SIP security issues: the SIP authentication procedure and its processing load

Authors:
S. Salsano;L. Veltri;D. Papalilo
Affiliations:
Tor Vergata Univ., Rome;-;-
Venue:
IEEE Network: The Magazine of Global Internetworking
Year:
2002

Citing 0
Cited 29

Billing attacks on SIP-based VoIP systems

WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography

Computer Communications
A novel design of a VoIP firewall proxy to mitigate SIP-based flooding attacks

International Journal of Internet Protocol Technology
Voice pharming attack and the trust of VoIP

Proceedings of the 4th international conference on Security and privacy in communication netowrks
A new provably secure authentication and key agreement protocol for SIP using ECC

Computer Standards & Interfaces
Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems

Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Analysing Protocol Implementations

ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Improving authentication performance of distributed SIP proxies

Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
A Survey of Voice over IP Security Research

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Protecting SIP server from CPU-based DoS attacks using history-based IP filtering

IEEE Communications Letters
Design and analysis of SIP-based mobile VPN for real-time applications

IEEE Transactions on Wireless Communications
Designing attacks on SIP call set-up

International Journal of Applied Cryptography
On the billing vulnerabilities of SIP-based VoIP systems

Computer Networks: The International Journal of Computer and Telecommunications Networking
A secure and efficient SIP authentication scheme for converged VoIP networks

Computer Communications
SIP server performance on multicore systems

IBM Journal of Research and Development
Proxychain: developing a robust and efficient authentication infrastructure for carrier-scale VoIP networks

USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
The impact of TLS on SIP server performance

Principles, Systems and Applications of IP Telecommunications
IPTV architecture for an IMS environment with dynamic QoS adaptation

Multimedia Tools and Applications
Design and implementation of SIP security

ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
On the interaction of SIP and admission control: an inter-domain call authorization model for internet multimedia applications

IPOM'05 Proceedings of the 5th IEEE international conference on Operations and Management in IP-Based Networks
Improving the performance of security of real-time video over IP

AIC'10/BEBI'10 Proceedings of the 10th WSEAS international conference on applied informatics and communications, and 3rd WSEAS international conference on Biomedical electronics and biomedical informatics
A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves

Computer Communications
Transaction-based authentication and key agreement protocol for inter-domain VoIP

Journal of Network and Computer Applications
The impact of TLS on SIP server performance: measurement and modeling

IEEE/ACM Transactions on Networking (TON)
Software-based serverless endpoint video combiner architecture for high-definition multiparty video conferencing

Journal of Network and Computer Applications
Cryptanalysis of Arshad et al.'s ECC-based mutual authentication scheme for session initiation protocol

Multimedia Tools and Applications
Elliptic curve cryptography based mutual authentication scheme for session initiation protocol

Multimedia Tools and Applications
Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

Session Initiation Protocol (SIP) is currently receiving much attention and seems to be the most promising candidate as a signaling protocol for the current and future IP telephony services, also becoming a real competitor to the plain old telephone service. For the realization of such a scenario, there is an obvious need to provide a certain level of quality and security, comparable to that provided by the traditional telephone systems. While the problem of QoS mostly refers to the network layer, the problem of security is strictly related to the signaling mechanisms and the service provisioning model. For this reason, at present, a very hot topic in the SIP and IP telephony standardization track is security support. In this work, the security model used by SIP is described, and the different open issues are highlighted. We focus, in particular, on the problem of authentication providing a short tutorial on the solution under standardization. The architecture of a possible commercial IP telephony service including user authentication is also described. Finally, we focus on performance issues. By means of a real testbed implementation, we provide an experimental performance analysis of the SIP security mechanisms, based on our open source Java implementation of a SIP proxy server. The performance of the server has been compared with and without security support, under various scenarios.