Date post: | 09-May-2015 |
Category: |
Documents |
Upload: | volkanakdugan |
View: | 644 times |
Download: | 0 times |
SIP - Basics
Seminar on Instant Messaging and PresenceArchitectures in the Internet
Niko Lindqvist ([email protected])28.9.2005
Wed 16:15 C222
Agenda
• SIP Introduction & Examples• SIP Definitions• SIP Building Blocks• SIP Messages• SDP Protocol & Example• DNS and SIP• SUBSCRIBE/NOTIFY Extension• MESSAGE Extension• SIP Security
SIP Introduction
• Session Initiation Protocol (RFC 3261)– Initiates (negotiates), modifies and
terminates session– Compare to telephony signaling protocols
• Does not reserve any resources or any kind ofcircuits
– Is not used to carry user data– SIP URI: sip:[email protected]
• Text based
Mari Ville
1: INVITE [email protected]
2: 100/Trying
3: 180/Ringing
4: 200/OK
5: ACK
Media
1: BYE
2: 200/OK
Simple SIP Example
Mari Ville(pc6.karpaasi.fi)
1: INVITE [email protected]
3: 100/Trying
8: ACK
9: BYE
10: 200/OK
acme.fi
SIPProxyServer
&SIP
RegistrarServer
2: INVITE [email protected]
4: 180/Ringing
5: 180/Ringing
6: 200/OK
7: 200/OK
karpaasi.fi karpaasi.fi
Media
SIP session with Proxy server
LocationService
Mari
Ville(ws14.epo.fi)
1: INVITE [email protected]
8: INVITE [email protected]
9: 200/OK
acme.fi
SIPRedirectServer
karpaasi.fi
4: 302/Moved temporarily contact: [email protected]
5: ACK
epo.fi
SIP Redirect Server
SIP Definitions• Address-of-Record: An address-of-record (AoR)
is a SIP URI that points to “public” SIP address ofthe user.
• Call: A call is an informal term that refers to somecommunication between peers
• Dialog: A dialog is a peer-to-peer SIP relationshipbetween two UAs.
• Location Service: A location service is used by aSIP redirect or proxy server to obtain informationabout users possible SIP URIs.
• Message: Data sent between SIP entities. Requestor Response message.
SIP Building BlocksUA - User Agent– A user agent is an SIP session endpoint entity. In
practice a UA is for example a VoIP softphoneapplication installed to users workstation.
Proxy Server– A Proxy reads the SIP message and if necessary,
rewrites it before forwarding it.Redirect server– A Redirect server maps the SIP address to zero or
more new addresses and returns them to the client.Registrar server– A Registrar updates the location database.
SIP Messages
• Two kinds of messages– Request– Response
• Message contents– Start Line (one line)– Headers (one or more lines)– Body
SIP Request Message
• Request– Message Start Line describes the SIP
Method (ie. INVITE), SIP URI and SIPversion:
– INVITE sip:[email protected]/2.0
SIP Response Message
• Response (SIP/2.0 200 OK)– Is divided to six different categories:
• 1xx: Provisional class: For example: 180 Ringing• 2xx: Success class: For example: 200 OK• 3xx: Redirection class: For example: 302 Moved temporarily contact:
<SIP URI>• 4xx: Client Error class• 5xx: Server Error class• 6xx: Global Failure class
Request Message Example1. INVITE sip:[email protected] SIP/2.0
2. Via: SIP/2.0/UDP pc1.acme.fi:5060
3. Max-Forwards: 70
4. To: Ville <sip:[email protected]>
5. From: Mari <sip:[email protected]>;tag=19283017
6. Call-ID: [email protected]
7. CSeq: 314159 INVITE
8. Contact: <sip:[email protected]>9. Content-Type: application/sdp
10. Content-Length: 142
(Message body, SDP data, not shown)
Mari Ville
1: INVITE [email protected]
2: 100/Trying
3: 180/Ringing
4: 200/OK
5: ACK
Media
1: BYE
2: 200/OK
Response Message Example(with Proxy)
1. SIP/2.0 200 OK
2. Via: SIP/2.0/UDP sip.karpaasi.fi;received=192.168.4.1
3. Via: SIP/2.0/UDP pc1.acme.fi;received=172.16.1.1
4. To: Ville <sip:[email protected]>;tag=a6c85cf
5. From: Mari sip:[email protected]>;tag=19283017
6. Call-ID: [email protected]
7. CSeq: 314159 INVITE
8. Contact: <sip:[email protected]>9. Content-Type: application/sdp
10. Content-Length: 131
11. (Message body, SDP
data, not shown)Mari Ville
(pc6.karpaasi.fi)
1: INVITE [email protected]
3: 100/Trying
8: ACK
9: BYE10: 200/OK
acme.fiProxy
&Registrar
2: INVITE [email protected]
4: 180/Ringing5: 180/Ringing
6: 200/OK7: 200/OK
karpaasi.fi karpaasi.fi
Media
SDP Protocol
• RFC 2327• Describes media streams within
multimedia sessions• Unicast and multicast supported
SDP Example (Request)
1. v=0
2. o=Mari 58474833 5849388548 IN IP4 192.168.4.5
3. s=Call from Mari.
