TMCnet - World's Largest Communications and Technology Community




April 2000

Laura Guevin  

Can SIP Meet The Privacy Challenge?


Go Right To: VPNs: Evolving In The New Millenium

The Internet Engineering Task Forces (IETF) Session Initiation Protocol (SIP) has proven itself to be the flavor of choice for many Voice-over-IP (VoIP) gateway and component manufacturers. SIP certainly offers advantages over H.323 and other Internet telephony protocols, but does it really offer the same level of call privacy and security as the PSTN?

For circuit-switched phone calls, signaling messages usually include identification of the calling party, which may be delivered to the party being called. The party placing the call typically has the option of suppressing this caller ID information to maintain privacy. For calls placed over IP using the current version of the SIP protocol, this calling party identification, as well as the option to keep the information private, may also be necessary. The SIP working group of the IETF is proposing two extensions to the protocol to handle this information.

In an Internet draft document, the working group suggests that calling number delivery and calling name delivery services which in PSTN calls offer identity information about the calling party prior to the called party answering the phone can also be utilized for calls transported using SIP. For this information to be trustworthy, a SIP user agent will need to require that all incoming SIP invitations arrive through a set of SIP proxies. These proxies, referred to as DCS-proxies by the working group, are interconnected and offer a transitive trust relationship. This means that a SIP user agent that places a call through a DCS-proxy can trust that proxy to deliver the requested service, but the proxies do not trust the SIP user agents.

IP address information can also provide identification such as location in an IP calling environment. This information must be hidden from the other party in a SIP environment, and calling party information should not be in an intelligible format when it reaches the called party. The working group proposes a header field called DCS-Caller, which would be added to an INVITE message to identify a caller, with the option that this information can be kept from the DCS proxy if the call originator does not want this information to be available.

The other header field proposed by the working group would be called DCS-Anonymity, and would allow an originating SIP user agent to choose the privacy level to be provided by the DCS proxy. This field would have two functions, in that it could be used to block SIP-level privacy requests (such as the caller name and/or number), as well as IP address information.

There are additional fields within a SIP call that can reveal privacy information, and the working group recommends ways to encrypt information to work around these fields. The group also recommends use of the IPSec protocol in addition to the proposed extensions.

VPNs: Evolving In The New Millennium


Its not that we didnt hear enough about virtual private networks (VPNs) in the late 90s. We certainly did. Lets be careful, though, not to underestimate this pithy acronym and what it means with regard to the Internet and secure communications as we move quickly into the new millennium. The VPN industry in the late 90s carried with it a distinct set of applications and clearly defined vendors. While the traditional VPN applications of intranets and extranets are still in their early growth stages, the evolution of the Internet and, more importantly, how users will access it will invoke new ways in which VPNs will be defined in 2000 and beyond.

The recent Consumer Electronics Show in Las Vegas featured a refrigerator with Internet access! The refrigerator had a bar-code scanner that could be used to scan in a shopping list and send it to the local grocery store via the Internet upon command. While this application may not seem as security-sensitive as online banking, for example, it is still a form of e-commerce and the data needs to be protected. Perhaps the refrigerator itself does not require VPN capability, but the residential gateway through which it communicates certainly should. So what does an Internet-enabled refrigerator have to do with you? Look at it as a harbinger of things to come.

As Internet-access devices proliferate, mutate, and evolve, and the convergence of voice and data continues, we need to prepare for a future even though we may not be able to define it yet. The devices, operating systems, and communication media may change, but the requirements for private communications i.e., data privacy, user authentication, and message authentication remain the same as long as the Internet is the network.

The good news is that much of the groundwork has been laid. Lets talk about standards and interoperability two very popular topics revolving around VPNs in the late 90s. The IPSec standard has taken several years to develop and is the foundation of any viable VPN implementation on the market today. Vendors large and small now develop products and features to support IPSec-based VPNs, which provide users the assurances of strong security and interoperability. The IPSec VPN vendor community has made significant strides to ensure interoperabilty. These efforts include participation in IPSec bakeoffs, where vendors gather with their equipment at one location and test interoperability, as well as participation in the VPN Consortium (VPNC), which provides an Internet-based framework for testing and documenting IPSec interoperability among vendors.

The emerging markets for Internet access will have to deal with the same standards-compliance issues that the networking communication vendors are pioneering. New products for accessing the Internet will need to interoperate from both a communications and a security standpoint. While we cannot begin to envision all the Internet access products the millennium will bring, it is certain that the IPSec standard will play a significant role in ensuring secure, flexible, and interoperable Internet communications.

Phil Saunders is vice president of marketing for Information Resource Engineering, Inc. (IRE). IREs comprehensive network security systems emphasize standards-based security, cost-effectiveness, and ease of use in the protection of remote access, electronic commerce, and distributed business communication applications throughout the world. For more information, visit the companys Web site at www.ire.com.

Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: tmc@tmcnet.com.
Comments about this site: webmaster@tmcnet.com.


© 2021 Technology Marketing Corporation. All rights reserved | Privacy Policy