The
study
and
demonstration on SIP
security vulnerabilities
Mahidhar Penigi
Vamsi Krishna Karnati
Introduction

Session Initiation Protocol, is a text based protocol

Signaling protocol to initiate, manage and terminate voice sessions

BICC, H.323, MGCP and MEGACO

SIP is very similar to HTTP

For secure SIP transmissions SIP secure (SIPS) is used

SIP establishes and terminates a session in a series of handshakes (Illustrated
in the next slide)
The three way handshake
http://www.packetizer.com/ipmc/sip/papers/understanding_sip_voip/sip_call_flow.png
Major drawbacks of SIP

SIP does not have inbuilt security Elements like:

Encryption Authentication, and Confidentiality have to deployed a another layer
for additional security in SIP

Encryption: Malicious users and hackers are easily able to intercept and
decode SIP messages retrieved using the simple networking tools/softwares.

Authentication:

It is not very simple for an unauthorized user to be traced down without additional
layers of security.

Due to this IP spoofing could be performed to enter the network and by replacing
another device with the same IP and kicking it out of the network.

This user is then authenticated within the SIP network since authentication
schemes come as a part of an external solution and is not inbuilt
SIP message protection is also required

Protecting content exchanged between two user or end devices during any
kind of exchange over an IP network is called message protection

Very important for end to end voice delivery to be reliable and secure to
avoid a major section of attacks that are classified by the attacker being able
to recognize and understand an ongoing target session
Attacks due to lack of encryption

Malformed message attacks

Message Tampering
http://blogs.ixiacom.com/default/assets/Image/SIP_fuzzing_attack.gif
Attacks due to lack of authentication

Denial of service attacks

IP spoofing

IP address of an authenticated device is borrowed temporarily to utilize the
services of the network, this is not authorized
Computer.howstuffworks.com
Attacks due to lack of authentication

Man in middle attacks, Eavesdropping and Registration Hacking
Other Attacks

Proxy Impersonation is where the attacker claims the identity of the proxy
server taking temporary control over all ongoing sessions (voice) and devices
interacting with it
http://www.asteriskdocs.org/en/2nd_Edition/asterisk-book-html-chunk/figs/web/ast2_0801.png
The solution for better security

A Telephony Solution that is need based is often deployed over SIP to take
care of the general security issues mentioned earlier

TCP/IP rather than UDP for SIP

Even though most SIP deployments are a compromise in infrastructure when
additional security is required


SIP is going to be accompanied with some kind of a TLS as well
Raw UDP transport method with ZRTP could also keep most hackers and
attacks away
PACKET TRACER 5

Network simulation Program provided by CISCO.

It helps to learn complex Technology concepts.

Unlimited Devices can be added into a network for demonstration.

Cisco certified tool for learning complex networks.
Demonstration of Attacks: Packet Tracer
5.0

IP spoofing

Registration Hacking

Denial of Service due to Packet flooding
Conclusion

Now specially with the advent of VoLTE, that provisions for a higher level
integration between the PSTN, IMS and VoIP networks is higher, and a small
loophole in one segment of one of the voice based networks could eventually
lead to a bigger threat for the larger VoLTE system in place. SIP is one such
loophole and it is very necessary to recognize, understand and prevent the
issues pertaining to Session Initiation Protocol (SIP) and hence deploy a better
network with better security standards.
References

www.voip-info.org/wiki/view/SIP+security

download.securelogix.com/library/SIP_Security030105.pdf

http://backtrack-linux.org