SIP安全威胁及SIP安全协议研究
摘要
会话初始协议(SIP)是IETF推出的用于IP电话的信令协议,成为了目前使用最广泛的VoIP会话建立协议,但是SIP协议存在着明显的安全隐患,因此研究SIP的安全问题就非常必要。目前还没有专门为SIP设计的应用层安全协议,但已有一些可以应用于SIP的低层安全协议,包括TLS,IPSec,DTLS等。但是哪种安全协议最适合SIP还没有一个定论。
本论文即针对SIP安全威胁及其安全协议进行研究,并重点分析了安全协议对SIP性能的影响。
论文首先分析了SIP的脆弱性,对五种典型的攻击手段:注册劫持攻击、服务器伪装攻击、消息篡改攻击、拆除会话攻击、拒绝服务攻击的原理和机制进行了研究,并分类和总结了这些攻击对SIP造成的安全威胁。
然后,论文介绍了保护SIP通信的应用层安全协议和低层安全协议,包括HTTP摘要认证,S/MIME,以及TLS,DTLS和IPSec,对他们各自的适用范围和优缺点进行了比较和分析。最后,选取TLS、DTLS和IPSec安全协议,设计了两个测试场景来比较这些安全协议和传输层协议的不同组合中SIP所产生的呼叫建立延迟,发现了运行在UDP上的IPSec与DTLS协议对SIP呼叫建立延迟的影响最小。本文还深入分析了每个组合对SIP性能所产生的影响存在差别的原因。
Session Initiation Protocol (SIP) is a signal protocol of VoIP lodged by IETF. It becomes the most widely used VoIP protocol nowadays for its simplicity, extensibility, and powerful function. But SIP has many potential security problems, which pose a great threat to the users’privacy and communications security. So it is very necessary to study the security problems of SIP. There isn’t any application-layer security protocol specially designed for SIP, but there are some lower layer security protocols which can be employed with SIP, including TLS, IPSec, and DTLS, etc. The effect of a security protocol on the performance of SIP is also worth studying.
In this thesis, we introduce all the vulnerabilities of SIP, and investigate the principles and mechanisms of five typical attacks: registration hijacking, impersonation a server, tampering with message bodies, tearing down sessions and denial of service. We classify and analyze the security threats imposed on SIP by these attacks, and consider that authentication and message encryption are essential security mechanisms for SIP. Next, We introduce several application-layer security mechanisms and lower layer security protocols which can be applied to SIP, including HTTP Digest authentication, S/MIME, TLS, DTLS, and IPSec. We compare and discuss the preconditions, scope, advantages and disadvantages of them.
Then, we simulate the various combinations of three security protocols and two transport-layer protocols, TCP and UDP, for SIP. We design two scenarios to compare the call setup delays that occur with various security protocols. We have observed that UDP/IPSec and DTLS/UDP were the best performers (in terms of the delay) among the conbinations of popular security protocols in different layers.One of the reasons is that UDP simply ignores a sign of network congestion and does not decrease its transmission rate even in the face of network congestion.However, the security channel over UDP also has a side effert, which is a high failure rate for a call setup because of the lack of congestion control. This thesis also gives the reasons for the differences in SIP performances.
本论文即针对SIP安全威胁及其安全协议进行研究,并重点分析了安全协议对SIP性能的影响。
论文首先分析了SIP的脆弱性,对五种典型的攻击手段:注册劫持攻击、服务器伪装攻击、消息篡改攻击、拆除会话攻击、拒绝服务攻击的原理和机制进行了研究,并分类和总结了这些攻击对SIP造成的安全威胁。
然后,论文介绍了保护SIP通信的应用层安全协议和低层安全协议,包括HTTP摘要认证,S/MIME,以及TLS,DTLS和IPSec,对他们各自的适用范围和优缺点进行了比较和分析。最后,选取TLS、DTLS和IPSec安全协议,设计了两个测试场景来比较这些安全协议和传输层协议的不同组合中SIP所产生的呼叫建立延迟,发现了运行在UDP上的IPSec与DTLS协议对SIP呼叫建立延迟的影响最小。本文还深入分析了每个组合对SIP性能所产生的影响存在差别的原因。
Session Initiation Protocol (SIP) is a signal protocol of VoIP lodged by IETF. It becomes the most widely used VoIP protocol nowadays for its simplicity, extensibility, and powerful function. But SIP has many potential security problems, which pose a great threat to the users’privacy and communications security. So it is very necessary to study the security problems of SIP. There isn’t any application-layer security protocol specially designed for SIP, but there are some lower layer security protocols which can be employed with SIP, including TLS, IPSec, and DTLS, etc. The effect of a security protocol on the performance of SIP is also worth studying.
