Sip JP

SIP
3
IP
2010 9

MicrosoftMSWindowsWindows 2000Windows NTWindows XPWindows
Internet ExplorerOutlookOutlook Express Microsoft Corporation
Sun MicrosystemsSun Java SolarisJavaJDK

Sun Microsystems
URL
SIP
http://www.ipa.go.jp/security/vuln/vuln_SIP.html
SIP 3
1.
1.0 (2007 12 )
2.0 (2009 1 )
3.0 (2010 9 )
SIP/RTP 3 ( 2022)
2022
DTLS-SRTP ( 8)
XSSSQL ( 18)
( 6812141518)
RFP
SIP 3
1.
2.
3.
4.
5.
...................................................................................................................... 5
SIP ............................................................................................................. 11
SIP ..................................................................................... 23
.................................................................................... 27
......................................................................................................... 38
SIP/SDP
1.
SIP ............................................................... 39
2.
SIP ............................................................... 48
3.
SIP ................................................................................ 53
4.
SIP ................................................. 57
5.
.................. 62
6.
DoS SIP ................................................................. 65
7.
SIP ................................................................. 69
RTP/RTCP
8.
RTP ................................................................. 73
9.
RTP ................................................................. 79
10. RTCP ............................................................................ 84
11. .......................................................................................... 92
12. .......................................... 93
13. Call-ID ................................................................. 100
14. ....................................................................... 103
15. IP .................................................... 108
16. IP SIP .............................. 111
17. ............................................................. 114
18. ..................................................................................... 117

ID
19. ID .......................................................... 123
SIP/RTP
20. SIP TLS .......................................... 129
21. SRTP ............................................... 136
22. SRTP ....................................... 141
............................................................................................................................... 145
SIP 3
1.
SIP
1.1.
SIPSession Initiation ProtocolH.323 MEGACO
IETFInternet Engineering Task Force
IMS NGN IP
IP 2010 6 2,300
FTTH 56.6% IP (
2007)IMS NGN
SIP
IP IMS/NGN
IP ALL-IP (AIPN: All IP Network)
SIP IP
SANS 20 VoIP
VoIP VoIP
SIP
2006
2007
IP
2008 IP (PSTN)
IP-PBX
SIP/RTP
Web SQL XSS/XSRF
2010 7
5060/UDP
(5060/UDP SIP )
1.2.
SIP
IP
SIP
5
SIP 3
SIP
SIP
1.3.
1.3.1.
SIP 19
SIP
SIP SIP
IP
1.3.2. SIP
SIP 2 2.1. SIP
1.4.
-1
CVSS ()
URL
CVSS v2
(Base Metrics)
SIP 3
1.5.
-1
01
02
03
04
05
06
07
08
09
10
SIP
SIP
SIP
SIP
DoSSIP
SIP
RTP
RTP
RTCP
11
CODEC
12
13
14
15
16
17
Call-ID
IP
18
19
ID
20
21
22
SIPTLS
SRTP
SRTP
SIP/SDP
RTP/RTCP
ID
SIP/RTP
-1-1
1 7 SIP
SIP SIP
1 2 SIP
SIP SIP
4 SIP
5
TLS
SIP SIP 14
SIP REGISTER, INVITE SIP
SIP 7
SIP
8 10 RTPReal-time
Transport Protocol RTCPRTP Control Protocol
7
SIP 3
8 RTP
9
10
RTCP
11 RTP
12
13 16 SIP RTP
13 SIP Call-ID
14 SIP 15 SIP
SIP SIP 16 SIP
RTP
16 SIP RTP SIP
HTTP
HTTP SIP
RTP
SIP/RTP
17 IP
IP
18 IP IP
19 ID
ID
SIP 3
20 SIP TLS
TLS TLS
21 SRTP SRTP
SIP (SDES)SRTP
RTP
SRTP
DTLS-SRTP Framework
22 SRTP
1.6. CVSS []
CVSS
Common Vulnerability Scoring System)
NIAC: National Infrastructure Advisory Council

2004 10 CVSS
FIRST (Forum of Incident Response and Security Teams) FIRST
CVSS-SIG (Special Interest Group)
FIRST 2005 6 CVSS v1 2007 6 CVSS v2
CVSS 3
1) (Base Metrics)
3
Confidentiality Impact(Integrity Impact(Availability
Impact()
CVSS (Base Score)
2) (Temporal Metrics)
CVSS (Temporal Score)
SIP 3
3) (Environmental Metrics)
CVSS
(Environmental Score)
IPA JVN iPedia1

CVSS v2 ()CVSS
v2 IPA - CVSS v2
2
1
2
JVN iPedia
http://jvndb.jvn.jp/
CVSS v2
http://www.ipa.go.jp/security/vuln/SeverityCVSS2.html
1.7. CVSS
CVSS v2
CVSS v2 CVSS v2
CVSS v2
1 2
18 19 ID
CVSS
CVSS v2
10
SIP 3
2. SIP
SIP SIP
2.1. SIP
SIP IP
IETF SIP
RFC3261 SIP
IP
SIP
RTP
IP
SDPSession Description ProtocolSIP
UDP TCP
SDP
HTTP
SMTP
G.711G729
H.261H.264
POP3
DNS
SIP
RTP/RTCP
SSL/TLS
UDP
TCP
IP (IPv4, IPv6)
Ethernet (IEEE802.3), Wireless (IEEE802.11), etc...

-1-2
SIP HTTP
SIP
11
SIP 3
-2

SIP
SIP
SIP
SIP
SIP
RTP
RTCP
RTCP IP
RTCP
RTP
RTP UDP
2.2. SIP
SIP SIP UA SIP
SIP UA SIP SIP
SIP IP
SIP SIP UA SIP UA
UACUser Agent Client UASUser Agent Server
UAS UAC SIP UA
SIP
UACUser Agent Client

UASUser Agent Server
-3 UAC UAS
SIP
SIP
SIP SIP SIP
12
SIP 3
-4 SIP
SIP
Registrar, Registration Server
SIP
IP
Location Server
Proxy Server
Redirect Server
Presence Server
SIP IP
SIP SIP
SIP
SIP
SIP
SIP
SIP
SIP
SIP
IP
SIP
-1-3 SIP
13
SIP
PSTN, etc., ..
SIP 3
SIP -2 SIP
1
SIP
SIP URIUniform Resource Identifier
Web http://www.example.co.jp/
URL
Uniform Resource Locator
URI
SIP URI
sip:
sips:
sip: alice @ example.co.jp

URI
SIP
SIP
SIP
SIP
-1-4 SIP
2.3.
SIP HTTP
SIP -4
14
SIP 3
SIP
SIP -4
INVITE sip:bob@biloxi.com SIP/2.0

Via: SIP/2.0/UDP pc33.atlanta.com
;branch=z9hG4bK776asdhds
To: Bob <bob@biloxi.com>
From: Alice <alice@atlanta.com>;tag=1928301774
Call-ID: a84b4c76e66710@pc33.atlanta.com
CSeq: 314159 INVITE
Max-Forwards: 70
Date: Thu, 21 Feb 2002 13:02:03 GMT
Contact: <sip:alice@pc33.atlanta.com>
Content-Type: application/sdp
Content-Length: 147
v=0
o=UserA 2890844526 2890844526 IN IP4 here.com
s=Session SDP
c=IN IP4 pc33.atlanta.com
t=0 0
m=audio 49172 RTP/AVP 0
a=rtpmap:0 PCMU/8000
-1-5 SIP
SIP/2.0 200 OK
Via: SIP/2.0/UDP server10.biloxi.com
;branch=z9hG4bKnashds8;received=192.0.2.3
Via: SIP/2.0/UDP bigbox3.site3.atlanta.com
;branch=z9hG4bK77ef4c2312983.1;received=192.0.2.2
Via: SIP/2.0/UDP pc33.atlanta.com
;branch=z9hG4bK776asdhds ;received=192.0.2.1
To: Bob <sip:bob@biloxi.com>;tag=a6c85cf
From: Alice <sip:alice@atlanta.com>;tag=1928301774
Call-ID: a84b4c76e66710@pc33.atlanta.com
CSeq: 314159 INVITE
Contact: <sip:bob@192.0.2.4>
Content-Length: 131
-1-6 SIP
15
SIP 3
SIP

-5 SIP
INVITEACK
SIP
200 OK
100 Trying
FromTo
INVITE
SDP
INVITE
SIP SIP
SIP -5 SIP
SIP
-6 SIP
SIP
INVITE
ACK
BYE
CANCEL
REGISTER
OPTIONS
PRACK
INFO
SUBSCRIBE
NOTIFY
MESSAGE
REFER
UPDATE
PUBLISH
SIP
3 SIP
HTTP/1.1 -6
100
16
SIP 3
1xx100
2xx200
3xx300
4xx400
5xx500
6xx600
-7
100 Trying180 Ringing
200 OK202 Accepted
300 Multiple Choices 301 Moved

