Securing Session Initiation Protocol for VOIP Services

Amina M.Elmahalwy, Osama S. Youness, Wail S. Elkilani
2015 International Journal of Computer Applications  
VOIP (voice Over Internet Protocol) has many advantages but at the same time it has security threats not encountered in PSTN (Public Switched Telephone Networks).The paper deals with the security of the widely used protocol for signaling. The Session Initiation protocol (SIP) is considered the most used signaling protocol for calls over the internet. Securing SIP is becoming more and more important. This paper focusing on the SIP security mechanisms of authentication, and proposing an
more » ... tion model based on the Kerberos protocol to provide single sign-on, achieving two way authentications, to reduce the computation against authentication checks for each client, and prevent against Session Teardown Attack and Registration Hijacking attack. It acts as a trust third party to allow secure access to VOIP services. In this paper we implemented the SIP-Kerberos system and record the average time that the users need to authenticate at Kerberos and the average time needed to register at SIP server. The measured performance result of the solution is suitable for heavy loads in the SIP architecture. REGISTER: used by UA to register with a SIP server. INVITE: used to invite another UA to communicate and establish a SIP session between two users. ACK: used to accept a session and confirm message exchanges. OPTIONS: used to obtain information on the capabilities of another user. SUSCRIBE: used to request updated presence information. An attacker send REGISTER message to the SIP server to register in the database. To prevent this attack, any user to register in the SIP server, it must be firstly authenticated at KDC server via AS-REQ/AS-REP, and then acquires a service ticket from the KDC via the TGS-REQ/TGS-REP exchange. A mutual authentication process is then performed between the SIP UA and the SIP server through an AP-REQ/AP-REP exchange. If the Kerberos authentication is successfully completed, the SIP server accepts the SIP REGISTER request, records the user's location information,
doi:10.5120/20253-2622 fatcat:qldgprsjebe5zm376avwzzn26y