Professional Documents
Culture Documents
Introduction to SIP
Original Slides by Alan Johnston and Henry Sinnreich, MCI (at VON03)
Contents
SIP Overview SIP in detail SIP Call Flow Scenarios SIP Security SIP Programming Some Related Works
SIP Overview
What SIP is, Multimedia Protocol Stack, Short History and Related Protocols are included.
Similar text-based structure Uses URIs (Uniform Resource Indicators) Voice, video, gaming, instant messaging, presence, call control, etc.
5
Challenge/Response based on shared secret - SIP Digest Mechanism also used by HTTP Used for client devices Used between servers SIP signaling can be encrypted
S/MIME (Secure/Multipurpose Internet Mail Extensions)
RTSP
Added four new authors: G. Camarillo, A. Johnston, J. Peterson, and R. Sparks. Entire spec rewritten for clarity, but some new features Mostly backwards compatible with RFC 2543
E.g. RFC 3551 RTP Profile for Audio and Video Conferences
10
Related Protocol: RTP RTP Real-time Transport Protocol Used to transport media packets over IP RTP adds a bit-oriented header containing:
name
sip:henry@mci.com (Needs DNS SRV records to locate SIP Servers for mci.com domain) Contact (identifies a device and is usually a Fully Qualified Domain Name, FQDN) sip:henry@127.24.45.4 or sip:henry@cube43.lab.mci.com (Which needs no resolution for routing)
12
SIP Trapezoid
DNS Server Location Server
DNS
SIP
SIP SIP
13
DNS
SIP
End Devices
Inbound Proxy Server
SIP SIP
14
DNS
SIP
Types:
SIP
SIP
No media capabilities
User Agent B
User Agent A
Ignore SDP. Normally bypassed once dialog established, but can Record-Route to stay in path.
15
Location Server
Database of locations of SIP User Agents Queried by Proxies in routing Updated by User Agents by Registration
DNS
SIP
SIP SIP
DNS Server
User Agent B
User Agent A
User Agents (end devices that initiate and terminate media sessions) Servers (that assist in session setup)
Proxies Registrars Redirect servers
Client when it initiates a request (UAC) Server when it responds to a request (UAS)
17
SIP Registrar, 1
SIP server that can receive and process REGISTER requests A user has an account created which allows them to REGISTER contacts with a particular server The account specifies a SIP Address of Record (AOR)
18
SIP Registrar, 2
SIP Registrars store the location of SIP endpoints
address Address of Record for John Smith in From: header From: John Smith <sip:jsmith@zultys.com Contact: header tells Registrar where to send messages Contact: John Smith <sip:jsmith@192.168.1.100>
SIP Proxies
query SIP Registrars for routing information Incoming calls addressed to sip:jsmith@zultys.com
now routed by the Proxy to the Contact: header URL sip:jsmith@192.168.1.100
19
Proxy Server
SIP Proxy servers route SIP messages
forwarded
Stateful Proxies use TCP or other stateful protocols to set up a permanent connection
High Proxy overhead Endpoint connection must be set up, maintained and torn
20
21
Forwards every request downstream and response upstream Keeps no state (does not have any notion of a transaction) Never performs message retransmissions Stateless proxies scale very well
can be very fast
Stateful Proxy
Transaction Stateful
Dialogue Stateful
23
RFC 3361
Get local domain name automatically from DHCP server Perform SRV record query through DNS on that domain for _sip._udp.<domain name> Send SIP REGISTER message to resolved server
24
SIP in detail
Now, we are going to study SIP in detail including SIP Request, SIP Response and SIP Header
26
Register contact with Registrar Creates, negotiates and tears down a call (dialogue) Creates an Instant Messaging session
INVITE/ACK/BYE/CANCEL/UPDATE
MESSAGE
SUBSCRIBE
NOTIFY
27
28
Place calls on or remove calls from hold Change session parameters and codecs
The SIP UPDATE method is the proposed replacement for this technique
29
30
31
INVITE sent but no final response (non-1xx) yet received. User Agents and Proxies stop processing INVITE Can be sent by a proxy or User Agent Useful for forking proxy
Parallel search using multiple registration Contacts. First successful wins, rest are cancelled.
