Session Initiation Protocol

Participant addresses are written in URI format, which is also used in e-mails and WWW addresses. Such a participant address usually follows one of the following three schemes:

• Unencrypted SIP connection: sip:user@domain.
• Encrypted SIP connection: sips:user@domain.
• Telephone number:, tel:nummerfor example tel:+49-69-1234567. This scheme is mainly used by devices that provide an interface to the "normal" telephone network and can be converted into a SIP URI if necessary, for example sip:+49-69-1234567@domain.

Encryption and security

By separating the session and media, both data streams can also be encrypted independently of one another. You can encrypt SIP using the TLS protocol, also known as SIPS, and the media stream (voice data) also using the SRTP protocol. Any combination of these is possible, but does not make sense in terms of secure encryption.

Both data streams (i.e. session and media) must be encrypted at the same time for secure encryption. The symmetrical keys of the media stream are exchanged via SDP (i.e. SIP) and could therefore be attacked via an unencrypted SIP. The symmetric keys of TLS are exchanged at the beginning of the session, but the mechanisms of the SSL certificates take effect here , in which the symmetric keys are in turn encrypted by the asymmetric keys of the SSL certificates.

Since transmission via a connectionless network protocol makes more sense with SIP, a UDP-based counterpart to TLS, which is based on TCP, was designed with DTLS . However, it is currently only implemented by a SIP stack (ReSIProcate).

Network elements

SIP UA registration on SIP registrar with authentication through login

Call flow through redirect server and proxy

Establish a connection with the B2BUA

• User agent

The user agent is an interface to the user that displays content and receives commands. A SIP telephone is also a SIP user agent that offers the traditional calling functions of a telephone, such as dial, answer, reject and hold.

• Proxy server

A proxy server is a communication interface in a network. It works as an intermediary ( routing ) who on the one hand receives inquiries in order to then establish a connection to another party via its own address. It is his job to ensure that requests are targeted to the user. Proxies are also necessary to enforce the hierarchy.

• Registrar server

The registrar server serves as the central switching point in the system architecture of SIP. It takes over the registration of requests for the domain it is processing. It processes one or more IP addresses for a specific SIP URI, which are transmitted through the SIP protocol.

• Redirect server

The redirect server relieves the proxy server. It transfers the routing information directly to the user agent client. It creates redirects to be able to contact incoming requests in an alternative set of URIs. The redirect server enables SIP session invitations to be sent to external domains.

• Session border controller

A session border controller is a network component for the secure coupling of computer networks with different security requirements. It serves as the middle node between the user agent and the SIP server for various types of functions, including support for Network Address Translation (NAT)

• Gateway

A gateway can interface a SIP network with other networks, such as the public telephone network, which uses different protocols or technologies.

• B2BUA

B2BUA - (in English back-to-back user agent, literally: the user agent "back to back") is a middleware in both the SIP and the RTP data stream. In relation to SIP clients, a B2BUA behaves like a user agent server on one side of the connection and like a user agent client on the other. It makes sense to be able to manipulate the data streams.

The B2BUA is specified in RFC 3261 .

Examples of application:

• Call management (including billing, call forwarding, automatic shutdown)
• Pairing different networks (especially adapting the different dialects of the protocols, depending on the manufacturer)
• Hide the network structure (including private addresses, network topology)

Basically, a B2BUA can be expanded into a proxy with an integrated media gateway.

SIP messages

The clients and servers involved in a SIP session send each other requests (English "requests") and answer them using response codes (English "responses").

SIP requests

RFC 3261 defines six requests: REGISTER, INVITE, ACK, CANCEL, BYE and OPTIONS.

SIP status codes

1xx - Provisional

Preliminary status information that the server is carrying out further actions and therefore cannot yet send a final response.

2xx - Successful

The request was successful.

3xx - redirection

These messages inform about a new contact address of the called party or about other services that enable the connection to be successfully established.

4xx - Request Failures

The previous message could not be processed.

5xx - Server Failures

A server involved in the transmission could not process a message.

