Home   >   CSC-OpenAccess Library   >    Manuscript Information
Session Initiation Protocol: Security Issues Overview
Bruno Cruz, Rui Filipe Pereira
Pages - 181 - 192     |    Revised - 31-10-2021     |    Published - 01-12-2021
Volume - 15   Issue - 6    |    Publication Date - December 2021  Table of Contents
MORE INFORMATION
KEYWORDS
Session Initiation Protocol (SIP), SIP Security, Voice over IP (VoIP).
ABSTRACT
The leading method of correspondence is clearly through voice trade. There are essentially two different ways through which voice can be effortlessly communicated on an organization: PSTN (Public Switched Telephone Network) and VoIP (Voice over Internet Protocol).

Mainly represented by SIP, VoIP protocols and implementations contain several vulnerabilities, particularly related to their complexities and in the face of interoperability of telephony equipment’s.

It was by identifying a lack of literature with focus in security and potential vulnerabilities of the SIP Protocol that we propose in this document. We attempt to provide a theoretical analysis from security aspects used by one of the signaling call protocols, Session Initiation Protocol (SIP).

It is intended to lucidly illustrate and identify threats, vulnerabilities, security mechanisms, developed methods and protocols and, finally over time improvements.
1 refSeek 
2 BibSonomy 
3 J-Gate 
4 Scribd 
5 SlideShare 
A. D. Keromytis, "Voice-over-IP Security: Research and Practice," in IEEE Security & Privacy, vol. 8, no. 2, pp. 76-78, March-April 2010, doi: 10.1109/MSP.2010.87.
Allen, C., & Dierks, T. (1999, Januarie). The TLS Protocol Version 1.0. doi:10.17487/RFC2246
Atkinson, R., & Kent, S. (1998, November). Security Architecture for the Internet Protocol. doi:10.17487/RFC2401
Audet, F. (2009, Oktober). The Use of the SIPS URI Scheme in the Session Initiation Protocol (SIP). doi:10.17487/RFC5630
B. Gupta and V. Prajapati, "Secure and efficient Session Initiation Protocol authentication scheme for VoIP Communications," 2019 International Conference on Communication and Electronics Systems (ICCES), 2019, pp. 866-871, doi: 10.1109/ICCES45898.2019.9002125.
Chown, P. (2002, Julie). Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS). doi:10.17487/RFC3268
D. Golait and N. Hubballi, "Detecting Anomalous Behavior in VoIP Systems: A Discrete Event System Modeling," in IEEE Transactions on Information Forensics and Security, vol. 12, no. 3, pp. 730-745, March 2017, doi: 10.1109/TIFS.2016.2632071.
E. Belmekki, B. Raouyane, A. Belmekki and M. Bellafkih, "Secure SIP signalling service in IMS network," 2014 9th International Conference on Intelligent Systems: Theories and Applications (SITA-14), 2014, pp. 1-7, doi: 10.1109/SITA.2014.6847291.
Franks, P. J., Hallam-Baker, P., Stewart, L. C., Hostetler, J. L., Lawrence, S., Leach, P. J., &Luotonen, A. (1999, Junie). HTTP Authentication: Basic and Digest Access Authentication. doi:10.17487/RFC2617
I. M. Tas, B. G. Unsalver and S. Baktir, "A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism," in IEEE Access, vol. 8, pp. 112574-112584, 2020, doi: 10.1109/ACCESS.2020.3001688.
Lazzez, A. (2013). VoIP Technology: Security Issues Analysis. ArXiv, abs/1312.2225.
McGann, S. (2005). An Analysis of Security Threats and Tools in SIP-Based VoIP Systems.
P. Biondi, S. Bognanni and G. Bella, "VoIP Can Still Be Exploited - Badly," 2020 Fifth International Conference on Fog and Mobile Edge Computing (FMEC), 2020, pp. 237-243, doi: 10.1109/FMEC49853.2020.9144875.
P. Segec, M. Moravcik, J. Hrabovsky, J. Papán and J. Uramová, "Securing SIP infrastructures with PKI — The analysis," 2017 15th International Conference on Emerging eLearning Technologies and Applications (ICETA), 2017, pp. 1-8, doi: 10.1109/ICETA.2017.8102525.
Pereira D., Oliveira R. (2021) Detection of Signaling Vulnerabilities in Session Initiation Protocol. In: Camarinha-Matos L.M., Ferreira P., Brito G. (eds) Technological Innovation for Applied AI Systems. DoCEIS 2021. IFIP Advances in Information and Communication Technology, vol 626. Springer, Cham. https://doi.org/10.1007/978-3-030-78288-7_20
R. Farley and X. Wang, "VoIP Shield: A transparent protection of deployed VoIP systems from SIP-based exploits," 2012 IEEE Network Operations and Management Symposium, 2012, pp. 486-489, doi: 10.1109/NOMS.2012.6211937.
Ramsdell, B. C. (1999, Junie). S/MIME Version 3 Message Specification. doi:10.17487/RFC2633
Rescorla, E. (2018, Augustus). The Transport Layer Security (TLS) Protocol Version 1.3. doi:10.17487/RFC8446
S. El Sawda and P. Urien, "SIP Security Attacks and Solutions: A state-of-the-art review," 2006 2nd International Conference on Information & Communication Technologies, 2006, pp. 3187-3191, doi: 10.1109/ICTTA.2006.1684926.
Schaad, J., Ramsdell, B. C., & Turner, S. (2019, April). Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification. doi:10.17487/RFC8551
Schooler, E., Rosenberg, J., Schulzrinne, H., Johnston, A., Camarillo, G., Peterson, J., … Handley, M. J. (2002, Julie). SIP: Session Initiation Protocol. doi:10.17487/RFC3261
T. Berners-Lee, R. F. (1998, Agust). Uniform Resource Identifiers (URI): Generic Syntax, RFC 2396. Retrieved from IETF Tools: https://www.ietf.org/rfc/rfc2396.txt
U. U. Rehman and A. G. Abbasi, "Secure Layered Architecture for Session Initiation Protocol Based on SIPSSO: Formally Proved by Scyther," 2015 12th International Conference on Information Technology - New Generations, 2015, pp. 185-190, doi: 10.1109/ITNG.2015.35.
U. U. Rehman and A. G. Abbasi, "Security analysis of VoIP architecture for identifying SIP vulnerabilities," 2014 International Conference on Emerging Technologies (ICET), 2014, pp. 87-93, doi: 10.1109/ICET.2014.7021022.
Mr. Bruno Cruz
Department of Informatics Engineering, Coimbra University, Coimbra - Portugal
bcruz94@protonmail.com
Mr. Rui Filipe Pereira
Lab UbiNET – Computer Science, Security and Cybercrime, Polytechnic Institute of Beja, Beja, - Portugal