32
33
To: sip:john@company.com;tag=123456
35
36
37
183 Session Progress Does not apply to 100 Trying responses Only provisional responses 101-199 may be sent reliably and acknowledged with PRACK
38
39
carry the content in the form of MIME body parts use the standard MIME headers to identify the content
40
SIP Responses
SIP Requests generate Responses with codes borrowed from HTTP Classes:
42
43
the method or Request type: INVITE (session setup request). the Request-URI which indicates who the request is for sip:wh@200.201.202.203
Note: Request-URI can be either an AOR or Contact (FQDN)
This Request-URI is a FQDN, but the initial Request-URI was an AOR (same as To URI)
SIP Headers
SIP Requests and Responses contain Headers (similar to Email headers)
Required Headers
To
From Via Call-ID CSeq Max-Forwards
Optional Headers:
Subject, Date, Authentication (and many others)
46
The bottom Via header is inserted by the User Agent which initiated the request Additional Via headers are inserted by each proxy in the path
The Via headers are used to route responses back the same way Required branch parameter contains a cookie (z9hG4bK) then a transaction-ID.
47
Max-Forwards is a count decremented by each proxy that forwards the request. When count goes to zero, request is discarded and 483 Too Many Hops response is sent. Used for stateless loop detection.
48
To and From URIs usually contain AOR URIs. All requests and responses in this call will use this same Dialog information. Call-ID is unique identifier usually composed of
Initialized at start of call (1 in this example) Incremented for each subsequent request Used to distinguish a retransmission from a new request
50
Contact header contains a SIP FQDN URI for direct communication between User Agents
Content-Type indicates the type of message body attachment (others could be text/plain, application/cpl+xml, etc.) Content-Length indicates the octet (byte) count of the message body. Message body is separated from SIP header fields by a blank line (CRLF).
52
Version number (ignored by SIP) Origin (only version used by SIP - 28904529) Subject (ignored by SIP) Connection Data (IP Address for media - 100.101.102.103) Time (ignored by SIP) Media (type - audio, port - 49170, RTP/AVP Profile - 0) Attribute (profile - 0, codec - PCMU, sampling rate 8000 Hz)
53
Via, To, From, Call-ID, & CSeq are all copied from request.
SIP Basic Call Flow Examples I-D by A. Johnston et al. SIP Service Examples I-D by A. Johnston et al.
56
2. 100 Trying
1. A dials SIP AOR URI sip:B@mci.com. User Agent A sends INVITE to outbound Proxy Server. 2. Outbound Proxy sends 100 Trying response.
User Agent A
57
4. Response: 1.2.3.4
3. Outbound Proxy does DNS query to find proxy server for mci.com domain 4. DNS responds with IP address of mci.com Proxy Server
2. 100 Trying
User Agent A
58
2. 100 Trying
5. Outbound Proxy sends INVITE to Inbound Proxy Server. 6. Inbound Proxy sends 100 Trying response.
User Agent A
59
4. Response: 1.2.3.4
7. LS Query: B?
7. Inbound Proxy consults Location Server. 8. Location Server responds with Not Signed In.
User Agent A
60
User Agent A
61
9. 480 Temporarily Unavailable 10. ACK 11. 480 Temporarily Unavailable 12. ACK
11. Outbound Proxy forwards 480 response to A. 12. A sends ACK response.
User Agent A
62
3. SUBSCRIBE
2. SUBSCRIBE
1. SUBSCRIBE
2. Outbound Proxy forwards to Inbound Proxy 3. Inbound Proxy forwards to Bs Presence Server
User Agent A
63
3. SUBSCRIBE
4. 200 OK
2. SUBSCRIBE 5. 200 OK
1. SUBSCRIBE
6. 200 OK
4. Presence Server authorizes subscription by sending a 200 OK. 5. & 6. 200 OK proxied back to A.
User Agent A
64
12. 200 OK
10. 200 OK
User Agent A
7. Presence Server sends NOTIFY containing current presence status of B (Not Signed In). 8. and 9. NOTIFY is proxied back to A. 10. A acknowledges receipt of notification with 200 OK. 11. & 12. 200 OK is proxied back to Bs Presence Server.
