Study On SIP Security And Security Protocols For SIP

Session Initiation Protocol (SIP) is a signal protocol of VoIP lodged by IETF. It becomes the most widely used VoIP protocol nowadays for its simplicity, extensibility, and powerful function. But SIP has many potential security problems, which pose a great threat to the users'privacy and communications security. So it is very necessary to study the security problems of SIP. There isn't any application-layer security protocol specially designed for SIP, but there are some lower layer security protocols which can be employed with SIP, including TLS, IPSec, and DTLS, etc. The effect of a security protocol on the performance of SIP is also worth studying.In this thesis, we introduce all the vulnerabilities of SIP, and investigate the principles and mechanisms of five typical attacks: registration hijacking, impersonation a server, tampering with message bodies, tearing down sessions and denial of service. We classify and analyze the security threats imposed on SIP by these attacks, and consider that authentication and message encryption are essential security mechanisms for SIP. Next, We introduce several application-layer security mechanisms and lower layer security protocols which can be applied to SIP, including HTTP Digest authentication, S/MIME, TLS, DTLS, and IPSec. We compare and discuss the preconditions, scope, advantages and disadvantages of them.Then, we simulate the various combinations of three security protocols and two transport-layer protocols, TCP and UDP, for SIP. We design two scenarios to compare the call setup delays that occur with various security protocols. We have observed that UDP/IPSec and DTLS/UDP were the best performers (in terms of the delay) among the conbinations of popular security protocols in different layers.One of the reasons is that UDP simply ignores a sign of network congestion and does not decrease its transmission rate even in the face of network congestion.However, the security channel over UDP also has a side effert, which is a high failure rate for a call setup because of the lack of congestion control. This thesis also gives the reasons for the differences in SIP performances.