In this thesis, we introduce all the vulnerabilities of SIP, and investigate the principles and mechanisms of five typical attacks: registration hijacking, impersonation a server, tampering with message bodies, tearing down sessions and denial of service. We classify and analyze the security threats imposed on SIP by these attacks, and consider that authentication and message encryption are essential security mechanisms for SIP. Next, We introduce several application-layer security mechanisms and lower layer security protocols which can be applied to SIP, including HTTP Digest authentication, S/MIME, TLS, DTLS, and IPSec. We compare and discuss the preconditions, scope, advantages and disadvantages of them.
Then, we simulate the various combinations of three security protocols and two transport-layer protocols, TCP and UDP, for SIP. We design two scenarios to compare the call setup delays that occur with various security protocols. We have observed that UDP/IPSec and DTLS/UDP were the best performers (in terms of the delay) among the conbinations of popular security protocols in different layers.One of the reasons is that UDP simply ignores a sign of network congestion and does not decrease its transmission rate even in the face of network congestion.However, the security channel over UDP also has a side effert, which is a high failure rate for a call setup because of the lack of congestion control. This thesis also gives the reasons for the differences in SIP performances.
引文
[1] Jonathan Davidson, Voice over IP Fundamentals(2nd), Cisco Press, 2006
[2] ITU-T Rec.H.323, ”Packet-Based Multimedia Communication System.”, 2000
[3] J.Rosenberg et al., RFC-3261, SIP:Session Initiation Protocol, 2002
[4] NIST SP 800-58, ”Security Considerations for Voice over IP System”, 2005
[5] David Endler、Mark Collier, ”Hacking Exposed VoIP”, 2006.11
[6] H.Abdelnur, V.Cridlig,R.State and O.Festor, “VoIP Security Assessment: Methods and Tools”, IEEE, 2006
[7] R.Sparks et al., RFC-3515, The Session Initiation Protocol(SIP) Refer Method, 2003
[8] J.Rosenberg et al., RFC-3311, The Session Initiation Protoco(lSIP)UPDATE Method, 2002
[9] Peter Thermos, "Two attacks against VoIP", http://www.securityfocus.com/infocus/1862,2006
[10] 喻靓,陈凯,基于 SIP 的注册劫持攻击及安全机制研究,信息安全与通信保密,2007
[11] D.Sisalem,J.Kuthan, “Denial of Service Attacks and SIP Infrastructure”,2003
[12] Feng Cao et al.”Vulnerability Analysis and Best Practices for Adopting IP Telephony in Critical Infrastructure”,IEEE,2006
[13] J.Franks et al.,RFC-2617,HTTP Authentication:Basic and Digest Access Authentication.1999
[14] 王宇飞,一种基于HTTP摘要认证的SIP安全通信系统的实现[硕士论文],成都,电子科技大学,2005
[15] J.Rosenberg et al.,RFC-3853,S/MIME Advanced Encryption Standard Requirement for the Session Initiation Protocol.2004
[16] 邱惠,基于 S/MIME 的 SIP 消息安全机制的研究[硕士论文],南京,南京理工大学,2005
[17] T.Dierks et al.,RFC-2246,The TLS Protocol.1999
[18] S.Blake-Wilson et al.,RFC-3546,Transport Layer Security(TLS) Extensions.2003
[19] B.Lancu,C.Santasusana and K.Darilion,”TLS Support”, http://www.openser.org/docs/tls.html
[20] N.Modadugu et al,RFC-4347, Datagram Transport Layer Security.2006
[21] N.Modadugu and E.Rescorla, ”The Design and Implementation of Datagram TLS”,IEEE 2005
[22] S.Kent et al. RFC-2401,Security Architecture for the Internet Protocol,1998
[23] T.Eyers and H.Schulzrinne,”Predicting internet telephony call setup delay”, In Proc. Of IP Telephony Workshop,2000
[24] G.Camarillo et al.”Evaluation of transport protocols for the session initiation protocol”, IEEE Network, Vol.17,2003
[25] H.Fathi et al.”On SIP session setup delay for VoIP services over correlated fading channels”, IEEE Trans. On Vehiclar Technologies,Vol.55,No.1,2006
[26] The network simulator 2,available at http://www.isi.edu/nsnam/ns
[27] SIP module for ns-2, available at: http://www.tti.unipa.it/~fasciana.
[28] SIP security modules for ns-2, available at: http://hit.skku.edu/~eccha.