Permanently
400 Bad Request401 Unauthorized
500 Server Internal Error 501 Not

Implemented
600 Busy Everywhere603 Decline
2.4. SIP
SIP REGISTER
INVITE
BYE
CANCEL
5
2.4.1. REGISTER
SIP
REGISTERSIP REGISTER
SIP SIP URI IP
SIP SIP
SIP
UASIP URI
IP
REGISTER
200 OK
UASIP URI
IP
REGISTER
200 OK
17
SIP 3
-1-7 REGISTER
2.4.2. INVITE
SIP SIP
INVITE 200
OK ACK 3 INVITE
1xx
INVITE SIP UAS200ms
SIP
INVITE
1xx
INVITE
INVITE
100 Trying
100 Trying
180 Ringing
180 Ringing
OK2xx
200 OK
200 OK
INVITE
ACK
SIP
ACK
ACK
-1-8 INVITE
2.4.3. BYE
INVITE / 200 OK / ACK
BYE
BYE BYE
200 OK
SIP
SIP
BYE
200 OK
-1-9 BYE
18
BYE
200 OK
SIP 3
2.4.4.
INVITE 3xx
INIVTE
ACK
SIP
INVITE
1xx
INVITE
INVITE
100 Trying
100 Trying
180 Ringing
180 Ringing
INVITE
603 Decline
603 Decline
INVITE
ACK
SIP
ACK
ACK
-1-10
2.4.5. CANCEL
CANCEL
CANCEL 200 OK CANCEL
INVITE 487
ACK
SIP
INVITE
INVITE
100 Trying
100 Trying
CANCEL
CANCEL
200 OK CANCEL
200 OK CANCEL
487 Request Terminated

INVITE
ACK
1xx
INVITE
180 Ringing
180 Ringing
SIP

ACK
ACK
-1-11 CANCEL
19
CANCEL
INVITE
SIP 3
2.5. SIP
SIP
HTTP
Basic
HTTP/1.1 RFC 2617
HTTP SIP
WWW-Authenticate
401 Unauthorized SIP
Authorization
SIP
REGISTER
REGISTER
401 Unauthorized
REGISTER
401
REGISTER
200 OK
ID
200 OK
-1-12
401 Unauthorized HTTP

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP pc33.example.co.jp:5060;branch=z9hG4bK7e010369
From: sip:alice@example.co.jp;tag=1008141161
To: sip:alice@example.co.jp;tag=1089012396910
Call-ID: 2c8e0369-75671f481397401d8f6508d51ae9a1dc@pc33.example.co.
jp
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="unknown",
nonce="8a8aee697577e
338dae62dc442149b8d",
opaque="", qop="auth", stale=FALSE, algorithm=MD5
Content-Length: 0
-1-13 REGISTER
20
SIP 3
REGISTER HTTP
REGISTER sip:172.17.0.20:5060 SIP/2.0
Via: SIP/2.0/UDP pc33.example.co.jp:5060;branch=z9hG4bK6ee70373
Max-Forwards: 70
To: sip:alice@example.co.jp
From: sip:alice@example.co.jp;tag=1008141161
Call-ID: 2c8e0369-75671f481397401d8f6508d51ae9a1dc@pc33.example.co.
jp
CSeq: 2 REGISTER
Contact: sip:alice@pc33.example.co.jp:5060;expires=3600
Authorization: Digest realm="unknown,
nonce="8a8aee697577e338dae62dc442149b8d",
opaque="", algorithm=MD5, qop=auth, cnonce="1FBB0373",
nc=00000001, uri="sip:172.17.0.20:5060", username="alice",
response="907228c79a27a566ca47b41c2a6b72de"
Content-Length: 0
-1-14 REGISTER
SIP SIP
INVITE
SIP 407 Proxy
Authentication Required
SIP
SIP
INVITE
INVITE
407 Proxy Authentication Required

ACK
INVITE
SIP
407
ID
INVITE
INVITE
INVITE
100 Trying
180 Ringing
100 Trying
180 Ringing
-1-15
SIP SIP
401 Unauthorized
21
SIP 3
SIP
SIP
INVITE (Proxy, UA)

ACK
INVITE (Proxy, UA)
INVITE (UA)
100 Trying
401 Unauthorized
401 Unauthorized
ACK (Proxy, UA)
ACK
INVITE (Proxy, UA)

INVITE (UA)
200 OK
200 OK
ACK (Proxy, UA)
BYE (Proxy, UA)
ACKUA
BYEUA
200 OK
200 OK
-1-16
22
SIP 3
3. SIP
SIP
3.1. IP VoIP
3.1.1. IP
IP SIP
IP
PBX SIP IP
IP
IP (PSTN:
)
IP PC IP
LAN SIP SIP
SIP
SIP
VPN
IP
VPN
VPN
SIP
IP
IP
-1-17 IP
23
IP
SIP 3
3.1.2. IP
ISP IP
SIP ISP
VoIP IP SIP IP
(PSTN: )
IP
ADSL
VoIP
SIP
ADSL
PC
IP
FTTH
FTTH
ISP/
IP
PC
-1-18 IP
3.2.
Instant MessageIM
IM SIP
SIMPLE SIP for Instant Messaging and Presence Leveraging
ExtensionsSIP
SIP
24
SIP 3
Presentity
Subscriber
Watcher
-1-19
3.3. NGN
NGNNext Generation NetworkIP
SIP NGN
3 3GPP IMSIP
Multimedia Subsystem IMS
SIP NGN
SIP
RTP
SIP
HTTP, etc
QoS
NGN
-1-20 NGN SIP
25
SIP 3
3.4.
SIP
SIP
SIP
-1-21
SIP
SIP
SIP
-1-22
26
SIP 3
4.
4.1. SIP
SIP -1
4 SIP
SIP ()
SIP (atlanta.com)
SIP (biloxi.com)
SIP ( SIP )
SIP
SIP SIP SIP /
SIP
atlanta.com
SIP
biloxi.com
SIP
SIP
SIP
SIP
RTP
SIP
SIP
-1-23 SIP
4.2. IP
IP SIP
IP
27
SIP 3
1) VPN
2) IP
3) IP
Ethernet Ethernet ()
4) LAN ( LAN /)
5) ( Ethernet /)
6) (SOHO) IP
LAN
IP
LAN
IP
SIP
SIP SIP IMS NGN
IP
IP
IP-PBX SIP
SIP
4.3.
IP
SIP
1) Ethernet
2) Ethernet
3)
Ethernet IP
ARP
IP Ethernet
ARP ARP
ARP ARP
IPA TCP/IP
21. ARP
TCP/IP
http://www.ipa.go.jp/security/vuln/vuln_TCPIP.html
28
SIP 3
LAN
LAN Ethernet WEP
WPA
LAN
IP
TCP/IP
IPA TCP/IP
4.4. SIP/RTP
SIP
(PSTN:
) IP IP-PBX PSTN
SIP/RTP
IP
1) SIP/RTP UDP
2) UDP IP IPsec
3) SIP SIP SIP CANCEL SIP
SIP
4) SIP MD5
5) SIPS(SIP over TLS)
6) SRTP(Secure RTP)
7) SIP (1 ) SIP SIP
(REGISTER)
8) SIP SIP
SIP/RTP
4.2 IP
4.5.
29
SIP 3
ARP Ethernet
(HA)
(VRRP)
ARP Ethernet
(Fail Over)
ARP Ethernet
VRRP HA
SIP RTP
4.6. SIP
SIP SIP
SIP SIP
SIP SIP
RTP
SIP RTP
SIP TLS
SRTP
SIP SIP
4.7.
4.7.1.
SIP/RTP
SIP/RTP
SIP/RTP
IP
Ethernet VLAN 802.1X LAN
SSID
VPN
30
SIP 3
SIP/RTP
Ethernet
SIP/RTP
SIP/RTP IP Ethernet
SIP/RTP SIP/RTP
SIP/RTP
Web
IP
4.7.2. IP
SIP/RTP
SIP SIP
LAN WPA(Wi-Fi Protected Access)

IPsec SSL-VPN
SIP/RTP
4.7.3. IP : IPsec
3GPP IMS(IP Multimedia Subsystem)2007 9
IPsec
IPsec SIP/RTP IP IP
IMS SIP P-CSCF(Proxy-CSCF)