6xx - Global Failures

The server was contacted successfully, but the transaction does not take place.

distribution

SIP is already being supported in many devices from various manufacturers and seems to be developing into the standard protocol for Voice over IP ( VoIP ). SIP was also selected by the 3rd Generation Partnership Project (3GPP) as the protocol for multimedia support in 3G mobile communications ( UMTS ). The specification of the Next Generation Network (NGN) at the European Telecommunications Standards Institute (ETSI) of the Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) project group is also based on SIP.

Advantages and disadvantages

One of the advantages of SIP is that it is an open standard that is now very widely used. Since SIP servers are distributed , an attack only affects the respective provider and not the entire telephony switched via SIP. Another advantage of SIP is the ability to modify an already established session. To do this, another INVITE message with the new SDP session properties is simply sent to the other side within the session. A new medium can thus be added or an existing medium can be modified or removed. The corresponding message is also referred to as a Re-INVITE request.

A disadvantage of SIP is that it uses RTP to transmit voice data . The UDP ports used for this are assigned dynamically, which makes the use of SIP in connection with firewalls or Network Address Translation (NAT, RFC 2663 ) difficult, since most firewalls or NAT routers cannot assign the dynamically assigned ports to the signaling connection . A remedy for this problem is the use of STUN (Session Traversal Utilities for NAT), which recognizes and penetrates NAT routers, but also other protocols such as IAX (InterAsterisk eXchange). The use of the STUN protocol determines the IP address and the port with which the NAT firewall or NAT router goes to the outside (i.e. into the public Internet). A much simpler method of circumventing this problem is for the proxy server or the called subscriber to access the IP address and the port used in the IP header directly, whereby the NAT mechanism works again even without a STUN server. IAX combines signaling and media data on a UDP connection. Like H.323, IAX is a binary protocol, so troubleshooting is more difficult than SIP. In addition, IAX is only in the standardization phase.

A more recent IETF method for solving the NAT traversal problem is the Interactive Connectivity Establishment (ICE), which is already supported by some SIP clients and can usually be installed via firmware upgrade.

Another solution to the NAT traversal problem are so-called Application Layer Gateways (ALG). These are interconnected SIP proxies that - installed on a NAT router or firewall - ensure smooth transfer of SIP signaling and media flows to care. An ALG can automatically open the necessary ports on a firewall for SIP calls and mark RTP media streams with DiffServ bits. This allows the media packets to be transported with higher priority over IP networks if a network supports this. In principle, the Internet does not offer any prioritization, see network neutrality

When using IPv6 as the transport protocol, NAT is generally not required, which means that there is no need to circumvent the problems typical of NAT. Only the problem of the firewall remains the same.

Examples

See also

• IP telephony
• SIP phone
• Telephone Number Mapping (ENUM)
• IP multimedia subsystem

Specifications

• RFC 2543 - SIP (obsolete version)
• RFC 3261 - SIP
• RFC 3265 - SIP extension: Specific Event Notification
• RFC 3515 - SIP Update: SIP Refer Method
• RFC 3665 - SIP Basic Call Flow Examples
• RFC 3581 - SIP Update: Symmetric Response Routing
• RFC 3853 - SIP Update: Use of AES instead of 3DES
• RFC 4320 - SIP Update: Issues with the SIP Non-INVITE Transaction
• RFC 4916 - Connected Identity in the Session Initiation Protocol

literature

• Ulrich Trick, Frank Weber: SIP and telecommunications networks. Next Generation Networks and Multimedia over IP - specifically , De Gruyter Oldenbourg, 2015, ISBN 978-3-486-77853-3

Web links

• SIP Core Working Group
• SIP / IMS Technical Portal

Individual evidence

1. ↑ Using Session Initiation Protocol to build Context-Aware VoIP Support for Multiplayer Networked Games (PDF; 283 kB) by Aameek Singh and Arup Acharya
2. ↑ SIP Session Initiation Protocol structure - dimaweb.at, accessed on November 14, 2013