Create an Account
username: password:
 
  MemeStreams Logo

Question on SIP Security considerations for future extensions

search

possibly noteworthy
Picture of possibly noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

possibly noteworthy's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
Current Events
  War on Terrorism
Recreation
Local Information
  Food
Science
Society
  International Relations
  Politics and Law
   Intellectual Property
  Military
Sports
Technology
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Question on SIP Security considerations for future extensions
Topic: Technology 11:50 am EDT, Aug 25, 2007

I'm having quite an interesting conversation with Sandy Murphy (cc'd) who was tasked by sec-dir to review one of our drafts (draft-ietf-sip-answermode).

This draft has some rather interesting security issues, since if implemented incorrectly and then abused it could allow an attacker to "bug your phone" -- that is, turn it into a remote listening device. Similar attacks could also be used to run up the victim's connectivity bill, run down the device's battery, aggravate the "voice hammer" DOS attack, and so on.

This lead us into a discussion of the SIP security model in general. Most SIP practitioners who have been at it for awhile know that if the proxies we have decided to trust suddenly decide to get malicious, then we're very much at their mercy. They can do all sorts of things, including routing our media through interceptors, mangling SDP payloads, injecting (or blocking) instant messages, altering presence information, and so on.

But this aspect of SIP is not obvious to naive implementors, or even to less naive security types.

Maybe every SIP extension document should include a boiler-plate reminder about the sensitivity of proxies, then go on to enumerate and describe the new ways that malicious proxies (should there be such a thing) can wreak havoc using the extension being documented.

What do you folks think?

1) Could a reasonable "How you could be violated by trusted proxies that turn rogue" boilerplate be drafted?
2) Would the practice of repeating this in drafts help or hurt us?
3) Would it be useful for us to document how each extension could be used by a rogue proxy?

Question on SIP Security considerations for future extensions



 
 
Powered By Industrial Memetics
RSS2.0