It is the cache of ${baseHref}. It is a snapshot of the page. The current page could have changed in the meantime.
Tip: To quickly find your search term on this page, press Ctrl+F or ⌘-F (Mac) and use the find bar.

Securing SIP: An Easy and Effective Solution | Cojanu | Journal of Mobile, Embedded and Distributed Systems

Securing SIP: An Easy and Effective Solution

Cristian Cojanu

Abstract


Session Initiation Protocol (SIP) has become in recent years a common choice regarding  voice communication services because it is a cost effective solution and offers multiple features. Unfortunately, security is not one of them by default. In general, SIP-based solutions implemented in companies or as services on the internet do not offer any kind of privacy or confidentiality. Most companies that use SIP systems rely on the protection offered by a firewall between the LAN and the WAN. Some probably view this as a good compromise. However, when taking into account the fact that a good percentage of the attacks on IT systems come from inside the LAN, it becomes obvious that just the firewall is not enough and in this case not only the IT services are affected, but so do the voice communications system. Because SIP is a text-based protocol similar to HTTP, an attacker can find out not only information like the IP addresses of the phones and of the SIP system but also when, with whom, how long and what someone has talked on the phone.

This paper will analyze the current security solutions and our approach to this matter.

Keywords


VOIP, SIP, UDP, Security, Encryption, AES, OCB (Offset Codebook)

Full Text:

PDF

References


FreeSwitch, Choosing between encryption options, available online (July 2012) at http://wiki.freeswitch.org/wiki/SIP_TLS,

Charles Shen, Erich Nahum, Henning Schulzrinne, Charles Wright, The Impact of TLS on SIP Performance, pp 03,09-10

Nasko, TLS Overhead, available online (July 2012) at http://netsekure.org/2010/03/tls-overhead/

Mike Oeth, SIP via UDP vs. TCP, available online (July 2012) at http://www.onsip.com/blog/2008/12/04/sip-via-udp-vs-tcp

Philip Rogaway, OCB Mode, available online at http://www.cs.ucdavis.edu/~rogaway/ocb/


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

Journal of Mobile, Embedded and Distributed Systems (JMEDS) ISSN: 2067 – 4074 (online)