IPsec ESP ESP Encapsulating Security Payload
IP RTP
IMS IPsec IPsec
IMS IPsec IPsec

SIPS
SRTP
IMS WPA LAN
IPsec OS
4.7.4.
(IPS: Intrusion Prevention System )
SIP/RTP
SIP/RTP
IPS SIP/RTP
31
SIP 3
4.7.5.
SIP/RTP (SBC: Session
Border Controller)SBC SIP
SIP/RTP
SBC SIP
DoS
SBC RFC5853(*1)
4.8. SIP
4.8.1. SIP TLS
SIP
4.7.1
SIP
SIP SIP
SIP TLS(Transport Layer Security)RTP

SRTP(Secure RTP)TLS SRTP
SIP
TLS SRTP
SIP TLS
SRTP 8 - RTP
1) SIP over TLS over TCP

SIP RFC3261(*2) SIP
TCP TLS
2) DTLS-SRTP Framework
SIP RTP SRTP SRTP UDP TLS
DTLS(RFC4347 Datagram TLS*3)RFC5763(*4)
IPsec SSL-VPN SIP/RTP
RFC5853: Requirements from Session Initiation Protocol (SIP) Session Border Control
(SBC) Deployments (http://tools.ietf.org/html/rfc5853)
2 RFC3261 SIP, 26.4.3 TLS (http://tools.ietf.org/html/rfc3261#section-26.4.3)
3 DTLS OpenSSL 0.9.8 (http://openssl.org)
4 RFC5763:
Framework for Establishing a Secure Real-time Transport Protocol (SRTP)
Security Context Using Datagram Transport Layser Security (DTLS)
( http://tools.ietf.org/html/rfc5763 )
1
32
SIP 3
3GPP IMS
IPsec SIP/RTP
4.8.2. TLS
SIP/RTP TLS DTLS
SIP TLS
1) SIP TLS SIP SIP SIP
SIP
2) TLS TLS SIP
IP
3) TLS SIP SIP
4)
4.9. -
4.9.1.
12
12
SIP Sipera
20,065 20,000 SIP
(Comprehensive VoIP Security for the Enterprise)

CVE(Common Vulnerabilities Exposures) JVN()
2007 8 1 9
24 JVN 100 31
OS
SIP
SIP
SIP
Web Web
Web Web
SIP RTP
33
SIP 3
4.9.2. -
SIP/RTP
IP
4.9.3.
Web
(sanitization: )
4.9.4.
C C++
IPA 1.
Web C/C++
( JPCERT/CC ASCII2006 )
Visual C++ 2010

GCC (GNU C Compiler)
C/C++ Java
34
SIP 3
C/C++
Java .NET(
) C/C++
(VM)
CPU C/C++
4.9.5.
Fuzzing
Tolerance
PROTOS Test Suite(c07-sip)
4.9.6.
SIP RTP
Codenomicon SIP RFC4475
SIP
4.9.7.
SIP/RTP Web SQL
Web
(IPA )
4.9.8. SIP/RTP
SIP/RTP
SIP 4
35
SIP 3
IPv4 TCP SIP

SIP SIP/RTP
TCP/IP
36
SIP 3
4.9.9.
AJAX Web 2.0
ROHS
ISP()
2007
37
SIP 3
5.
SIP
38
SIP 3
1. SIP
1.
SIP
1.1
SIP
1-1 SIP SIP

SIP
SIP
SIP
SIP
SIP
SIP
SIP
SIP
SIP
SIP
1-1
SIP
1)
2)
3) SIP
1)
1.2
1)
2)
3)
4)
5)
REGISTER
CANCEL
re-INVITE
BYE
PRACK
39
SIP 3
1. SIP
1)
REGISTER
SIP INVITE SIP IP

SIP REGISTER
REGISTER SIP (IP )

REGISTER

1-2 SIP SIP REGISTER
SIP
REGISTER Call-ID
SIP REGISTER
1-2
40
SIP 3
1. SIP
REGISTER SIP
SIP SIP [sip:ua@example.com] INVITE
SIP 404
REGISTER SIP IP
SIP SIP SIP
[sip:ua@example.com] INVITE SIP INVITE
SIP
2)
CANCEL
INVITE
3 CANCEL SIP
1-3 SIP INVITE Call-ID

CANCEL
CANCEL 100 Trying
SIP CANCEL
100 Trying CANCEL
SIP 487 Request Terminated
SIP
SIP
SIP
INVITE
100 Trying
CANCEL
SIP
200 OK
ACK
1-3 CANCEL
RFC3261 22.1 Framework CANCEL SIP

INVITE CANCEL
SIP ()
()
SIP UDP INVITE
IP CANCEL
41
SIP 3
1. SIP
3)
re-INVITE
re-INVITE INVITE
(
)
INVITE
re-INVITE
1-4 SIP re-INVITE
SIP INVITE
SIP
SIP SIP
SIP SIP BYE
SIP re-INVITE
re-INVITE Contact
SDP SIP IP SIP
SIP
SIP
SIP
INVITE
200 OK
ACK
SIP
BYE
200 OK
INVITE
200 OK
ACK
1-4 re-INVITE
42
SIP 3
1. SIP
4)
BYE
INVITE
BYE
1-5 INVITE SIP

BYE SIP SIP
SIP INVITE
SIP
SIP SIP
SIP SIP SIP BYE
SIP
SIP
INVITE
200 OK
ACK
BYE
BYE
200 OK
1-5 BYE
43
200 OK
SIP
SIP 3
1. SIP
5)
PRACK
SIP UDP UDP
SIP ACK
INVITE
INVITE
ACK
PRACK
PRACK
1-6 SIP INVITE 183 Session

Progress
SIP 183 Session Progress
PRACK SIP SIP
183 Session Progress SIP
PRACK SIP 500 Server Internal
Error () SIP 183 Session Progress
SIP 180
Ringing SIP (180 Ringing)
(PRACK ) SIP 180 Ringing
180Ringing
PRACK SDP
1-6 PRACK
44
SIP 3
1. SIP
SIP SIP
SIP SIP
1) SIP SIP
2) SIP
3) SIP
SIP
CANCEL SIP
CANCEL SIP (401/407)
CSeq
1 CANCEL CSeq INVITE
INVITE CSeq
CSeq 1 INVITE
CANCEL CSeq CANCEL 401
Unauthorized CSeq 1 CANCEL
INVITE CSeq 1
1-7 CANCEL Cseq
45
SIP 3
1. SIP
1.3
1) IPsecSSL-VPN SIP
2) SIP/RTP
3)
1) S/MIME End-to-End
CANCEL UA UA (end-to-end)
S/MIME CANCEL UA
hop-by-hop S/MIME
2) Secure SIP (SIP over TLS)
TLS
TLS
SIP
SIP
SIP
SIP
SIP
1-8 TLS
46
SIP
SIP 3
1. SIP
1.4
2002 6
RFC3261 SIP: Session Initiation Protocol

10 Registrations
http://tools.ietf.org/html/rfc3261#section-10
13 Initiating a Session
14 Modifying an Existing Session
15 Terminating a Session
2002 6
22.1 Framework
http://tools.ietf.org/html/rfc3261#section-22.1
RFC3262 Reliability of Provisional Responses in the Session Initiation
Protocol (SIP)
http://tools.ietf.org/html/rfc3262
1.5 CVSS ()
CVSS
4.0
REGISTER
CVSS (REGISTER )
47
SIP 3
2. SIP
2.
SIP
2.1
SIP SIP SIP
200
400
300
2-1 SIP SIP

SIP
INVITE
INVITE
SIP
SIP
SIP
SIP
2-1
2.2
3
1) 200 OK ()
2) 302 Moved Temporarily ()
3) 404 Not Found ()
1)
200 OK ()
INVITE 200 OK
INVITE 200 OK
()
48
SIP 3
2. SIP
200 OK SDP
(IP )
200 OK SIP
2-2 SIP INVITE SIP 100 Trying

SIP SIP
200 OK SIP SIP
SIP CANCEL
SDP 4 - SIP
SIP
SIP
INVITE
100 Trying
SIP
CANCEL
200 OK
200 OK
ACK
ACK
2-2 200 OK ()
2)
302 Moved Temporarily ()
INVITE 302 Moved Temporarily
INVITE 302 Moved Temporarily
SIP-URI 302 Moved Temporarily Contact

INVITE
302 Moved Temporarily
49
SIP 3
2. SIP
2-3 SIP INVITE SIP 100 Trying

SIP SIP CANCEL
200 OK
SIP 200 OK 302 Moved Temporarily
302 Moved Temporarily SIP
SIP
SIP
SIP
INVITE
100 Trying
SIP
CANCEL
302 Moved Temporarily
200 OK
ACK
ACK
SIP
INVITE
200 OK
INVITE
2-3 Moved Temporarily ()
3)
404 Not Found ()
INVITE 404 Not Found
INVITE 404 Not Found INVITE

