Università degli Studi di Pisa

(1)

Università degli Studi di Pisa

Facoltà di Ingegneria

Corso di Laurea Specialistica in Ingegneria delle Telecomunicazioni

Tesi di Laurea

Design and development of a

Session Border Controller

for securing SIP-based services

Relatori: Candidata: Prof. Ing. Stefano Giordano Paola Viscarelli

Ing. Rosario Giuseppe Garroppo Ing. Saverio Niccolini

(2)

(3)

2.1: Attacks Taxonomy... 2.1.1: Eavesdropping ... 2.1.2: Man-In-The-Middle... 2.1.3: SIP messages tampering ... 2.1.4: Denial of Service ... 2.1.5: Distributed DoS ... 2.1.6: Session tear down a session... 2.1.7: Theft of service (or spoofing) ... 2.1.8: Registration hijacking... 2.1.9: Server impersonation ... 2.1.10: Traffic flow disruption... 2.2: Existing security solutions... 2.2.1: Firewalls ... 2.2.2: Network Address Translators ... 2.3: SIP security solutions defined in the RFC and drafts ... 2.3.1: Confidentiality and Privacy: Encryption ... 2.3.1.1: End to end encryption... 2.3.1.2: Encryption by proxy ... 2.3.1.3: Hop by hop encryption ...

(4)

Paola Viscarelli – Design and Development of a Session Border Controller for securing SIP-based services

2.3.1.4: Via field encryption ... 2.3.2: Message integrity and access control: authentication.. 2.3.2.1: HTTP Digest Authentication scheme ... 2.3.2.2: S/MIME usage within SIP...

Chapter 3: Intrusion Detection and Prevention Systems...

3.1: Intrusion Detection Systems ... 3.2: Types of IDSs ... 3.2.1: Network-based IDSs... 3.2.2: Host-based IDSs ... 3.2.3: Application-based IDSs ... 3.2.4: HIDS vs NIDS ... 3.3: Analysis of IDSs events... 3.3.1: Misuse detection ... 3.3.2: Anomaly detection... 3.4: Response options for IDS ... 3.5: IDS taxonomy... 3.6: Intrusion Prevention Systems ... 3.7: Requirements for effective prevention ... 3.8: Types of IPSs... 3.8.1: Network-based IPSs ... 3.8.2: Host-based IPSs ... 3.9: Detection VS Prevention ...

Chapter 4: Session Border Controller ...

4.1: SBC deployment scenario ... 4.2: SBC functionalities... 4.2.1: Access Control... 4.2.2: Topology hiding ... 4.2.3: Traffic Monitoring and Shaping and QoS Marking .... 4.2.4: Protocol Repair ... 4.2.5: Protocol and Profile Interworking ...

(5)

4.2.6: IPv4/IPv6 interworking ... 4.2.7: Transport protocol interworking... 4.2.8: DoS Detection and Prevention ... 4.2.9: Security and Encryption ... 4.2.10: Privacy and Identity... 4.2.11: NATs and Firewalls traversal ... 4.2.12: Lawful Interception ...

Chapter 5: Experimental part - Attacks...

5.1: Installed attack tools ... 5.2: Performed attacks ... 5.2.1: Interception of a call ... 5.2.2: Denial of Service: the attacker makes SIP client dropping a call just initiated... 5.2.3: Denial of Service: the attacker prevents SIP client from making a call... 5.2.4: Denial of Service by OPTIONS messages ... 5.2.5: Stress test for SIP registrar, by REGISTER messages 5.2.6: DoS by INVITE messages... 5.2.7: Learning the request’s path by the traceroute method (SIPSAK) ... 5.2.8: Parser torture attack ...

Chapter 6: SIP Intrusion Detection and Prevention System ...

6.1: Snort... 6.2: Snort preprocessors... 6.3. SIP preprocessor ... 6.4: SIP preprocessor functions ... 6.5: Attacks that the SIP preprocessor is able to detect ... 6.5.1: SPAM over Internet Telephony (SPIT)... 6.5.2: Dos attack against an internal client, through INVITE messages ...

(6)

6

6.5.3: Attacks by flooding with OPTIONS messages ... 6.5.4: Preventing SIP client from receiving a call ... 6.5.5: DoS with RANDOM messages ... 6.5.6: Session surveillance... 6.6: IPS with Snort_inline... 6.7: Performance Evaluation ... 6.7.1: End-to-end delay... 6.7.2: Jitter ... 6.7.3: Packet loss ...

CONCLUSION

Appendix A: SIP Preprocessor source code Appendix B: How to build up a bridge ACKNOWLEDGEMENTS

(7)

Università degli Studi di Pisa