Posts Tagged: SIP

TLS, Transport Layer Security, is the IETF standard for TCP session security, based on Netscape’s old SSL technology. TLS delivers both confidentiality to a TCP session and authentication of the server and the client (if requested). TLS is used in the Session Initiation Protocol, SIP, for signalling protection and/or authentication on a hop by hop basis.

When opening up your SIP services to the Internet, you face the same issues as with other protocols, like e-mail (SMTP). We have already seen many types of SIP attacks, mostly simple attacks targeting weak usernames and passwords used by SIP system administrators. If authentication succeeds – or if it’s not used at all – the SIP service is used for placing expensive International calls.

There are many proposals out there on how to set up trusted federations between SIP services. The simplest way forward is to use TLS. Only accept connections protected by TLS, using a well known certificate authority you trust. Could be your own, a commercial CA or a free CA that you trust. That way, you can always find the other party and you can easily block if there is misuse. And you will get rid of a lot of misuse attempts, because if there’s one thing they don’t want, it’s traceability.

The usage of TLS in SIP is not well understood. The original SIP RFC was not very clear in the use of TLS, something which has been clarified later. We have run trainings on SIPit a few times and started automated self-tests of TLS and SIP. We will continue these efforts in order to educate developers and get better implementations, as well as to run tests the new RFCs on the use of TLS in SIP.

This is only one area of all where participation in SIPit helps you improve your product. Register for SIPit today!

Related posts

• SIPit 26 summary
• SIP and the Stream Control Transport Protocol (SCTP)
• SIP :: The Session Initiation Protocol
• Ingate Systems
• Discover SIP!

Cristian Constantin has written a good overview of issues with SIP over UDP, TCP and SCTP on the Tekelec “SIP Sessions” blog. SCTP is a new transport that has been testing during many SIPits and will be tested by participants during SIPit 26 in Stockholm.  Cristian writes:

“SCTP can be considered the Swiss army knife of transport protocols. It basically offers combined features of both UDP and TCP. UDP-like features are: message boundary preservation, unordered message delivery, one-to-many sockets at the application level. Among TCP-like features: positive (selective) acknowledgment, retransmission of lost data, windowed flow control, congestion control, one-to-one sockets at the application level.”

[...]

“SCTP is a relatively newcomer in the transport protocols ecosystem. The SCTP socket API is a moving target still under development. Due to novelty, the level of complexity of some of the SCTP stack implementations is inversely proportional with the time spent on testing them; sometimes their performance in terms of throughput is not on a par with the one offered by TCP.”

Read the whole article on the SIP Sessions blog.

Related posts

• SIP :: The Session Initiation Protocol
• Identify your SIP Internet peers – use TLS authentication!
• Discover SIP!

In this category, you can find a number of pages with short introductions to SIP and related technology. Check the links on the right hand side of this page!

Related posts

• SRTP – Secure RTP
• SIP and the Stream Control Transport Protocol (SCTP)
• SIP :: The Session Initiation Protocol
• SIMPLE :: IM and Presence
• Identify your SIP Internet peers – use TLS authentication!

SIP, the Session Initiation Protocol, is the IETF platform for realtime communication. The SIP specification,  RFC 3261, decribes it this way:

This document describes Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences.

The primary application for SIP so far has been Voice over IP or IP Telephony. SIP is however not designed with this as the most important application in mind. It’s a general purpose protocol for locating participants and inviting them to a session of any kind – audio, video, text, gaming, application sharing, presentations. Telephony is just one of the applications.

During the years, SIP has attracted more and more interest from the IP Telephony space and has become the primary platform for IP telephony systems. This has lead to a number of extensions to SIP to make it an even better solution for IP telephony while making the implementations less of a general purpose platform. Many SIP networks are not prepared for other applications, like presence, instant messaging, application sharing or gaming.

The amount of documentation on SIP and SIP-related solutions in the IETF is overwhelming. In addition to this, the 3GPP consortium and the PacketCable group has their own set of implementation guidelines for their recommended platforms. Jonathan Rosenberg has produced a good introduction to the IETF documentation in the document named “The Hitch-Hikers guide to SIP“.

Related posts

• SIP and the Stream Control Transport Protocol (SCTP)
• Identify your SIP Internet peers – use TLS authentication!
• Discover SIP!