SIP-URI SIP
SIP-URI SIP
404 Not Found
50
SIP 3
2. SIP
2-4 CANCEL 2-2/2-3
SIP
SIP
INVITE
100 Trying
SIP
CANCEL
404 Not Found
200 OK
ACK
ACK
2-4 404 Not Found ()
SIP HTTP
SIP SIP SIP Authentication-Info

SIP SIP
SIP SIP RFC3261
RFC2543 Authentication-Info
2.3
1) IPsecSSL-VPN SIP
2) SIP/RTP
3)
51
SIP 3
2. SIP

2) Authentication-Info
2.4
2002 6

8.1.3 Processing Responses
http://tools.ietf.org/html/rfc3261#section-8.1.1.3
2.5 CVSS ()
CVSS
2.6
CVSS
52
SIP 3
3. SIP
3.
SIP
3.1
SIP HTTP
SIP
SIP
SIP
SIP
SIP
SIP
SIP
3-1
3.2
SIP (UAS)RFC2617
HTTP
401(Unauthorized)
407(Proxy Authentication Required)
WWW-Authenticate Proxy-Authenticate
53
SIP 3
3. SIP
SIP
SIP
INVITE
407 Proxy Authentication Required --

Proxy-Authenticate:
INVITE
Proxy-Authorization:
--
200 OK

Proxy-Authenticate: Digest realm="atlanta.com",
domain="sip:ss1.carrier.com", qop="auth",
nonce="f84f1cec41e6cbe5aea9c8e88d359",
opaque="", stale=FALSE, algorithm=MD5
INVITE sip: bob@example.com SIP/2.0

Proxy-Authorization: Digest username="Alice", realm="
atlanta.com",
nonce="c60f3082ee1212b402a21831ae",
response="245f23415f11432b3434341c022"
3-2 SIP
nonceopaque
(UAC)
HTTP SIP MD5

RFC2617 MD5
response
54
SIP 3
3. SIP
SIP SIP
SIP
nonce
SIP
MD5 MD5
NIST 2010
MD5 256bit
SHA1 SHA2
3.3
SIP SIP
1) IPsecSSL-VPN SIP
2) SIP/RTP
3)
55
SIP 3
3. SIP
3.4
2002 6
1999 6
2004 8
2007
2008 10

22 Usage of HTTP Authentication
RFC2617 HTTP Authentication: Basic and Digest Access Authentication
Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD
http://eprint.iacr.org/2004/199.pdf
IPA - C/C++
3
http://www.ipa.go.jp/security/awareness/vendor/programmingv2/contents/c
203.html
IPA
http://www.ipa.go.jp/security/event/2008/ipa-forum/documents/IPAforum20
08yamagishi.pdf
3.5 CVSS ()
CVSS
2.6
CVSS
56
SIP 3
4. SIP
4.
SIP
4.1
SIP
SDP SDP
()
INVITE JPEG JPEG
4.2
SIP 2
1) INVITE SDP
2) INVITE JPEG
ARP
()(SBC) SIP
1)
INVITE SDP
SDP
4-1 INVITE 200

SDP
57
SIP 3
4. SIP
192.0.2.201
192.0.2.101
SIP
INV
I
SD TE
P1
200
SDP OK
2x
192.0.2.11
ITE
INV 1x
P
SD K
O
200 2
P
SD
SIP
5963
SIP
5963
5963
4-1 SDP ()
1)
SDP1
v=0
o=alice 2890844526 2890844526 IN IP4 client.atlanta.example.com
s=c=IN IP4 192.0.2.101
t=0 0
2) SDP2
v=0
o=bob 2890844527 2890844527 IN IP4 client.biloxi.example.com
s=c=IN IP4 192.0.2.201
t=0 0
3) SDP1x
v=0
o=alice 2890844526 2890844526 IN IP4 client.atlanta.example.com
s=c=IN IP4 192.0.2.11
t=0 0
58
SIP 3
4. SIP
4) SDP2x
v=0
o=bob 2890844527 2890844527 IN IP4 client.biloxi.example.com
s=c=IN IP4 192.0.2.11
t=0 0
4-2 SDP
4-1
2)
INVITE JPEG
INVITE JPEG
INV
ITE
ITE
INV g
jpe
SIP
SIP
SIP
4-3 JPEG
4-3 INVITE JPEG
4-4 JPEG INVITE
JPEG
59
SIP 3
4. SIP
INVITE sip:bob@biloxi.example.com SIP/2.0

Via: SIP/2.0/TCP client.atlanta.example.com:5060;branch=z9hG4bK74b43
Max-Forwards: 70
From: Alice <sip:alice@atlanta.example.com>;tag=9fxced76sl
To: Bob <sip:bob@biloxi.example.com>
Call-ID: 3848276298220188511@atlanta.example.com
CSeq: 1 INVITE
Contact: <sip:alice@client.atlanta.example.com;transport=tcp>
Content-Disposition: render
Content-Type: image/jpeg; name="img10192419528.jpg"
Content-Transfer-Encoding: base64
Content-Length : 951
/9j/4AAQSkZJRgABAgEASABIAAD/2wBDAAYEBAQFBAYFBQYJBgUGCQsIBgYICwwKCgsKCgwQ
DAwMDAwMEAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz/2wBDAQcHBw0MDRgQEBgUDg4O
...
4-4 JPEG
SIP 3
1)
2) SIP
3) SIP
4.3
1) IPsecSSL-VPN SIP
2) SIP/RTP
3) IP
SIP IP
ARP DNS ()

2) S/MIME End-to-End
60
SIP 3
4. SIP
4.4
2002 6
2006 7

RFC4566 SDP: Session Description Protocol
4.5 CVSS ()
CVSS
2.6
CVSS
61
SIP 3
5.
5.
5.1
SIP TLS TCP TCP
SIP TLS UDP
5.2
SIP TCP,UDP
TLS
TLS TCP TCP

TCP TCP RFC
UDP
5-1 SIP INVITE

TLS SYN TCP
SIP SIP TCP TCP

RST ICMP(Protocol Unreachable)
SIP TCP ICMP TCP
RFC3261 UDP SIP
62
SIP 3
5.
SIP
SIP
SIP
SIP
TCP(SYN)
TLS
TCP(RST)
or ICMP(Protocol Unreachable)
UDP
INVITE
5-1 UDP
RFC3261 18.1.1
UDP
UDP TCP
ICMP Protocol Not Supported TCP
UDP
[SHOULD]TCP RFC2543
RFC3261 RFC2543 TCP

RFC3261
TLS TCP SIP

SIP / TCP(RST) ICMP(Protocol Unreachable)
TCP UDP
RFC3261 18.1.1 Sending Requests
TCP
TLS TCP UDP
UDP SIP
TLS UDP
TCP-RST
63
SIP 3
5.
5.3
1)
2)
3)
4)
IPsecSSL-VPN SIP
SIP/RTP
1) RFC
TCPRST ICMP(Protocol
Unreachable ) UDP
5.4
2002 6
2007 3

18.1.1 Sending Requests
http://tools.ietf.org/html/rfc3261#section-18.1.1
Sipera
SIP compliant clients may be vulnerable to transport rollback vulnerability
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=178&
5.5 CVSS ()
CVSS
2.6
CVSS
64
SIP 3
6. DoS SIP
6.
DoS SIP
6.1
DoS(Denial of Service) DDoS(Distributed Denial of Service)
SIP SIP
12.
DoS SIP SIP
6.2
DoS SIP
SIP
SIP SIP
RFC3261 26.1.5
DoS
1)
SIP SIP
6-1 SIP INVITE SIP

IP (1.1.1.1) SIP Via
SIP
SIP
180, 200, 401 407
SIP
65
SIP 3
6. DoS SIP
6-1
2)
SIP SIP
6-2 SIP INVITE

SIP IP (1.1.1.1) SIP Route
SIP SIP
SIP Route
SIP-URI
SIP
SIP-URI
SIP
SIP
SIP
INVITE sip:alice@example.com
Route:1.1.1.1
SIP
(1.1.1.1)
INVITE sip:alice1@example.com
Route:1.1.1.1
INVITE sip:alice2@example.com
Route:1.1.1.1
alice???
6-2
SIP
66
SIP 3
6. DoS SIP
SIP SIP SIP
SIP
SIP
6.3
1)
2) SIP/RTP
3)
1)
IP SIP 1
SIP
IP
6.4
2002 6
2008 9
2008 9
2008 9