4. c=IN IP4 pc1.acme.fi
5. m=audio 3456 RTP/AVP 0 31 35
DNS & SIP
• DNS SRV record is used to find out a the SIPProxy server serving the certain domain.Compare to DNS MX records use in SMTP.
• DNS SRV record format:Service._Proto.Name TTL Class SRV Priority Weight Port Target
• For Example (sip:[email protected]):_sip._udp.karpaasi.fi 43200 IN SRV 10 10 5060 sip.karpaasi.fi
SUBSCRIBE/NOTIFYExtension
• RFC 3265• Both are SIP Methods --> Used in SIP
Request messages• SUBSCRIBE: Requests current state
and state updates from a remote UA• NOTIFY: Notifies the current state
information of the UA
SUBSCRIBE/NOTIFYMessage Flow
Subscriber Notifier
|-----SUBSCRIBE---->| Request state
|<-------200--------| ACK subscription
|<------NOTIFY------| Return current state
|--------200------->| ACK NOTIFY
|<------NOTIFY------| Return current state
|--------200------->| ACK NOTIFY
MESSAGE Extension
• RFC 3428• SIP “Instant Messaging”• MESSAGE is a SIP method, used in
Request messages• User Data (messages) carried in SIP
Request messages, not it responsemessages.
MESSAGE Example1. MESSAGE sip:[email protected] SIP/2.0
2. Via: SIP/2.0/TCP pc1.acme.fi
3. Max-Forwards: 70
4. From: sip:[email protected];tag=49583
5. To: sip:[email protected]
6. Call-ID: [email protected]
7. CSeq: 1 MESSAGE
8. Content-Type: text/plain9. Content-Length: 21
10. Ville, lunch at 11am.
SIP Security
• SIP Message and User Data - Bothneed to be secure
• Speech hard to modify, easy to listenand record. (packet snooping)
• Instant messages trivial to modify• Identity theft• Bogus Proxys or other entities (Man-In-
The-Middle)
Auhenticated IdentityManagement
• “Enhancements for Authenticated IdentityManagement in the Session Initiation Protocol(SIP)” Internet Draft
• Solution to SIP Message alteration problems• Does not solve possibility to listen the
conversation (IPSec VPN?)• PKI is needed only on the central servers. Not
on every device.
AIM - Basics• UA’s register to Proxy over TLS link. UA can
be certain that the proxy is legitmate• Outbound Proxy authenticates the user. -->
User identity within Proxys domain islegitmate.
• Outbound Proxy counts a hash from thewhole SIP message including body andheaders (also From header) and signs withit’s private key.
• Receivers Inbound Proxy verifies thesignature and hash --> Receiver can be surethat the actual caller is who she claims to beand that the message has not been altered.
AIM
• Two new headers:– Identity: calculated hash– Identity-Info: information how to obtain
public key of the signing server
The End