65
1.
1. B signs on to his SIP Phone which sends a REGISTER message containing the FQDN URI of Bs User Agent. 2. Database update is sent to the Location Server
User Agent A
User Agent B
66
3. OK
3. Location Server database update is confirmed. 4. Registration is confirmed with a 200 OK response.
User Agent A
User Agent B
67
16. 200 OK
User Agent A
13. Presence Server learns of Bs new status from 18. 200 OK the Location Server and sends a NOTIFY Inbound containing new status Proxy Server of B (Signed In). 14. & 15. NOTIFY is proxied back to A. 16. A acknowledges receipt of notification with 200 OK. 17. & 18. 200 OK is proxied back to User Agent B Presence Server.
68
3. LS Query: B?
4. Response: sip:B@2.3.4.5
1. A sends an Instant Message to B saying Can you talk now? in a MESSAGE request.
2., 3. & 4. MESSAGE request is proxied, Location Server queried. 5. Inbound Proxy forwards MESSAGE to B. 6. User Agent B responds with 200 OK. 7. & 8. 200 OK is proxied back to A.
2. MESSAGE <Can you talk now?> 7. 200 OK 5. MESSAGE <Can you talk now?>
8. 200 OK
6. 200 OK
User Agent A
User Agent B
69
5. LS Query: A?
3.
1. B sends an Instant Message to A saying Sure. in a Response: 5.6.7.8 MESSAGE sent to As AOR URI.
DNS Server Outbound Proxy Server
10. 200 OK
User Agent A
User Agent B
2. & 3. DNS Server is queried. 4. Outbound Proxy forwards MESSAGE to Inbound Server. 5. & 6. Location Server is queried. 7. Inbound Proxy forwards to A. 8. User Agent A responds with 200 OK. 9. & 10. 200 OK is proxied back to B.
70
5. LS Query: B
6. Response: sip:B@2.3.4.5
2. 100 Trying
User Agent A
User Agent B
71
9. 180 Ringing
8. User Agent B alerts B and sends 180 Ringing response. 9. & 10. 180 Ringing is proxied back to A.
User Agent A
User Agent B
72
9. 180 Ringing 12. 200 OK Contact: B SDP B 13. 200 OK Contact: B 8. 180 Ringing SDP B
11. B accepts call and User Agent B sends 200 OK response. 12. & 13. 200 OK is proxied back to A.
User Agent A
User Agent B
73
9. 180 Ringing 12. 200 OK Contact: B SDP B 13. 200 OK Contact: B 8. 180 Ringing SDP B 14. ACK Media (RTP)
14. ACK is sent by A to confirm setup call bypassing proxies. Media session begins between A and B!
User Agent A
User Agent B
74
15. B places A on hold by sending a reINVITE. 16. A accepts with a 200 OK. 17. B sends ACK to A. No media between A and B.
15. INVITE SDP a=sendonly 16. 200 OK SDP A User Agent A 17. ACK
User Agent B
75
18. B transfers A to C using REFER. 19. Transfer is accepted by A with 202 Accepted response.
18 REFER Refer-To: sip:C@mci.com 19. 202 Accepted 20. NOTIFY <100 Trying> User Agent A 21. 200 OK
User Agent B
20. Notification of trying transfer is sent to B in NOTIFY. 21. B sends 200 OK response to NOTIFY
76
6. Response: sip:C@6.7.8.9
2. 100 Trying
6. Location Server responds with the FQDN SIP URI of Cs SIP Phone. 7. Inbound Proxy Server User Agent C forwards INVITE to Cs SIP Phone.
