SIP Security

Sisalem, Dorgham; Floroiu, John; Kuthan, Jiri; Abend, Ulrich; Schulzrinne, Henning

doi:10.1002/9780470516997

Cited by 43 publications

(45 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sisalem et al [169] provide an in-depth description of SIP and IMS, discussing the security mechanisms available in each part of the architecture. The focus particularly on the DoS and SPIT threats, also describing some available countermeasures.…”

Section: A) General Overviews (42 Items)mentioning

confidence: 99%

A Comprehensive Survey of Voice over IP Security Research

Keromytis

2012

IEEE Commun. Surv. Tutorials

116

View full text Add to dashboard Cite

Abstract-We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products.We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems.

show abstract

Section: A) General Overviews (42 Items)mentioning

confidence: 99%

A Comprehensive Survey of Voice over IP Security Research

Keromytis

2012

IEEE Commun. Surv. Tutorials

116

View full text Add to dashboard Cite

show abstract

“…In the event that client and vendor want to reduce the visibility of the information even more so that the broker cannot see it, they could use the messages of a payment either to transport a key transport protocol (the client could send a symmetric key encrypted with the public key of the vendor) or perform a key agreement exchange, negotiating other symmetric keys to perform the payment exchange or use an SSL/TLS channel or IPsec [38,39].…”

Section: Visibilitymentioning

confidence: 99%

“…In the event of non-repudiation being needed, the purchase protocol could be extended by substituting the "signature" based on HMAC by an electronic signature based on public-key cryptography or using S/MIME headers to sign the SIP messages [38,39].…”

Section: Non-repudiationmentioning

confidence: 99%

A lightweight payment scheme for real-time services based on SIP

Ruiz‐Martínez

Marín-López

2012

J Wireless Com Network

View full text Add to dashboard Cite

In the session initiation protocol (SIP), payments have been proposed as a way for vendors to obtain profit from the services they provide. Payments in SIP have also been proposed for microbilling and even as a solution to SPAM in VoIP systems. Although several proposals exist for making payments in SIP, they present some limitations when we want to pay for access to real-time services: either they are not suitable for micropayments or they do not consider security in the payment information exchanged. As a response to these limitations, we propose a new SIP payment protocol, LP-SIP, that supports the payment according to different models like pay-per-time, session-based, etc. It also performs payments in SIP efficiently and takes into account the secure exchange of payment information, unlike other existing proposals. Thus, we provide a lightweight payment protocol that can be used for the payment of real-time services.

show abstract

“…Figure 2 illustrates a basic session establishment in the IMS with the caller and callee roaming to foreign networks. The example is based on the scenario provided in (Sisalem et al 2009) .The session establishment in IMS is triggered by the sending of an INVITE request. In general, the session establishment can be considered as consisting of five phases, namely: …”

Section: Non-invite-retransmissionsmentioning

confidence: 99%