Chapter 11

Security on the Internet

According to the traditional definition, network security comprises integrity, confidentiality, and availability. Message integrity ensures that if an unauthorized party modifies a message between the sender and the receiver, the receiver is able to detect this modification. In addition to message integrity, integrity mechanisms always provide some type of proof of data origin. Knowing that a message has not been modified without knowing who initially created the message would be useless.

Confidentiality mechanisms keep unauthorized parties from gaining access to the contents of a message. Confidentiality is typically achieved through encryption.

Denial of Service (DoS) attacks compromise the system’s availability by keeping authorized users from accessing a particular service. The most common DoS attacks consist of keeping the servers busy performing an operation or sending the servers more traffic than they can handle.

SIP provides several security mechanisms to address integrity, confidentiality, and availability. Some of the security mechanisms come from the world of the web, some come from the world of email, and some of them are SIP-specific. We analyze these mechanisms in the following sections and describe how they relate to the three security properties just described.

11.1 HTTP Digest Access Authentication

The first problem a SIP server faces is authenticating users who are requesting services. SIP has inherited an authentication mechanism ...

Get The 3G IP Multimedia Subsystem (IMS): Merging the Internet and the Cellular Worlds, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.