26.1.5 Denial of Service and Amplification
http://tools.ietf.org/html/rfc3261#section-26.1.5
IP
http://itpro.nikkeibp.co.jp/article/NEWS/20080910/314570/
NTT
- SIP ?(3)
http://projectphone.typepad.jp/blog/2008/09/-sip3-fcee.html
2008 9 SIP
FAQ for YAMAHA RT
/ SIP
http://www.rtpro.yamaha.co.jp/RT/FAQ/VoIP/troublevoip-ans.html#9
FUSION IP-Phone
http://www.fusioncom.co.jp/oshirase/20080909_2.html
67
SIP 3
6. DoS SIP
2008 11
2008 12
VoIP/SIP DoS
http://itpro.nikkeibp.co.jp/article/COLUMN/20081028/317888/
SIP NextGen
RFC5393 Addressing an Amplification Vulnerability in SIP Forking

Proxies
SIP Proxy 2
6.5 CVSS ()
CVSS
2.6
CVSS
68
SIP 3
7. SIP
7.
SIP
7.1
SIP
RFC3261/3262 RFC
SIP
INFO
SUBSCRIBE
NOTIFY
UPDATE
REFER
MESSAGE
PUBLISH
7.2
SIP SIP-URI
7-1
MESSAGE
SIP
SIP
SIP
MESSAGE
<>
200 OK
7-1
SIP 7-1
69
SIP 3
7. SIP
INFO
SUBSCRIBE
NOTIFY
UPDATE
REFER
MESSAGE
PUBLISH
7-1 SIP
INFO (DTMF)
IVR()
NOTIFY
SUBSCRIBE
SUBSCRIBE
NOTIFY
UPDATE
INVITE
PoC(Push to talk over Cellular
)
REFER
MESSAGE
NOTIFY
SUBSRIBE
PUBLISH
SIP
URI ID
70
SIP 3
7. SIP
7.3
1) IPsecSSL-VPN SIP
2) SIP/RTP
3)
7.4
2002 6
2002 6
2002 6
2000 10
2002 9
2002 12
2003 4
2004 10
2007 9

RFC3262 Reliability of Provisional Responses in the Session Initiation
Protocol (SIP)
RFC3265 Session Initiation Protocol (SIP)-Specific Event Notification
RFC2976 The SIP INFO Method
RFC3311 The Session Initiation Protocol (SIP) UPDATE Method
RFC3428 Session Initiation Protocol (SIP) Extension for Instant
Messaging
RFC3515 The Session Initiation Protocol (SIP) Refer Method
RFC3903 Session Initiation Protocol (SIP) Extension for Event State
Publication
OMA Push to talk Over Cellular V1.0.2 Approved Enabler
http://www.openmobilealliance.org/release_program/poc_v1_0.html
71
SIP 3
7. SIP
7.5 CVSS ()
CVSS
2.6
CVSS
72
SIP 3
8. RTP
8.
RTP
8.1
RTP
IP
8.2
RTP IP
RTP
IP
SIP
SIP
RTP
8-1 RTP
RTP
RTP
73
SIP 3
8. RTP
1) IP : (DTMF )
2) :
3) :
RTP
IP IP
(IVR)
RTP RTP
IETF Audio/Video Transport (avt)

http://ietf.org/html.charters/avt-charter.html
RTP RTP RTCP(:

Realtime Control Protocol)RTP RTP
RTP
RTCP []10.
RTCP
RTP RTP RFC1889(1996 1

)9. Security9.1 ConfidentialityRTP RTP
DES IPsec RTP
RFC1889 RFC3550 RTP

SRTP(Secure RTP RFC3711 )
RTP SRTP
2004 MIKEY RFC3830

SRTP
SDP
IP RTP
RTP
RTP
1) SRTP ( MIKEY ) RTP

2) ZRTP RTP
3) RTP over DTLS SRTP DTLS UDP
4)
1)
SRTP
SRTP[RFC3711]RTP
IPsec
IP SRTP RTP
74
SIP 3
8. RTP
RTP DES DES

SRTP
AES(Advanced Encryption Standard)
LAN ()
AES
SRTP
2007 8 SRTP SRTP
SIP SDP crypt
sDescription(SDES)
SDP SDP SIP
TLS IPsec SIP SDP
SRTP
SRTP MIKEY MIKEY
SIP RTP
2)
ZRTP
ZRTP(Media Path Key Agreement for Secure RTP)

PGP Phil Zimmerman() RTP
ZRTP RTP RTP

RTP
RTP RTP
RTP
SIP RTP RTP
(Zfone)
3)
RTP over DTLS SRTP DTLS
DTLSDatagraram TLS TCP TLS(Transport

Layer Security)UDP
RTP over DTLS UDP RTP DTLS
RTP over DTLS SRTP
SRTP
SRTP MIKEY
UDP DTLS SRTP
Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context
Using Datagram Transport Layer Security (DTLS)
SRTP MIKEY ZRTPDTLS-SRTP 2007

3 IETF RTP Secure Keying BoF(Birds Of a Feather)
DTLS-SRTP
DTLS TLS
SSL SSL/TLS
TLS
75
SIP 3
8. RTP
IPsec
SIP
DTLS-SRTP SIP TLS
SIP RTP SIP
RTP
4)
DRM(Digital Rights
Management: )DRM
RTP RTP
SRTP
8.3
1) SIP/RTP
2) IPsecSSL-VPN SIP/RTP
1) Secure RTP (SRTP)

RTP SRTP
2) RTP SRTP
SRTP RTP SRTP
76
SIP 3
8. RTP
8.4
1996 1
2003 7
2003 7
2004 3
2004 8
2006 4
2007 6
2007 7
2007 7
2007 4
2007 10
2007 10
2010 5
2010 5
RFC1889 RTP: A Transport Protocol for Real-Time Applications()

9. Security
9. Security
RFC3551 RTP Profile for Audio and Video Conferences with Minimal
Control
RFC3711 The Secure Real-time Transport Protocol (SRTP)
RFC3830 MIKEY: Multimedia Internet KEYing
RFC4347 Datagram Transport Layer Security (DTLS)
3GPP TS 33.203
3G security; Access security for IP-based services
http://www.3gpp.org/ftp/Specs/html-info/33203.htm
http://ietf.org/html.charters/avt-charter.html
RTP RTP
ZRTP: Media Path Key Agreement for Secure RTP
http://tools.ietf.org/html/draft-zimmermann-avt-zrtp
Asterisk encryption
http://www.voip-info.org/wiki/view/Asterisk+encryption
Asterisk SRTP
The Zfone Project
http://zfoneproject.com/
PGP Phil Zimmermann ZRTP Zfone
Sipera
Vonage voice conversation may be vulnerable to eavesdropping
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=
359
Vonage IP
RFC5763 - Framework for Establishing a Secure Real-time Transport
Protocol (SRTP) Security Context Using Datagram Transport Layer
Security (DTLS)
6.10. Media over SRTP
RFC5764 - Datagram Transport Layer Security (DTLS) Extension to
Establish Keys for the Secure Real-time Transport Protocol (SRTP)
77
SIP 3
8. RTP
8.5 CVSS ()
CVSS
2.6
CVSS
78
SIP 3
9. RTP
9.
RTP
9.1
RTP
RTP
RTP RTP
913919128
7367
913918973
7366
913918818
7365
SIP
SIP
RTP
RTP
RTP
RTP
TP
RTP
913922818
7390
TP
913922658
7389
913922978
7391
SIP
9-1 RTP
9.2
9-1 RTP RTP

RTP RTP
SIP SIP RTP
SIP RTP
RTP SIP
SIP
RTP
RTP
SIP
RTP RTP
79
SIP 3
9. RTP
RTP
RTP (DTMF )
VoIP
RTP RTP
()
RTP
RTP
IP RTP
P X
CC
PT
SSRC
CSRC
V=
P=
X=
CC=CSRC
M=
PT=
SSRC=
CSRC=
9-2 RTP
RTP RTP
RTP
80
SIP 3
9. RTP
1) RTP
2) RTP
RTP SIP/RTP VoIP
H.323 MEGACOCisco
Skinny IP
RTP RTP
RTP RTP
RTP
()RTP
()
IP RTP
IP
4ms
50ms
RTP RTP
RTP RTP
RTP RTP RFC1889(1996 1

) 9. Security9.2 Authentication and Message Integrity2003
7 RTP RFC3550 RTP
RTP SRTP SRTP

SRTP
SIP TLS DTLS
SRTP SRTP DTLS
RTP 8 RTP
81
SIP 3
9. RTP
9.3
1) RTP SIP/RTP
2) IPsecSSL-VPN SIP/RTP
RTP
1) RTP SRTP
SRTP
8 - RTP
8.3
9.4
2006 12
2007 5
2007 5
2007 3
Hacking VoIP Exposed Voice over IP Security Secrets & Solutions,

David Endler and Mark Collier; McGraw-Hill Professional Publishing;
ISBN: 0072263644
http://www.hackingexposedvoip.com/
Sipera
Sipera - Unencrypted RTP vulnerable to capture and reconstruction
264&
RTP
Sipera - RTP sequence number and timestamp can be guessed to inject
media packets that may be accepted by receiver as legitimate
269&
RTP
Sipera - Rogue RTP injection may result in voice quality degradation

193&
RTP
82
SIP 3
9. RTP
9.5 CVSS ()
CVSS
2.6
CVSS
83
SIP 3
10. RTCP
10. RTCP
10.1
RTP RTP RTCP
RTP
SIP
SIP
1. RTCP BYE
2. RTCP SDES
3. RTCP
R
TC
P
RTP
SIP
10-1 RTCP
10.2
RTP RTCP(RFC3550 6. RTP Control

Protocol: RTP ) RTP
1)
2)
3)
3 RTCP
1)
RTCP BYE RTP
RTP
RTP
RTCP BYE
RTP SIP
84
SIP 3
10. RTCP
RTP SIP SIP

RTP
RTP RTCP BYE

SIP
SIP
SIP SIP IP
RTP IP
V
RC
PT=203
SSRC 1
SSRC 2
SSRC n
V=
P=
RC=SSRC
PT=
10-2 RTCP BYE
2)
RTCP SDES
RTP RTCP
RTP
RTCP (SDES) NAME()EMAIL(
)PHONE()RTCP SDES RTP
RTCP SDES 1 SSRC RTP

CNAME(Canonical Name)
SSRC
CNAME IP
CNAME
RTCP
85
SIP 3
10. RTCP
RC
PT=202
SSRC/CSRC 1
SDES
SSRC/CSRC 2
SDES
V=
P=
RC=SDES
PT=
10-3 RTCP SDES
3)
RTCP
RTP RTCP (RR)
86
SIP 3
10. RTCP
RC
PT=201
SSRC
SSRC
LSR
DLSR
V=
P=
RC=
PT=
10-4 RTCP
1)
RTCP BYE RTP
RTP SSRC
SSRC (Synchronization Source Identifier)
SSRC SSRC RTP SIP/RTP

32bit
SSRC
SSRC SIP/RTP SSRC
RTCP BYE SSRC RTP

RTP - 8.2 Collision Resolution and Loop Detection, RFC3550

RTCP BYE SIP/RTP RTCP BYE SSRC

SSRC RTP
RTCP BYE SIP/RTP RTP

(SSRC) RTP
RTCP BYE
87
SIP 3
10. RTCP
RTP
2)
RTCP SDES
RTCP (SDES)1 SIP/RTP 1 SIP/RTP

SIP/RTP 1 RTP
RTCP
CNAME(Canonical Name: )RTP
SSRC 1
RTP CNAME
RTCP SDES CNAME

RTCP
RTCP SDES RTCP BYE

SSRC
3)
RTCP
RTCP (RTCP RR) RTP

RTCP RR
SSRC
SSRC
G.711 64Kbps PCM

RTP
IP 48Kbps
48Kbps
4)
RTP
RTCP RTP
SIP
88
SIP 3
10. RTCP
RTP
RTP
RTP H.323 MEGACO IP
MEGACO IP
SIP
H.323 RTP
RTP
SIP RTP RTP SIP
SDP
SIP
RTP RTP
RTCP SSRC() RTCP
BYE 2 RTCP SRTP
10.3
1) RTCP SIP/RTP
2) RTCP IPsecSSL-VPN
SIP/RTP
1) RTCP SRTCP
SRTP
8 - RTP
8.2
89
SIP 3
10. RTCP
10.4
1996 1
RFC1889 - RTP: A Transport Protocol for Real-Time Applications ()

http://www.networksorcery.com/enp/rfc/rfc1889.txt
2002
@STAKE Inc., VoIP The Next Generation of Phreaking

http://www.blackhat.com/presentations/win-usa-02/arkin-winsec02.ppt
2003 7
2003 7
2004 4
2005 8
2007 3
2009 5
RTP
RFC3550 RTP: A Transport Protocol for Real-Time Applications
6. RTP Control Protocol (RTCP)
8.2 Collision Resolution and Loop Detection
RFC3551 - RTP Profile for Audio and Video Conferences with Minimal
Control
TCP/IP RTP Colin Perkins
2004 4 ISBN:27406561
NEC Network Laboratories, VoIP Security Threat Analysis
P.8, RTP/RTCP-specific DoS attacks
http://www.ibr.cs.tu-bs.de/projects/nmrg/meetings/2005/nancy/voip-sec.pd
f
RTCP BYE DoSRTCP RR
I-D - VoIP Security Threats relevant to SPEERMINT ()
2.4. Threats to MF Availability
http://tools.ietf.org/html/draft-niccolini-speermint-voipthreats#section-2.
4
SIP/RTP (BCP:) 05
I-D - SPEERMINT Security Threats and Suggested Countermeasures (

)
2.4. Threats to the Media Function (MF)
http://tools.ietf.org/html/draft-ietf-speermint-voipthreats#section-2.4
I-D - VoIP Security Threats relevant to SPEERMINT
04
90
SIP 3
10. RTCP
10.5 CVSS ()
CVSS
2.6
RTCP BYE RTP
CVSS
91
SIP 3
11.
11.
11.1
(CODEC)
SIP/RTP Web
12
92
SIP 3
12.
12.
12.1
SIP/RTP
SIP/RTP
12.2
SIP SIP
(DoS)
1
SIP
SIP
1.
2.
3.
12-1
1)
ASCII 1
12-2
SIP
SIP 1 SIP
93
SIP 3
12.
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa sip:there@10.10.10.10 SIP/2.0
Via: SIP/2.0/UDP 10.10.1.1:5060;branch=1
From: 0 <sip:me@10.10.1.1>;tag=0
To: Receiver <sip:there@10.10.10.10>
Call-ID: 1@10.10.1.1
CSeq: 1 INVITE
INVITE
Contact: 0 <sip:me@10.10.1.1>
Expires: 1200
Max-Forwards: 70
Content-Length: 128
v=0
o=0 0 0 IN IP4 10.10.1.1
s=Session SDP
c=IN IP4 10.10.1.1
t=0 0
m=audio 9876 RTP/AVP
12-2. SIP
SIP/RTP
DoS
2007 7 SIP/RTP
[Hacktool.Sipbot]
Fuzzing(
)
Fuzzing
94
SIP 3
12.
2)
INVITE sip:sips%3Auser%40example.com@example.net SIP/2.0

To: sip:%75se%72@example.com
From: <sip:I%20have%20spaces@example.net>;tag=938
Max-Forwards: 87
i: esc01.239409asdfakjkn23onasd0-3234
CSeq: 234234 INVITE
Via: SIP/2.0/UDP host5.example.net;branch=z9hG4bKkdjuw
C: application/sdp
Contact:<sip:cal%6Cer@host5.example.net;%6C%72;n%61me=v%61lue%25%34%31
>
Content-Length: 150
v=0
o=mhandley 29739 7272939 IN IP4 192.0.2.1
s=c=IN IP4 192.0.2.1
t=0 0
m=audio 49217 RTP/AVP 0 12
m=video 3227 RTP/AVP 31
a=rtpmap:31 LPC
12-3.
%XX (RFC4475)
12-3 RFC4475 SIP SIP

