150 likes | 264 Views
SIP Handover Extension -security issues and possible solutions. Elin Sundby Boysen Lars Strand Norwegian Defence Research Establishment (FFI) Norwegian Computing Center (NR) University Graduate Center (UNIK) November 24, 2009.
E N D
SIP Handover Extension -security issues and possible solutions Elin Sundby Boysen Lars Strand Norwegian Defence Research Establishment (FFI) Norwegian Computing Center (NR) University Graduate Center (UNIK) November 24, 2009
This presentation will introduce the SIP Handover Extension and discuss some security issues • Introduction to SIP • Session handover using the SIP Handover Extension • Security issues
People are connected through voice and data,everywhere, all the time
SIP is an application-layer protocol used to set up, modify and terminate sessions 100 Trying 180 Ringing 200 OK ACK RTP / RTCP BYE 200 OK INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds Max-Forwards: 70 To: Bob <sip:bob@biloxi.com> From: Alice <sip:alice@atlanta.com>;tag=1928301774 Call-ID: a84b4c76e66710@pc33.atlanta.com CSeq: 314159 INVITE Contact: <sip:alice@pc33.atlanta.com> Content-Type: application/sdp Content-Length: 142 INVITE
The handover time is too long, resulting in poor user experience
The handover time is too long, resulting in poor user experience
The suggested SIP extension—the Handover Extension–will eliminate packet loss during handover 7
The SIP Handover Extension with various degrees of help from an intermediary node in the MN’s home network 8
The SIP Handover Extension with various degrees of help from an intermediary node in the MN’s home network 9
The SIP Handover Extension with various degrees of help from an intermediary node in the MN’s home network 10
The main security issue introduced by the Handover Extension is forged Handover INVITE-messages INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds Max-Forwards: 70 To: Bob <sip:bob@biloxi.com> From: Alice <sip:alice@atlanta.com>;tag=1928301774 Call-ID: a84b4c76e66710@pc33.atlanta.com Handover: Call-Id=33d9f110cdb0@193.156.96.196; To-tag=5f7b910a; From-tag=as14ff55c1 CSeq: 314159 INVITE Contact: <sip:alice@pc33.atlanta.com> Content-Type: application/sdp Content-Length: 142
The main security issue introduced by the Handover Extension is forged Handover INVITE-messages
The main security issue introduced by the Handover Extension is forged Handover INVITE-messages
SIP already supports different types of security mechanisms. • Hop-by Hop security between proxies • SIPS, TLS and IPSec • Authentication using Digest Access Authentication (DAA) • Requires re-sending messages. • Authentication and intergrity • using S/MIME • Hides vital headers. Shows headers needed in proxies.
In summary, we propose the SIP Handover Extension to support seamless handover in heterogeneous networks • We have looked at security issues particular to the extension • Among the current security solutions supported by SIP, S/MIME is currently the only method that provides integrity and authentication Questions?