Článok založený na semestrálnych prácach z predmetu AS, autori/authors: Vladislav Brienik, Marek Kapičák
. Vedúci: Ing. Pavel Segeč, PhD.
Obsah/Content
1. Introduction to SIP…………………………………………………………………………….. 4
1.1 SIP Participants………………………………………………………………………………………………………… 4
1.2 SIP message………………………………………………………………………………….. 4
1.2.1 Request messages…………………………………………………………………………………………………… 5
1.2.2 Response Message…………………………………………………………………………. 5
1.3 SIP functionality………………………………………………………………………………………………………. 6
2. Security Threats an Attacks………………………………………………………………………………………….. 6
2.1 Replay attack…………………………………………………………………………………………………………… 7
2.2 Registration Hijacking………………………………………………………………………………………………. 7
2.3 Request spoofing………………………………………………………………………………………………………. 7
2.4 Impersonating server………………………………………………………………………… 9
2.5 Chosen Plaintext Attack…………………………………………………………………………………………….. 10
3.SIP Authentication……………………………………………………………………………………………………… 10
3.1 Overview……………………………………………………………………………………. 10
3.2 Digest authentication……………………………………………………………………….. 11
3.2.1 Digest authentication headers…………………………………………………………………………………. 12
3.2.2 Digest calculation…………………………………………………………………………………………………. 13
3.3 Protection Mechanisms……………………………………………………………………………………………. 14
3.3.1 Client Authentication……………………………………………………………………………………………. 14
3.3.2 Server authentication……………………………………………………………………………………………. 14
3.3.2.1 Parameters for server authentication……………………………………………………………………. 14
3.3.2.2 Authenticate-Info Header…………………………………………………………………………………… 15
3.3.2.3 Proxy-Authenticate-Info Header………………………………………………………………………….. 15
3.3.3 An example of complete protection scheme…………………………………………………………….. 15
4 Proposed extension to digest authentication………………………………………………………………….. 23
4.1 492 Proxies Unauthorized………………………………………………………………………………………… 23
4.2 New headers specification……………………………………………………………………………………….. 23
4.2.1 UAS-Authenticate response Header……………………………………………………………………….. 23
4.2.2 UAS-Authorization request header ………………………………………………………………………… 24
4.2.3 UAS-authenticate-info………………………………………………………………………………………….. 24
4.3 Proxy-to-UAS Authentication operation……………………………………………………………………. 24
5. S/MIME…………………………………………………………………………………………………………………. 25
5.1 S/MIME Certificates………………………………………………………………………………………………. 26
5.2 S/MIME Key Exchange………………………………………………………………………………………….. 26
5.3 Securing MIME bodies ………………………………………………………………………………………….. 28
6 Problems of TLS handshake………………………………………………………………… 30
6.1 Proposed TLS handshake method based on SIP…………………………………………… 30
6.2 Authentication phase……………………………………………………………………….. 31
6.2.1 Message sequences and system behaviors……………………………………………….. 31
6.2.2 Message…………………………………………………………………………………… 32
6.3 Key distribution phase……………………………………………………………………… 33
6.3.1 Message sequences and system behaviors……………………………………………….. 33
6.3.2 Messages…………………………………………………………………………………. 34
6.4 SA confirmation phase……………………………………………………………………… 35
6.4.1 Message sequences and system behaviors………………………………………………. 35
6.4.2 Messages………………………………………………………………………………… 35
7 IPSEC IN VOIP NETWORKS…………………………………………………………………………………… 36
7.1 Background ………………………………………………………………………………………………………….. 36
7.2 IPsec Details …………………………………………………………………………………………………………. 36
7.3 The Problem with IPsec and NATs …………………………………………………………………………….. 38
7.4 TISPAN Security …………………………………………………………………………………………………….. 39
7.5 Conclusion ……………………………………………………………………………………………………………… 39
8 The Secure Real-Time Transport Protocol (SRTP) …………………………………………………………. 41
8.1 The Secure RTP Packet Format …………………………………………………………………………………. 41
8.2 The Secure RTCP Packet Format ………………………………………………………………………………. 42
8.3 Default Encryption Algorithms………………………………………………………………………………….. 42
9 Komunikácia dvoch klientov cez systém 3CX……………………………………………………………….. 44
10 Použitá literatúra……………………………………………………………………………………………………… 50