VoIP : Part II
A number of the security problems in SIP occur because the data is sent in the clear and is easy to view and modify. The server and the agent use a challenge response system where the password is hashed with the realm and the nonce. The calculation for the response is
H1 = MD5(username:realm:password)
H2 = MD5(method:uri)
Response = MD5(H1:nonce:H2)
The username, realm and nonce are passed in the challenge and so the only unknown is the password. An attacker who has access to both the challenge and the response, can compute the hashes offline using a brute-force or dictionary attack and obtain the password of the user. Another attack that arises is that the agent can impersonate any other user by changing the From field in an INVITE request.
Denial of Service Attacks
Denial of Service (DoS) is a class of attacks where a particular agent is made unavailable to any other agent on the network. These attacks are possible because the agents do not verify the identity of the sender of messages. They rely on IP addresses which can be spoofed. Sending a CANCEL request to an agent who has received an INVITE packet cancels the phone call, even if it is sent by an attacker on the network. Sending a BYE packet to the server while impersonating an agent, can also prevent that agent from receiving any calls.
A large number of the vulnerabilities in SIP and RTP would be mitigated if SSL/TLS were used along with SIP to prevent Man in the middle style attacks.
H1 = MD5(username:realm:password)
H2 = MD5(method:uri)
Response = MD5(H1:nonce:H2)
The username, realm and nonce are passed in the challenge and so the only unknown is the password. An attacker who has access to both the challenge and the response, can compute the hashes offline using a brute-force or dictionary attack and obtain the password of the user. Another attack that arises is that the agent can impersonate any other user by changing the From field in an INVITE request.
Denial of Service Attacks
Denial of Service (DoS) is a class of attacks where a particular agent is made unavailable to any other agent on the network. These attacks are possible because the agents do not verify the identity of the sender of messages. They rely on IP addresses which can be spoofed. Sending a CANCEL request to an agent who has received an INVITE packet cancels the phone call, even if it is sent by an attacker on the network. Sending a BYE packet to the server while impersonating an agent, can also prevent that agent from receiving any calls.
A large number of the vulnerabilities in SIP and RTP would be mitigated if SSL/TLS were used along with SIP to prevent Man in the middle style attacks.
posted by Helios Dev Team at 12:21 PM
0 Comments:
Post a Comment
<< Home