SIP Security / Edition 1 available in Hardcover
- Pub. Date:
This book gives a detailed overview of SIP specific securityissues and how to solve them
While the standards and products for VoIP and SIP services havereached market maturity, security and regulatory aspects of suchservices are still being discussed. SIP itself specifies only abasic set of security mechanisms that cover a subset of possiblesecurity issues. In this book, the authors survey important aspectsof securing SIP-based services. This encompasses a description ofthe problems themselves and the standards-based solutions for suchproblems. Where a standards-based solution has not been defined,the alternatives are discussed and the benefits and constraints ofthe different solutions are highlighted.
- Will help the readers to understand the actual problems ofusing and developing VoIP services, and to distinguish between realproblems and the general hype of VoIP security
- Discusses key aspects of SIP security includingauthentication, integrity, confidentiality, non-repudiation andsignalling
- Assesses the real security issues facing users of SIP, anddetails the latest theoretical and practical solutions to SIPSecurity issues
- Covers secure SIP access, inter-provider secure communication,media security, security of the IMS infrastructures as well as VoIPservices vulnerabilities and countermeasures againstDenial-of-Service attacks and VoIP spam
This book will be of interest to IT staff involved in deployingand developing VoIP, service users of SIP, network engineers,designers and managers. Advanced undergraduate and graduatestudents studying data/voice/multimedia communications as well asresearchers in academia and industry will also find this bookvaluable.
|Product dimensions:||6.80(w) x 9.80(h) x 0.90(d)|
About the Author
Dr. Dorgham Sisalem received his M.Eng. and Ph.D. from theTechnical University of Berlin in 1995 and 2000 respectively. Heworked at the Fraunhofer Institute Fokus, Berlin, as researcher,later as head of department, and was involved in implementing andrealizing the first SIP based conferencing system in 1998. He wasfurther involved in the development of the SIP Express Router (SER)which is currently the most widely used open source SIP proxy. In2003, he co-founded iptelorg which offered SIP-based VoIP solutionsto ISPs and telecommunication providers until it was acquired byTekelec in 2005. In the same year, Dorgham Sisalem joined Tekelecas Director of Strategic Architecture with main involvement in IMSsecurity issues. He is a part time lecturer at the TechnicalUniversity of Berlin and has more than 100 publications includinginternational conferences and journals.
Dr. John Floroiu graduated from the Polytechnic University ofBucharest, Romania in 1993 where he continued to work as a teachingassistant and received his Ph.D. in 1999. He joined the FraunhoferInstitute Fokus, Berlin in 1999 where he participated innumerous research and industry projects. His interests coveredvarious fields including mobility, security and quality of servicein IP networks, and later was involved with multimedia servicearchitectures. Currently with Tekelec, John Floroiu works oncrafting the architectures and products for the next generation ofcommunication systems.
Jiri Kuthan is Assistant Vice-President for engineering withTekelec. In this capacity, Jiri forms the company’stechnological strategy for all-IP-based networks, and leads twoR&D teams. Jiri’s career began in 1998 with a researchposition at Fraunhofer Institute Fokus, a renowned researchinstitute in Berlin, Germany. His early work in the VoIP andsecurity field began with contributing to the IETF standardizationefforts and participating in EU-funded and industry-funded researchprojects. The most renowned result of his, by then small R&Dteam, was the creation of the open-sourced software for Internettelephony, known as “SIP Express Router (SER)”. Jirico-founded a company bringing the software and its concepts to theindustry: iptelorg GmbH. The company deployed Internet telephonywith major Internet Service Providers, received prestigious Pulver100 award and was acquired by Tekelec in 2005.
Ulrich Abend graduated in computer sciences at the TechnicalUniversity of Berlin in 2004. During his studies he worked as anengineer at Fraunhofer Institute Fokus where he had a major role inthe development of the SIP Express Media Server (SEMS). Being partof the iptelorg team from the very beginning he was responsible forleading the development of the carrier class SIP platform SOP,based on the SIP Express Router (SER) and supporting components.SOP was successfully deployed at major customers across Europe andthe United States. In early 2006 Ulrich Abend co-founded IPTEGO, anIMS service assurance company headquartered in Berlin. As CTO he isleading the team of SIP experts creating IPTEGO’s nextgeneration IMS product Palladion.
