TMCnet
ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells
 
SIP Magazine Home Page
January 2006
Volume 1 / Number 1
Simple & MSRP: An Interview with Robert Sparks
 

by
Erik Lagerway

You know a VoIP protocol has made it to prime time when it gets its own magazine! SIP (Session Initiation Protocol) has certainly gained momentum, and it doesn’t look to be slowing down anytime soon.

In the past year we have seen the major IM providers like Yahoo! and MSN adopting SIP as their chosen signaling protocol for VoIP. Google has openly professed that they intend to support SIP in their new IM service. Even Apple’s iChat supports SIP for VoIP and video. SIP is the torch lighting the way for VoIP; there is no doubt about it. The thrust seems almost unstoppable with everyone racing to support open standards. For consumers, this is a very good thing as it presents choices. Networks that interoperate are very important and, if providers want any hope of peering with other networks, they will need to use open standards. SIP does all of this and more. So, what, if, anything could slow the adoption of SIP? Firewall traversal? No, we have pretty much solved that one with use of STUN, TURN, ICE, and some intelligence built into the SIP end point. What about Security? Yes, this could be a problem in certain networks that choose to ignore the issues. SPIT — SPAM for Internet Telephony — is not yet a huge problem, but it has had an impact on some providers who found themselves shutting down certain services because of it. You don’t hear much about it because the providers would rather not admit their networks are vulnerable. So what are the main threats? From a consumer’s point of view, there are two main concerns: protecting the identity of the user and protecting the content of the calls.

 

Identity Theft
In one case, a large VoIP provider in the U.S. had enormous problems with users spoofing other SIP IDs and making calls to sex lines in another country. The local carrier was appalled when the peering provider sent them their bill. This resulted in blocking service to that particular country. Today, most SIP-enabled devices and registrars support Digest Authentication and TLS. Together, these methodologies can be used to thwart ID theft in a SIP network. It’s too bad that TLS is not widely supported when connecting from SIP to the PSTN (Public Service Telephone Network), making it difficult to implement across the board. S/MIME (Secure MIME — Multipurpose Internet Mail Extensions) is another mechanism used to encrypt individual messages, much like PGP (Pretty Good Privacy). It was primarily developed for e-mail, but it certainly can be applied to SIP for use with VoIP and IM. What about DoS attacks? A few months back, another U.S. provider was hit with a DoS (Denial of Service) attack that consisted of many SIP requests overwhelming the network and castrating the service. The provider had to interrupt service in order to fix the problem, cutting off thousands of users in the process. Often in a VoIP network, a user does not know the person who is calling them and may want to decide whether or not they want to take the call before answering. The IETF is close to finalizing a new security method for VoIP, called “SIP Cert,” which is meant to provide a secure way to make sure that callers are, in fact, who they say they are.

Securing the Media — Encryption




Eavesdropping is an issue not only in VoIP, but also in traditional telephony. To think that someone could overhear your conversations is disconcerting to say the least. Today, VoIP networks using SIP generally use RTP (Real-time Transport Protocol) for the actual voice and video that we see and hear during a call. Encrypting this data can be done by implementing Secure RTP, or SRTP. Since SRTP was built to be very efficient, it uses up little additional bandwidth and CPU. The bottom line is that SIP is the best standards-based protocol for building VoIP and Video services on the Internet today. The SIP community is rich with IP Communications leaders and the support from this network is tremendous. This protocol will could very well mature into a complete IP Communications framework. The battle for VoIP has been won; now what about IM? Stay tuned as SIP wages war on closed IM protocols and takes on the enterprise with SIMPLE (SIP for Instant Messaging using Presence Leveraging Extensions).

 

 

Erik Lagerway is an independent consultant and contributing writer for various publications; a full bio can be found at http://sipthat.com. Contact Erik via e-mail: erik@sipthat.com.
Return to Table Contents
 


Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
MSPWorld
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas