Existing Security Features Within Sip Protocol

SIP is a type of protocol specified under IETF which is used for initiating dual way communication session and is also considered as largest RFC in IETF history.SIP seems to be simpler than H323,as it avoids the parsing issues assosciated with ASN.1,when S/MIME is not being used as part of SIP inherent security measures.

Several security features of SIP can be explained by RFC3261 tha disapproves several features given by original RFC2543.SIP digest authentication uses the principles of digest authentication mentioned in RFC2617.here response contains MD5 checksum that includes username,password,nonce value,HTTP method,requested URL.Security level is not so strong in this case thus its not been recommended in current draft of RFC3261.S/MIME is used by SIP in order to enable integrity,protection,authentication,public key distribution.It can replace PGP to provide encryption of SIP messages.Its recommended in current document RFC3261 to be used for UAS,to tunnel messages using TCP connection to avoid problem of fragmentation of UDP pockets.

Using RTP encryption SIP provides confidentiality of data,this was defined in RFC1889.Another option is use of SRTP(OSRTP).SDP(cf.RFC2327) can be used for key management that provides session keys for media streams.In this case end to end encryption should be used.To protect SIP signalling in case of proxies,redirect servers and registrars FRC3261 mandates TLS usage.

TLS is used for Uas.It protects SIP signalling against loss of integrity,confidentiality and against replay.But,the drawback with this is that it requires reliable transport stack(TCP based SIP signalling).Ipsec is also used to provide security for SIP signalling at network layer mainly concerns with securing SIP hosts in a SIP VPN scenario(SIP user agents/proxies)or between administrative domains.

This works for all UDP,TCP,SCTP based SIP signalling.Right now there is no default cipher suite  for Ipsec defined in SIP.One hybrid protokol i.e Internal Key Exchange provides machanism of Ipsec.Several more internet drafts are being discussed to enhance the security of SIP like SIP Authenticated Identity Body that provides a generic SIP authentication token,SIP authenticated identity management where we can find the identity of end user.There are several issues with asip security such as with the use of standard parsing tools such as perl or lex and yacc,text encoding of sip makes it easier to analyze.

Still some requirements were placed in firewall that it should be stateful and able to maintain SIP traffic to determine the type of RTP parts to be opened and made available to which address.The problem for SIP is NAT because in a SIP based network,SIP proxy is outside NAT device,because of dat NAT is inhibiting SIPs registration and communication mechanism.