.5 SIP Message Body 3.6.6 SIP Methods SIP Dialogs and Transactions SIP Request Routing 3.8.1 User Location Routing

Ngày đăng: 04/11/2019, 08:28

TỪ KHÓA LIÊN QUAN

w