% 2 16
SIP
()
(;,)
95
SIP 3
12.
3)
SQL
SQL
SQL
Web
SIP/RTP
SIP/RTP SIP/RTP
HTTP SQL
SIP/RTP 18
1)
IP
SIP/RTP
SIP
C strcpy() gets()
C/C++
C C++
SIP/RTP C/C++
C/C++
SIP
SIP/RTP
HTTP SNMPTELNET
RLOGINTFTPNTPDHCPDNS
2)
SIP
SIP
SIP
96
SIP 3
12.
SIP
SIP/RTP RFC
SIP SIP
12.3
1)
2)
3)
4) SIP/RTP Fuzzing /IDS/
1)
2)
3)
97
SIP 3
12.
12.4
1999
2003 2
2003
2006 3
2006 5
2007
2007 7
2005 6
2005 1
2006 11
2007 5
2008 8
2008 2
2008 2
CVE Common Vulnerabilities Exposures

http://www.mitre.org/
JVN Japan Vulnerability Notes: ()
http://jvn.jp/
Security testing of SIP implementations
Christian Wieser, Marko Laakso
Department of Electrical and Information Engineering University of
Oulu
http://www.mediateam.oulu.fi/publications/pdf/462.pdf
PROTOS c07-SIP Oulu
Sipera
Sipera - Comprehensive VoIP Security for the Enterprise: Not Just
Encryption and Authentication
http://www.sipera.com/assets/Documents/whitepapers/Sipera_Enterprise
_VoIP_Security_WP.pdf
RFC4475 - Session Initiation Protocol (SIP) Torture Test Messages
IPA
http://www.ipa.go.jp/security/awareness/vendor/programmingv2/
IPA -
1.
http://www.ipa.go.jp/security/awareness/vendor/software.html#1
Frank SwiderskiWindows Snyder
BP 2005 6 ISBN:4891004576
PROTOS Test-Suite (c07-sip) - Security Testing of Protocol
Implementations
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
C/C++ Robert C. Seacord
JPCERT
Symantec Security Response - Hacktool.Sipbot
http://www.symantec.com/security_response/writeup.jsp?docid=2007-050
914-5546-99&tabid=2
SIP (Java)
VoIP Security - Threats and Countermeasures
http://www.apan.net/meetings/newzealand2008/presentations/sip/apan26
-eric.pdf
SIP IP
Exposing Vulnerabilities in Media Software
http://www.blackhat.com/presentations/bh-europe-08/Thiel/Whitepaper/b
h-eu-08-thiel-WP.pdf
iSEC PARTNERS BlackHat 2008
OggSpeexFLACMPEG4 Fuzzing
RFC5118 - Session Initiation Protocol (SIP) Torture Test Messages for
Internet Protocol Version 6 (IPv6)
98
SIP 3
12.
2008 9
SIP
http://itpro.nikkeibp.co.jp/article/COLUMN/20080926/315503/
SIP NextGen
12.5 CVSS ()
CVSS
7.5
CVSS
99
SIP 3
13. Call-ID
13. Call-ID
13.1
MAC Call-ID
13.2
SIP REGISTER Call-ID REGISTER

SIP CSeq
RFC3261 8.1.1.4 Call-ID
Call-ID
INVITE From To tag
REGISTER
REGISTER SIP
SIP Call-ID
Call-ID REGISTER REGISTER
Call-ID
CSeq CSeq
CSeq
Cseq
100
SIP 3
13. Call-ID
SIP
REGISTER
Call-ID: 1234567
CSeq: 1
SIP
SIP
SIP
REGISTER
Call-ID: 1234567
CSeq: 10
REGISTER
Call-ID: 1234567
CSeq: 2
CSeq(2<10)
500 Server Internal Error

13-1 Call-ID Cseq
13.3
1) IPsecSSL-VPN SIP
2) SIP/RTP
3)
1) RFC
Call-ID
2) CSeq
CSeq
13.4
2002 6
2006 7

8.1.1.4 Call-ID
8.1.1.5 CSeq
SIP Stack Fingerprinting and Stack Difference Attacks
http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Scholz.pdf
101
SIP 3
13. Call-ID
13.5 CVSS ()
CVSS
4.0
CVSS
102
SIP 3
14.
14.
14.1
14.2
SIP
nonce, opaque
SIP
SIP
SIP
SIP
REGISTER

WWW-Authenticate: Digest
nonce="12345678",
REGISTER
Authorization: Digest
nonce="98765432",
14-1 nonce
SIP SIP SIP SIP (UAS) 407

401 SIP
nonce,opaque
WWW-Authenticate: Digest
realm="biloxi.com",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
103
SIP 3
14.
SIP 401/407 SIP (UAC)

SIP
Authorization: Digest username="bob",
realm="biloxi.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="sip:bob@biloxi.com",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
cnonce nc (response)
nonce,opaque UAS
cnonce UAC
cnonce cn cnonce 1
1
nonce
nc
14.3
1) IPsecSSL-VPN SIP
2) SIP/RTP
3)
1)
/UAS
Call-ID
From (IP )
CSeq
SIP (SIP )
To
104
SIP 3
14.
/UAS
username
uri
realm
nonce
opaque
nc ()
cnonce (:nc=1)(2 )
response
2) cnonce
3) (nonce,opaque)
105
SIP 3
14.
14.4
1999 6
2002 6
2007 3
2007 3
2007 3
2007 3
2007 3
2007 3
2007 3
2008 10
RFC2617 HTTP Authentication: Basic and Digest Access Authentication

22 Usage of HTTP Authentication
Sipera
Insufficient integrity checks on SIP digest authentication messages
179&
Sipera
Absence of server authentication during SIP digest authentication
180&
Sipera
Registrar honors replayed authentication parameters
181&
Sipera
No cross-check performed between username of user requesting
authentication and username used in credentials during SIP digest
authentication
182&
Sipera
Some implementations of SIP Proxy may honor replayed authentication
credentials
183&
Sipera
Service provider call feature servers may be vulnerable to service theft
when sent a replayed and spoofed feature invocation message
188&
Sipera
Service provider call feature servers may be vulnerable to call hijacking
189&
Analysis of a VoIP Attack (Klaus Darilion, IPCom)
http://www.ipcom.at/fileadmin/public/2008-10-22_Analysis_of_a_VoIP_At
tack.pdf
2008 10 VoIP
IP
SIP SIP proxySIP
106
SIP 3
14.
14.5 CVSS ()
CVSS
5.1
CVSS
107
SIP 3
15. IP
15. IP
15.1
SIP IP SIP
15.2
15-1 SIP SIP
SIP SIP
INVITE IP SIP
SIP SIP
SIP
SIP
REGISTER
SIP
SIP
INVITE
INVITE
INVITE
15-1 IP
SIP
REGISTER INVITE
SIP INVITE SIP SIP
SIP SIP
SIP SIP
SIP
108
SIP 3
15. IP
SIP SIP SIP

SIP
SIP
SIP
15.3
1) IPsecSSL-VPN SIP
2) SIP/RTP
3)

2) IP
15.4
2002 6
2006 6
2007 3

TTC JJ-90.24 SIP SIP
http://www.ttc.or.jp/j/document_list/sum/sum_JJ-90.24v2.pdf ()
4.1.3.2 Contact
Sipera
Endpoints vulnerable to accepting requests from source IP other than
the specified server
http://www.sipera.com/index.php?action=resources,threat_advisory&ti
d=186&
109
SIP 3
15. IP
15.5 CVSS ()
CVSS
5.0
CVSS
110
SIP 3
16. IP SIP
16. IP SIP
16.1
SIP IP SIP
IP (
)
16.2
INVITE SDP (127.0.0.1)

Via Contact IP
16-1 SIP SIP INVITE Via

SDP c IP
Via SIP IP SIP
SIP SDP c
SIP
16-1 SIP SIP
111
SIP 3
16. IP SIP
SIP IP
1)
2)
3)
4)
5)
6)
Request URI
Via
Contact
Route
Record-Route
SDP c
1), 3), 4)SIP SIP
2) SIP SIP
5)
Route SIP SIP
6) SIP SIP
SIP SIP
16.3
1) IPsecSSL-VPN SIP
2) SIP/RTP
3)
4) SIP
SIP IP

2) IP
112
SIP 3
16. IP SIP
IP IP
3) UDP/TCP
0 1023 well known
SDP m SIP
16.4
2002 6
2007 3

Sipera
Implementation flaws may allow remote attacker to exploit improperly
handled error conditions
185&
16.5 CVSS ()
CVSS
5.0
CVSS
113
SIP 3
17.
17.
17.1
SIP IP
OS OS OS
OS
1)
2)
3)
4)
ITRON
VxWorks
Linux
WindowsCE(Windows Mobile)
OS SIP Windows Linux
OS
() Windows Linux
()IP
17.2
GDB(GNU Source-Level Debugger)

