Foreword.

About the Authors.

Acknowledgment.

1 Introduction.

2 Introduction to Cryptographic Mechanisms.

2.1 Cryptographic Algorithms.

2.2 Secure Channel Establishment.

2.3 Authentication in 3GPP Networks.

2.4 Security Mechanisms Threats and Vulnerabilities.

3 Introduction to SIP.

3.1 What is SIP, Why Should we Bother About it and What are Competing Technologies?

3.2 SIP: the Common Scenarios.

3.3 Introduction to SIP Operation: the SIP Trapezoid.

3.4 SIP Components.

3.5 Addressing in SIP.

3.6 SIP Message Elements.

3.7 SIP Dialogs and Transactions.

3.8 SIP Request Routing.

3.9 Authentication, Authorization, Accounting.

3.10 SIP and Middleboxes.

3.11 Other Parts of the SIP Eco–system.

3.12 SIP Protocol Design and Lessons Learned.

4 Introduction to IMS.

4.1 SIP in IMS.

4.2 General Architecture.

4.3 Session Control and Establishment in IMS.

5 Secure Access and Interworking in IMS.

5.1 Access Security in IMS.

5.2 Network Security in IMS.

6 User Identity in SIP.

6.1 Identity Theft.

6.2 Identity Authentication using S/MIME.

6.3 Identity Authentication in Trusted Environments.

6.4 Strong Authenticated Identity.

6.5 Identity Theft Despite Strong Identity.

6.6 User Privacy and Anonymity.

6.7 Subscription Theft.

6.8 Fraud and SIP.

7 Media Security.

7.1 The Real–time Transport Protocol.

7.2 Secure RTP.

7.3 Key Exchange.

8 Denial–of–service Attacks on VoIP and IMS Services.

8.1 Introduction.

8.2 General Classification of Denial–of–service Attacks.

8.3 Bandwidth Consumption and Denial–of–service Attacks on SIP Services.

8.4 Bandwidth Depletion Attacks.

8.5 Memory Depletion Attacks.

8.6 CPU Depletion Attacks.

8.7 Misuse Attacks.

8.8 Distributed Denial–of–service Attacks.

8.9 Unintentional Attacks.

8.10 Address Resolution–related Attacks.

8.11 Attacking the VoIP Subscriber Database.

8.12 Denial–of–service Attacks in IMS Networks.

8.13 DoS Detection and Protection Mechanisms.

8.14 Detection of DoS Attacks.

8.15 Reacting to DoS Attacks.

8.16 Preventing DoS Attacks.

8.17 DDoS Signature Specification.

9 SPAM over IP Telephony.

9.1 Introduction.

9.2 Spam Over SIP: Types and Applicability.

9.3 Why is SIP Good for Spam?

9.4 Legal Side of Unsolicited Communication.

9.5 Fighting Unsolicited Communication.

9.6 General Antispam Framework.

Bibliography.

Index.

Dorgham Sisalem

Dr. Dorgham Sisalem received his M.Eng. and Ph.D. from the Technical University of Berlin in 1995 and 2000 respectively. He worked at the Fraunhofer Institute Fokus, Berlin, as researcher, later as head of department, and was involved in implementing and realizing the first SIP based conferencing system in 1998. He was further involved in the development of the SIP Express Router (SER) which is currently the most widely used open source SIP proxy. In 2003, he co–founded iptelorg which offered SIP–based VoIP solutions to ISPs and telecommunication providers until it was acquired by Tekelec in 2005. In the same year, Dorgham Sisalem joined Tekelec as Director of Strategic Architecture with main involvement in IMS security issues. He is a part time lecturer at the Technical University of Berlin and has more than 100 publications including international conferences and journals.

John Floroiu

Dr. John Floroiu graduated from the Polytechnic University of Bucharest, Romania in 1993 where he continued to work as a teaching assistant and received his Ph.D. in 1999. He joined the Fraunhofer Institute Fokus, Berlin in 1999 where he participated in numerous research and industry projects. His interests covered various fields including mobility, security and quality of service in IP networks, and later was involved with multimedia service architectures. Currently with Tekelec, John Floroiu works on crafting the architectures and products for the next generation of communication systems.