User Agent A
User Agent B
77
8. User Agent C alerts C and sends 180 Ringing response. 9. & 10. 180 Ringing is proxied back to A. Inbound Proxy Server 11. C accepts call and 11. 200 OK sends 200 OK Contact: C SDP C response. 12. & 13. 200 OK is proxied back to A. User Agent C 14. ACK is sent by A to confirm setup call. Media session between A and C begins.
78
Location Server
20. Notification of successful transfer is sent to B in NOTIFY. 21. B sends 200 OK response to NOTIFY 22. B hangs up by sending a BYE. 23. 200 OK response to BYE is sent.
21. 200 OK
22. BYE User Agent A 23. 200 OK
User Agent B
79
SIP Security
Authorization
SIP uses standard HTTP Digest Authentication with minor revisions
Password is never sent in the clear, just the MD-5 hash generated with the password and nonce Defeats Man-in-the-middle attacks since source address cant be spoofed or second REGISTER will never arrive
Service Provider supplies Username and password SIP leverages Digest Authentication features to do this
81
82
S/MIME
Provides end-to-end security of message body and/or headers. Certificate identified by end user address Public key can be transported in SIP Entire message can be protected by tunneling the message in an S/MIME body
Header Fields
Header Fields Body Signature
83
Attacks
IPhreakers
IP knowledge Known weaknesses Evolution 2600Hz -> voicemail/intl GWs -> IP telephony Internal or external threat ? Targets: home user, enterprise, government, etc ?
Protocol implementations
PROTOS
84
Availability (BC/DR)
Requires: power Alternatives (Business Continuity/Disaster Recovery) ? E911 (laws and technical aspect) GSM PSTN-to-GSM
85
Attacks : fraud
Call-ID spoofing
User rights takeover
Effects
Attacks: interception
Interception
Who talks with who (Network sniffing, Servers (SIP, CDR, etc) Physical access to the LAN ARP attacks Unauthenticated devices (phones and servers) Different layers (MAC address, user, physical port, etc) Where is the user located ? Networks crossed ?
LAN
Where to intercept ?
Lawful Intercept
Attacks : systems
Systems
Attacks : phone
(S)IP phone
Startup
DHCP, TFTP, etc.
Physical access
Hidden configuration tabs
Defense
Signaling: SIP
Transport: Secure RTP (with MiKEY) Network: QoS [LLQ] (and rate-limit) Firewall: application level filtering Phone: signed firmware Identification: TLS
89
SIP Programming
JAIN SIP
Low level and very complex API CNRSIP API is one of available reference implementations.
SIP Servlets
proposed within JAIN
91
HTTP Servlets
HTTP Java Servlets Widely Used in Web Application Development Applications Consist of Sets of HTTP Servlets, Each of Which Processes a Single Web Request in the Application HTTP Servlets Return Web Pages to Display HTTP Servlets Can Create Session Data
HTTP Servlets
War File
Developer Deployer
Container Manages HTTP Servlet Lifecycles, Fault Tolerance, Session State HTTP Servlets Collected into a War File Web Archive
92
Server matches incoming messages against local rules in order to decide which servlet to pass message to
The API gives full control to servlets to handle SIP messages, e.g.
