ZHAW-Logo OAPA-Logo TAT-Logo
zurück  
Diplomarbeit 2003 (DA03): Arbeits-Archiv
 
DA Sna 03/2 - SIP Security
Studierende: Andreas Gisler, gislean1
  Manfred Loretz, loretman
  Andreas Stricker, stricand

Betreuer: Andreas Steffen, sna

The Session Initiation Protocol (SIP) became more and more important over the last few years. With a growing VoIP market the wish for secure communication will be there sooner or later. These interests are especially on the possibility to protect the connection establishment and the transmitted data. The different methods are described in the SIP standard.

As a part of the diploma thesis a client should be written or extended which can protect the connection establishment. The same cryptography standard as in secure e-mail communication called S/MIME had to be used. This work has to clarify if the session key can be exchanged via a protected Session Description Protocol (SDP). The audio and video data can be transported with the Secure Real-time Transport Protocol (SRTP).

One target was to analyze different software concepts and to decide which one can be implemented. There are several open source SIP stacks that can serve as a basis to implement and test the functionality of SIP. On the client side no actual open source project fulfils the requirements to enhance it.

Primarily, in this work an own client was developed using the possibilities for secure transmission in the VoIP environment. It uses an encrypted SDP that is embedded in a SIP message to exchange a session key. The SDP itself is packed into S/MIME. The transmitted key is then used to encrypt the multimedia payload over a SRTP. This means that it is possible to establish a secure connection with end-to-end encryption and authentication for multimedia data.

Currently the client is a proof of concept implementation. It is, nonetheless, extensible and portable and will not hinder further development.

In the end applications using VoIP will increase and as a consequence of this, the need to cryptographically protect the signalisation and data in SIP and RTP will become more important. Our solution provides a possibility to protect all these things and closes a gap in the VoIP market.

zurück