SIP security is a vast and somewhat challenging field.
In addition, the RTP media stream, the actual conversation audio, may need to be confidential.
White Paper from Newport Networks: SIP, Security and Session Controllers
Multimedia services using SIP face a range of challenges including traversing Firewalls which were never designed to be VoIP aware, exposing a publicly accessible address for a client which invited hacking and so on. Some of the basic issues surrounding SIP and security are examined.
PATTON Electronics whitepaper...
Securing Internet Telephony: Encrypting Voice with VoIP-over-VPN
Ever wonder who eavesdrops on your VoIP conversations? Unencrypted VoIP compromises information security for companies that handle sensitive information and the carriers that serve them. This Patton white paper explains how you can make your Internet Telephony solution completely secure. Find out why VoIP-over-VPN technology is more expedient than emerging CODEC-based approaches such as SRTP and SIP TLS. You'll also learn how Internet Key Exchange (IKE) simplifies VoIP installation at the same time it strengthens information security
Cisco.com whitepaper: VOIP Security in SIP-Based Networks
- Authentication: Can users steal other users identity?
- Integrity: Is the SIP message received the same as the one sent?
- Confidentiality: Is someone else listening on your SIP call setup?
- Privacy
- Non-repudiation: Making sure we can trace callers
In addition, the RTP media stream, the actual conversation audio, may need to be confidential.
Client security
- Replay
Server security
- Denial of service attacks
IETF RFCs
- RFC 3329 Security Mechanism Agreement for the Session Initiation Protocol (SIP)
- RFC Draft SIP digest authentication relay attack
Books
- http://sipsecurity.org SIP Security
Additional Reading
White Paper from Newport Networks: SIP, Security and Session Controllers
Multimedia services using SIP face a range of challenges including traversing Firewalls which were never designed to be VoIP aware, exposing a publicly accessible address for a client which invited hacking and so on. Some of the basic issues surrounding SIP and security are examined.
PATTON Electronics whitepaper...
Securing Internet Telephony: Encrypting Voice with VoIP-over-VPN
Ever wonder who eavesdrops on your VoIP conversations? Unencrypted VoIP compromises information security for companies that handle sensitive information and the carriers that serve them. This Patton white paper explains how you can make your Internet Telephony solution completely secure. Find out why VoIP-over-VPN technology is more expedient than emerging CODEC-based approaches such as SRTP and SIP TLS. You'll also learn how Internet Key Exchange (IKE) simplifies VoIP installation at the same time it strengthens information security
Cisco.com whitepaper: VOIP Security in SIP-Based Networks