[29] 陶伟,下一代网络中 IPSec 的研究与实践[硕士论文],南京,南京理工大学,2006”
[30] 俞志春,SIP 协议安全性研究[硕士论文],哈尔滨,哈尔滨工业大学,2006
[31] 刘伟明等, VoIP 安全-基于 SIP 协议的深入剖析和解决策略,计算机应用,2006
[32] 单琳伟等, 基于 SIP 的域间网络会议安全框架,计算机工程, 2006
[33] 田战毅,基于 SIP 的多媒体通信安全技术研究[硕士论文],武汉,华中科技大学,2005
[34] 李晓霞,基于 SIP 的安全通信机制的研究[硕士论文],北京,北京邮电大学,2007
[35] Chia-Chen Chang,Yung-Feng Lu,Ai-Chun Pang and Tai-Wei Kuo, ”Design and Implementation of SIP Security”, LNCS 3391, pp.669-678, 2005
[36] Eric Y.Chen, ”A Tour Through Zfone”, http://voipsa.org/blog/2006/06/19/a-tour-through-zfone/ ,2006
[2] ITU-T Rec.H.323, ”Packet-Based Multimedia Communication System.”, 2000
[3] J.Rosenberg et al., RFC-3261, SIP:Session Initiation Protocol, 2002
[4] NIST SP 800-58, ”Security Considerations for Voice over IP System”, 2005
[5] David Endler、Mark Collier, ”Hacking Exposed VoIP”, 2006.11
[6] H.Abdelnur, V.Cridlig,R.State and O.Festor, “VoIP Security Assessment: Methods and Tools”, IEEE, 2006
[7] R.Sparks et al., RFC-3515, The Session Initiation Protocol(SIP) Refer Method, 2003
[8] J.Rosenberg et al., RFC-3311, The Session Initiation Protoco(lSIP)UPDATE Method, 2002
[9] Peter Thermos, "Two attacks against VoIP", http://www.securityfocus.com/infocus/1862,2006
[10] 喻靓,陈凯,基于 SIP 的注册劫持攻击及安全机制研究,信息安全与通信保密,2007
[11] D.Sisalem,J.Kuthan, “Denial of Service Attacks and SIP Infrastructure”,2003
[12] Feng Cao et al.”Vulnerability Analysis and Best Practices for Adopting IP Telephony in Critical Infrastructure”,IEEE,2006
[13] J.Franks et al.,RFC-2617,HTTP Authentication:Basic and Digest Access Authentication.1999
[14] 王宇飞,一种基于HTTP摘要认证的SIP安全通信系统的实现[硕士论文],成都,电子科技大学,2005
[15] J.Rosenberg et al.,RFC-3853,S/MIME Advanced Encryption Standard Requirement for the Session Initiation Protocol.2004
[16] 邱惠,基于 S/MIME 的 SIP 消息安全机制的研究[硕士论文],南京,南京理工大学,2005
[17] T.Dierks et al.,RFC-2246,The TLS Protocol.1999
[18] S.Blake-Wilson et al.,RFC-3546,Transport Layer Security(TLS) Extensions.2003
[19] B.Lancu,C.Santasusana and K.Darilion,”TLS Support”, http://www.openser.org/docs/tls.html
[20] N.Modadugu et al,RFC-4347, Datagram Transport Layer Security.2006
[21] N.Modadugu and E.Rescorla, ”The Design and Implementation of Datagram TLS”,IEEE 2005
[22] S.Kent et al. RFC-2401,Security Architecture for the Internet Protocol,1998
[23] T.Eyers and H.Schulzrinne,”Predicting internet telephony call setup delay”, In Proc. Of IP Telephony Workshop,2000
[24] G.Camarillo et al.”Evaluation of transport protocols for the session initiation protocol”, IEEE Network, Vol.17,2003
[25] H.Fathi et al.”On SIP session setup delay for VoIP services over correlated fading channels”, IEEE Trans. On Vehiclar Technologies,Vol.55,No.1,2006
[26] The network simulator 2,available at http://www.isi.edu/nsnam/ns
[27] SIP module for ns-2, available at: http://www.tti.unipa.it/~fasciana.
[28] SIP security modules for ns-2, available at: http://hit.skku.edu/~eccha.
[29] 陶伟,下一代网络中 IPSec 的研究与实践[硕士论文],南京,南京理工大学,2006”
[30] 俞志春,SIP 协议安全性研究[硕士论文],哈尔滨,哈尔滨工业大学,2006
[31] 刘伟明等, VoIP 安全-基于 SIP 协议的深入剖析和解决策略,计算机应用,2006
[32] 单琳伟等, 基于 SIP 的域间网络会议安全框架,计算机工程, 2006
[33] 田战毅,基于 SIP 的多媒体通信安全技术研究[硕士论文],武汉,华中科技大学,2005
[34] 李晓霞,基于 SIP 的安全通信机制的研究[硕士论文],北京,北京邮电大学,2007
[35] Chia-Chen Chang,Yung-Feng Lu,Ai-Chun Pang and Tai-Wei Kuo, ”Design and Implementation of SIP Security”, LNCS 3391, pp.669-678, 2005
[36] Eric Y.Chen, ”A Tour Through Zfone”, http://voipsa.org/blog/2006/06/19/a-tour-through-zfone/ ,2006