has full access to headers and body proxy or redirect requests respond to or reject requests forward responses upstream initiate requests
Servers may choose to provide constrained environment to selected servlets (e.g. using sandbox security model)
93
in same Java Virtual Machine different process, same host different hosts: 1:1, 1:n, n:1, n:m
94
UAS
95
servlet
Servlets can reject (screen) calls Can accept and set up media streams
96
Full access to SIP signaling No need to fork new process for each request The same servlet can handle many requests simultaneously
Performance:
high level abstractions. Tight integration with server: logging, security, location database maintain state, e.g. database connections manage timers
An Example: RejectServlet
import org.ietf.sip.*; public class RejectServlet extends SipServletAdapter { protected int statusCode, reasonPhrase; public void init(ServletConfig config) { super.init(config); try { statusCode = Integer.parseInt(getInitParameter("status-code")); reasonPhrase = getInitParameter("reason-phrase"); } catch (Exception _) { statusCode = SC_INTERNAL_SERVER_ERROR; } } public boolean doInvite(SipRequest req) { SipResponse res = req.createResponse(); res.setStatus(statusCode, reasonPhrase); res.send(); return true; } }
98
Can be used in
Clients
Servers
Gateways
Focuses purely on the protocol Complete access to SIP capabilities Supports transactions only
JAIN SIP
Servlet
Direct access to many headers is not provided Write access to most everything is often restricted
Lifecycle management Domain objects Context and configuration Deployment descriptors Archive files Synchronization primitives Security
Servlets should be defined to allow a SIP container to be built using JAIN SIP
SIP Objects in Servlet API defined with interfaces that match JAIN SIP signatures Cannot directly expose JAIN SIP objects, though
100
SIP CGI
Almost identical to HTTP CGI Language independent ( Perl, Tcl, C, C++, ... ) Any binary may be executed as a separate program
101
102
CPL Example
A simple script that blocks anonymous callers
<?xml version="1.0" ?> <!DOCTYPE cpl PUBLIC "-//IETF//DTD RFCxxxx CPL 1.0//EN" "cpl.dtd"> <cpl> <incoming> <address-switch field="origin" subfield="user"> <address is="anonymous"> <reject status="reject" reason="I don't accept anonymous calls" /> </address> </address-switch> </incoming> </cpl>
103
Secure framework for discovery of and access to services by third party applications
Registration of non-Parlay service APIs
105
Messages
Job
Private
Mobile
E-mail SMS
VoIP V-mail
MPEG
IM
106
Application Parlay
INAP
ISUP
MAP
SIP
107
IP network
108
Key Questions
Which of these two models is correct, or are there opportunities for both approaches to co-exist?
How well can a generic network API sit on top of SIP? For example, would it severely limit a developer, and what advantages would it offer? Which aspects of network functionality will actually be useful in practice to developers?
109
BT C++ Apps
BT VB Apps
DCOM
PSTN Platform
Parlay Gateway
SIP Proxy
VOIP gateway
SIP clients
110
Parlay
Game events XML over JXTA
MRFC
MRFP
SIP
RTP
Player 1
Player 2
Player 3
111
How can interoperability testing be encouraged? How can Parlay get feedback from developers? Sizeable specifications with complex interfaces and data types give long learning curve for developers? Although specifications are maturing, still few Parlay products commercially available. Why?
How does Parlay keep pace with new protocols?
112
113
In order to make peer-to-peer services work between different operators' networks, IPv6 is needed - peer-to-peer services work well only with public IP addresses.
Small scale IMS deployment / piloting can be started with IPv4. IPv6 is vital for wider scale, global IMS deployment.
114
SIP Thomas
Chat
Push to Stream Quit
115
SIP
Thomas
IP Connection
Peter
Invite player
Chat
Push to Stream Quit
116
SIP
Thomas
IP Connection
Peter
Invite player
Thomas: 00:00:00 > Peter: hey, look what just passed by!
Chat
Push to Stream Quit
117
SIP
Thomas
IP Connection
Peter
118
Standardized technology enablers for new mobile services are here today
IPv6
MMS Color displays
SIP
XHTML and TCP/IP Multimode
119
120
Multi-access IMS
S-CSCF P-CSCF
IMS
(IPv6)
P-CSCF
3GPP access nw
WLAN access nw
Common IP version (=IPv6) makes the multiaccess case much easier
3GPP2 access nw
SIP
SIP Signaling for building up the session User IP data
121
References
Anders Kristensen, Hewlett-Packard Laboratories, Bristol, U.K Nicolas FISCHBACH, Senior Manager, IP Engineering/Security - COLT Telecom Jonathan Rosenberg, Dynamicsoft Ed Luff, Newport Networks Patrick Ferriter, ZULTYS
122