Securing SIP: An Easy and Effective Solution
Abstract
Session Initiation Protocol (SIP) has become in recent years a common choice regarding voice communication services because it is a cost effective solution and offers multiple features. Unfortunately, security is not one of them by default. In general, SIP-based solutions implemented in companies or as services on the internet do not offer any kind of privacy or confidentiality. Most companies that use SIP systems rely on the protection offered by a firewall between the LAN and the WAN. Some probably view this as a good compromise. However, when taking into account the fact that a good percentage of the attacks on IT systems come from inside the LAN, it becomes obvious that just the firewall is not enough and in this case not only the IT services are affected, but so do the voice communications system. Because SIP is a text-based protocol similar to HTTP, an attacker can find out not only information like the IP addresses of the phones and of the SIP system but also when, with whom, how long and what someone has talked on the phone.
This paper will analyze the current security solutions and our approach to this matter.Keywords
Full Text:
PDFReferences
FreeSwitch, Choosing between encryption options, available online (July 2012) at http://wiki.freeswitch.org/wiki/SIP_TLS,
Charles Shen, Erich Nahum, Henning Schulzrinne, Charles Wright, The Impact of TLS on SIP Performance, pp 03,09-10
Nasko, TLS Overhead, available online (July 2012) at http://netsekure.org/2010/03/tls-overhead/
Mike Oeth, SIP via UDP vs. TCP, available online (July 2012) at http://www.onsip.com/blog/2008/12/04/sip-via-udp-vs-tcp
Philip Rogaway, OCB Mode, available online at http://www.cs.ucdavis.edu/~rogaway/ocb/
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.
Journal of Mobile, Embedded and Distributed Systems (JMEDS) ISSN: 2067 – 4074 (online)