Prof. Henning Schulzrinne received his undergraduate degree ineconomics and electrical engineering from the Darmstadt Universityof Technology, Germany, his MSEE degree as a Fulbright scholar fromthe University of Cincinnati, Ohio and his Ph.D. degree from theUniversity of Massachusetts in Amherst, Massachusetts. He was amember of technical staff at AT&T Bell Laboratories, MurrayHill and an associate department head at GMD-Fokus (Berlin), beforejoining the Computer Science and Electrical Engineering departmentsat Columbia University, New York. He is currently chair of theDepartment of Computer Science. He is co-author of theReal-Time Protocol (RTP) for real-time Internet services, thesignaling protocol for Internet multimedia conferences andtelephony (SIP) and the stream control protocol for Internetmedia-on-demand (RTSP). He served as Chief Scientist for FirstHandTechnologies and Chief Scientific Advisor for Ubiquity SoftwareCorporation. He is a Fellow of the IEEE, has received the New YorkCity Mayor’s Award for Excellence in Science and Technology,the VON Pioneer Award and the TCCC service award.
Table of Contents
About the Authors.
2 Introduction to Cryptographic Mechanisms.
2.1 Cryptographic Algorithms.
2.2 Secure Channel Establishment.
2.3 Authentication in 3GPP Networks.
2.4 Security Mechanisms Threats and Vulnerabilities.
3 Introduction to SIP.
3.1 What is SIP, Why Should we Bother About it and What areCompeting Technologies?
3.2 SIP: the Common Scenarios.
3.3 Introduction to SIP Operation: the SIP Trapezoid.
3.4 SIP Components.
3.5 Addressing in SIP.
3.6 SIP Message Elements.
3.7 SIP Dialogs and Transactions.
3.8 SIP Request Routing.
3.9 Authentication, Authorization, Accounting.
3.10 SIP and Middleboxes.
3.11 Other Parts of the SIP Eco-system.
3.12 SIP Protocol Design and Lessons Learned.
4 Introduction to IMS.
4.1 SIP in IMS.
4.2 General Architecture.
4.3 Session Control and Establishment in IMS.
5 Secure Access and Interworking in IMS.
5.1 Access Security in IMS.
5.2 Network Security in IMS.
6 User Identity in SIP.
6.1 Identity Theft.
6.2 Identity Authentication using S/MIME.
6.3 Identity Authentication in Trusted Environments.
6.4 Strong Authenticated Identity.
6.5 Identity Theft Despite Strong Identity.
6.6 User Privacy and Anonymity.
6.7 Subscription Theft.
6.8 Fraud and SIP.
7 Media Security.
7.1 The Real-time Transport Protocol.
7.2 Secure RTP.
7.3 Key Exchange.
8 Denial-of-service Attacks on VoIP and IMS Services.
8.2 General Classification of Denial-of-service Attacks.
8.3 Bandwidth Consumption and Denial-of-service Attacks on SIPServices.
8.4 Bandwidth Depletion Attacks.
8.5 Memory Depletion Attacks.
8.6 CPU Depletion Attacks.
8.7 Misuse Attacks.
8.8 Distributed Denial-of-service Attacks.
8.9 Unintentional Attacks.
8.10 Address Resolution-related Attacks.
8.11 Attacking the VoIP Subscriber Database.
8.12 Denial-of-service Attacks in IMS Networks.
8.13 DoS Detection and Protection Mechanisms.
8.14 Detection of DoS Attacks.
8.15 Reacting to DoS Attacks.
8.16 Preventing DoS Attacks.
8.17 DDoS Signature Specification.
9 SPAM over IP Telephony.
9.2 Spam Over SIP: Types and Applicability.
9.3 Why is SIP Good for Spam?
9.4 Legal Side of Unsolicited Communication.
9.5 Fighting Unsolicited Communication.
9.6 General Antispam Framework.