Jiri Kuthan

Jiri Kuthan is Assistant Vice–President for engineering with Tekelec. In this capacity, Jiri forms the company s technological strategy for all–IP–based networks, and leads two R&D teams. Jiri s career began in 1998 with a research position at Fraunhofer Institute Fokus, a renowned research institute in Berlin, Germany. His early work in the VoIP and security field began with contributing to the IETF standardization efforts and participating in EU–funded and industry–funded research projects. The most renowned result of his, by then small R&D team, was the creation of the open–sourced software for Internet telephony, known as SIP Express Router (SER) . Jiri co–founded a company bringing the software and its concepts to the industry: iptelorg GmbH. The company deployed Internet telephony with major Internet Service Providers, received prestigious Pulver 100 award and was acquired by Tekelec in 2005.

Ulrich Abend

Ulrich Abend graduated in computer sciences at the Technical University of Berlin in 2004. During his studies he worked as an engineer at Fraunhofer Institute Fokus where he had a major role in the development of the SIP Express Media Server (SEMS). Being part of the iptelorg team from the very beginning he was responsible for leading the development of the carrier class SIP platform SOP, based on the SIP Express Router (SER) and supporting components. SOP was successfully deployed at major customers across Europe and the United States. In early 2006 Ulrich Abend co–founded IPTEGO, an IMS service assurance company headquartered in Berlin. As CTO he is leading the team of SIP experts creating IPTEGO s next generation IMS product Palladion.

Henning Schulzrinne

Prof. Henning Schulzrinne received his undergraduate degree in economics and electrical engineering from the Darmstadt University of Technology, Germany, his MSEE degree as a Fulbright scholar from the University of Cincinnati, Ohio and his Ph.D. degree from the University of Massachusetts in Amherst, Massachusetts. He was a member of technical staff at AT&T Bell Laboratories, Murray Hill and an associate department head at GMD–Fokus (Berlin), before joining the Computer Science and Electrical Engineering departments at Columbia University, New York. He is currently chair of the Department of Computer Science. He is co–author of the Real–Time Protocol (RTP) for real–time Internet services, the signaling protocol for Internet multimedia conferences and telephony (SIP) and the stream control protocol for Internet media–on–demand (RTSP). He served as Chief Scientist for FirstHand Technologies and Chief Scientific Advisor for Ubiquity Software Corporation. He is a Fellow of the IEEE, has received the New York City Mayor s Award for Excellence in Science and Technology, the VON Pioneer Award and the TCCC service award.

This book gives a detailed overview of SIP specific security issues and how to solve them

While the standards and products for VoIP and SIP services have reached market maturity, security and regulatory aspects of such services are still being discussed. SIP itself specifies only a basic set of security mechanisms that cover a subset of possible security issues. In this book, the authors survey important aspects of securing SIP–based services. This encompasses a description of the problems themselves and the standards–based solutions for such problems. Where a standards–based solution has not been defined, the alternatives are discussed and the benefits and constraints of the different solutions are highlighted.

SJP Security will be of interest of IT staff involved in deploying and developing VoIP, service users of SIP, network engineers, designers and managers. Advanced undergraduate and graduate students studying data/voice/multimedia communications as well as researchers in academia and industry will also find this book valuable.

Key Features:

• Will help the readers to understand the actual problems of using and developing VoIP services, and to distinguish between real problems and the general hype of VoIP security
• Discusses key aspects of SIP security including authentication, integrity, confidentiality, non–repudiation and signalling
• Assesses the real security issues facing users of SIP, and details the latest theoretical and practical solutions to SIP Security issues
• Covers secure SIP access, inter–provider secure communication, media security, security of the IMS infrastructures as well as VoIP services vulnerabilities and countermeasures against Denial–of–Service attacks and VoIP spam