O'Reilly logo

The IMS: IP Multimedia Concepts And Services, Second Edition by Aki Niemi, Hisham Khartabil, Georg Mayer, Miikka Poikselka

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

12.11. Security

12.11.1. Threat models

SIP is susceptible to the following threats and attacks:

  • Denial of service – the consequence of a DOS attack is that the entity attacked becomes unavailable. This includes scenarios like targeting a certain UA or proxy and flooding them with requests. Multicast requests are further examples.

  • Eavesdropping – if messages are sent in clear text, malicious users can eavesdrop and get session information, making it easy for them to launch a variety of hijacking-style attacks.

  • Tearing down sessions – an attacker can insert messages like a CANCEL request to stop a caller from communicating with someone else. He can also send a BYE request to terminate the session.

  • Registration hijacking – an attacker can register on a user's behalf and direct all traffic destined to that user towards his own machine.

  • Session hijacking – an attacker can send an INVITE request within dialog requests to modify requests en route to change session descriptions and direct media elsewhere. A session hijacker can also reply to a caller with a 3xx-class response, thereby redirecting a session establishment request to his own machine.

  • Impersonating a server – someone else pretends to be the server and forges a response. The original message could be misrouted.

  • Man in the middle – this attack is where attackers tamper with a message on its way to a recipient.

12.11.2. Security framework

There are six aspects to the SIP security framework:

  • Authentication – this is a means of identifying ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required