Dr Dorgham Sisalem worked with FhG Fokus between 1995 and 2004 and was involved in the development of the first SIP-based video conferencing application in 1997 and the most widely used open-source SIP proxy known as the SIP Express Router. In 2004, Dr. Sisalem co-founded iptelorg which provided the VoIP infrastructure for various large ISPs such as T-Online, Earthlink and Tiscali. Since the acquisition of iptelorg by Tekelec in 2005 Dr. Sisalem is responsible for the aspects of security in IMS at Tekelec. Besides the experience gained through deploying VoIP in large environments, Dr. Sisalem was one of the first to publish a paper on SIP security issues and is the organizer of the VoIP security workshop. Jiri Kuthan was the driving force behind the development of the widely used SIP Express Router, which is an open source implementation of a SIP proxy that is currently used by a large number of VoIP service providers. In 2004 Mr. Kuthan co-founded iptelorg and acted as its CEO. Besides his detailed experience in developing and deploying VoIP solutions, Mr. Kuthan has contributed to various security related IETF drafts and RFCs and acted as the working group chair of the BEHAVE group which was concentrating on the deploying of VoIP in NAT and firewall protected environments. Ulrich Abend works as the VoIP technical product manager at iptelorg. In his job he was mainly responsible for the deployment of VoIP solutions in large ISP environments and ensuring the security of these deployments. In 2006 he co-founded iptego, which is a start-up, dedicated to providing security solutions to VoIP service providers. As the CTO of iptego he is responsible for designing and architecting security solutions required by VoIP service providers.

Foreword.

About the Authors.

Acknowledgment.

1 Introduction.

2 Introduction to Cryptographic Mechanisms.

2.1 Cryptographic Algorithms.

2.2 Secure Channel Establishment.

2.3 Authentication in 3GPP Networks.

2.4 Security Mechanisms Threats and Vulnerabilities.

3 Introduction to SIP.

3.1 What is SIP, Why Should we Bother About it and What are Competing Technologies?

3.2 SIP: the Common Scenarios.

3.3 Introduction to SIP Operation: the SIP Trapezoid.

3.4 SIP Components.

3.5 Addressing in SIP.

3.6 SIP Message Elements.

3.7 SIP Dialogs and Transactions.

3.8 SIP Request Routing.

3.9 Authentication, Authorization, Accounting.

3.10 SIP and Middleboxes.

3.11 Other Parts of the SIP Eco-system.

3.12 SIP Protocol Design and Lessons Learned.

4 Introduction to IMS.

4.1 SIP in IMS.

4.2 General Architecture.

4.3 Session Control and Establishment in IMS.

5 Secure Access and Interworking in IMS.

5.1 Access Security in IMS.

5.2 Network Security in IMS.

6 User Identity in SIP.

6.1 Identity Theft.

6.2 Identity Authentication using S/MIME.

6.3 Identity Authentication in Trusted Environments.

6.4 Strong Authenticated Identity.

6.5 Identity Theft Despite Strong Identity.

6.6 User Privacy and Anonymity.

6.7 Subscription Theft.

6.8 Fraud and SIP.

7 Media Security.

7.1 The Real-time Transport Protocol.

7.2 Secure RTP.

7.3 Key Exchange.

8 Denial-of-service Attacks on VoIP and IMS Services.

8.1 Introduction.

8.2 General Classification of Denial-of-service Attacks.

8.3 Bandwidth Consumption and Denial-of-service Attacks on SIP Services.

8.4 Bandwidth Depletion Attacks.

8.5 Memory Depletion Attacks.

8.6 CPU Depletion Attacks.

8.7 Misuse Attacks.

8.8 Distributed Denial-of-service Attacks.

8.9 Unintentional Attacks.

8.10 Address Resolution-related Attacks.

8.11 Attacking the VoIP Subscriber Database.

8.12 Denial-of-service Attacks in IMS Networks.

8.13 DoS Detection and Protection Mechanisms.

8.14 Detection of DoS Attacks.

8.15 Reacting to DoS Attacks.

8.16 Preventing DoS Attacks.

8.17 DDoS Signature Specification.

9 SPAM over IP Telephony.

9.1 Introduction.

9.2 Spam Over SIP: Types and Applicability.

9.3 Why is SIP Good for Spam?

9.4 Legal Side of Unsolicited Communication.

9.5 Fighting Unsolicited Communication.

9.6 General Antispam Framework.

Bibliography.

Index.