OS (VxWorks )
1)
2)
3)
114
SIP 3
17.
17-1
17.3
1)
1)
115
SIP 3
17.
17.4
2006 9
2006 7
2005 11
2007 10
Hacking VoIP Phones:802.11b/g Wireless & Wired

http://www.io.com/~shawnmer/voipsecexp/noconname_2006_Merdinger.p
df
Hacking VoIP Exposed
http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Endler.pdf
Cisco 7920 Wireless IP Phone VxWorks Remote Debugger Access
Vulnerability
http://www.securityfocus.com/bid/15456
Debugging with GDB
18.2.1 Using GDB with VxWorks
http://sourceware.org/gdb/current/onlinedocs/gdb_19.html#SEC182
17.5 CVSS ()
CVSS
6.0
CVSS
116
SIP 3
18.
18.
18.1
SIP SIP
ID
18.2
SIP TCP/IP
SIP
SIP
SIP, SDP
RTP
RTCPCODEC
DNSENUM
18-1.
SIP
117
SIP 3
18.
1)
I/F
SIP
Web (HTTP )
(TELNETRLOGINSSH )
(SNMP WRITE )
ID
SIP SIP
IP SIP
SIP
SIP/RTP
2)
SIP
TFTP ID
MAC
ID
SIP
SIP SIP
3)
SIP
4)
SIP ()
ID
118
SIP 3
18.
ID
1)
I/F
(I/F)
I/F
SIP
TFTP
IP
I/F
2)
TFTP
TFTP
UDP
TFTP UDP
TFTP
TFTP
Ethernet
IP VLAN
IP SIP TFTP
IP
3)
WEB XSS XSRF SQL
WEB XSS() XSRF(

) WEB
JavaScript
WEB
WEB SQL
WEB
119
SIP 3
18.
WEB XSS SQL SIP

IP-PBX
IP
4)
Web
IP
18.3
1)
2)
3)
4) HTTP SSL/TLS
1)
2)
3)
4) HTTP
WEB
120
SIP 3
18.
18.4
2005 5
Vulnerabilities in SOHO VoIP Gateways

Peter Thermos and Guy Hadsall, The VoPSecurity.org Forum
http://www.vopsecurity.org/papers/Security_Issues_with_SOHO_VoIP_Gate
ways-052005.pdf
2005 10
I/F
VOIPSA - VoIP Security and Privacy Threat Taxonomy
http://www.voipsa.org/Activities/VOIPSA_Threat_Taxonomy_0.1.pdf
2006 12
VoIP OS TCP/IP
Hacking VoIP Exposed - David Endler and Mark Collier for BlackHat 2006
1999 6
SNMPTFTP VoIP
RFC2616 - Hypertext Transfer Protocol -- HTTP/1.1
2000 5
HTTP RFC
RFC2818 - HTTP Over TLS
http://www.ipa.go.jp/security/rfc/RFC2818JA.html []
1983 5
TLS HTTP RFC

RFC854 - TELNET PROTOCOL SPECIFICATION
2003 4
TELNET RFC
RFC3512 - Configuring Networks and Devices with Simple Network
Management Protocol (SNMP)
2003 8
SNMP RFC
RFC3584 - Coexistence between Version 1, Version 2, and Version 3 of the
Internet-standard Network Management Framework
1991 12
2007 3
SNMP
SNMP RFC
RFC1282 BSD Rlogin
RLOGIN RFC
IPA Secure Shell
http://www.ipa.go.jp/security/rfc/RFC.html#13
SSH RFC
121
SIP 3
18.
1992 7
2007 12
2007 10
2007 10
2008 4
2008 6
RFC1350 - THE TFTP PROTOCOL (REVISION 2)

TFTP RFC
Cisco Unified IP Phone Remote Eavesdropping
http://www.cisco.com/en/US/products/products_security_response09186a0
080903a6d.html
Ciscon IP
Remote Wiretapping on Cisco Phones
http://www.hack.lu/archive/2007/hacklu07_Remote_wiretapping.pdf
Cisco IP 7940 IP
Owning the internal network with SIP (part 1) and a Linksys Phone
http://seclists.org/fulldisclosure/2007/Oct/0174.html
LynkSys SPA-941 XSS()
[VOIPSEC] XSS and SQL injection via SIP (part 2) and toll fraud bonus
http://voipsa.org/pipermail/voipsec_voipsa.org/2007-October/002466.html
XSS IP-PBX SQL
Asterisk
(Areski, FreePBX, Tribox)
Australians falling victim to foreign phone hackers
http://www.livenews.com.au/Articles/2008/04/17/Australians_falling_victi
m_to_foreign_phone_hackers
2 IP
10
IPA 3
http://www.ipa.go.jp/security/vuln/websecurity.html
SQL XSS
9
122
SIP 3
19. ID
19. ID
19.1
SIP ID
1)
2)
3)
4)
5)
SNMP
SIP :
SIP : SIP ID
SIP ID
19.2
1)
SIP
IP
ID SIP SIP DNS NTP

SIP/RTP
SIP : IP
SIP : IP
RTP : IP
SIP URI ()
SIP (REGISTER)
SIP/RTP UDP
NTP : IP
TFTP : IP
STUN : IP
SNMP SNMP
DHCP
IP IP DNS IP
123
SIP 3
19. ID
2)
SIP :
SIP
SIP
(SPAM)IP
SPIT(Spam for Internet Telephony)SPIT IP
ID
ID
ID
3)
SNMP
SIP SNMP(Simple Network Monitoring

Protocol: )
SNMP IP
SNMP SNMP
(SNMP Read)
SNMP Walk
IP
SNMP (SNMP Write)
4)
SIP ID
SIP SIP SIP URI

SIP SIP ID
ID
5)
SIP ID
SIP
SIP OPTIONS SIP REGISTER
SIP
SIP SIP SIP
SIP
SIP
1)
2003 Defcon 11
Watching the Watcher
Web
124
SIP 3
19. ID
Web
ID
IP SIP
Web
Web
intitle:URL inurl:
..
SIP
SIP
robots.txt
Web
robots.txt robots.txt
Web
2)
SNMP
SNMP
SNMP SNMP
HTTP Web Web

GUI SNMP
GUI
Web XML
SNMP UDP
CPU
IP
SNMP IP
SNMP
125
SIP 3
19. ID
SNMP ()
SIP SNMP
3)
SIP :
SPIT
SPIT IETF
(A Framework for Reducing Spam for Internet Telephony)
4)
SIP ID
SIP SIP SIP

SIP
SIP SIP
TLS IPsec
5)
SIP ID
SIP SIP
ID
SIP
ID
ID REGISTER ID
ID REGISTER
SIP ID
ID SIP ID
SIP ID
OPTIONS SIP SIP

ID
SIP SIP
19.3
1)
Ethernet VLAN
126
SIP 3
19. ID
SIP
LAN
2) IPsec SIP
IPsec SIP SIP
3) SIP
SIP SIP
SIP SIP SIP
IDS()
1)
SNMP
IP
2) TLS IPsec SIP

TLS IPsec SIP
3) ID
SIP ID SIP
4)
()SIP
SIP
19.4
2007 2
2006 12
2003
2007 6
2006 12
RSA Conference 2007 - Exploiting Voice over IP Networks

http://www.hackingvoip.com/presentations/RSA%202007.pdf
Hacking VoIP Exposed Voice over IP Security Secrets & Solutions,
David Endler and Mark Collier; McGraw-Hill Professional Publishing;
ISBN: 0072263644
http://www.hackingexposedvoip.com/
DefCon 11 Watching the Watchers
Target Exploitation via Public Search Engines
http://www.defcon.org/images/defcon-11/dc-11-presentations/dc-11-Long/dc11-long.ppt
A Framework for Reducing Spam for Internet Telephony

http://www.tschofenig.com/svn/draft-tschofenig-spit-prevention-framework/
draft-tschofenig-sipping-framework-spit-reduction-00.txt
Hacking VoIP Exposed - David Endler and Mark Collier for BlackHat 2006
127
SIP 3
19. ID
2010 7
5060/UDP
http://www.npa.go.jp/cyberpolice/detect/pdf/20100714.pdf
UDP 5060
OPTIONS
128
SIP 3
20. SIP TLS
20. SIP TLS

20.1
TLS
TLS TLS
SIP
SIP
SIP
TLS
Client Hello
TLS
Client Hello
Server Hello
Server Hello
SIP
TLS
Client Key Exchange
TLS
Client Key Exchange
TLS
Change Cipher Spec
TLS
Change Ciper Spec
SIP
SIP REGISTER
TLS
SIP
SIP
SIP REGISTER
SIP
200 OK
SIP
200 OK
SIP
SIP
SIP
20-1 TLS
20.2
TLS TLS
Man in the Middle(MITM)

129
SIP 3
20. SIP TLS
20-1 TLS SIP SIP
SIP TLS SIP TLS

ARP DNS SIP SIP
TLS
SIP SIP TLS
TLS SIP SIP

20-1
TLS SIP SIP SIP
REGISTER
SIP SIP
SIP
1)
TLS 20-1
SIP SIP
SIP SIP
TLS
SIP CA

130
SIP 3
20. SIP TLS
SIP
SIP
CA
CA
()
CA
TLS
CA
VA
()
ID
TLS
1 3
a f (a) (f)
20-2
20-2 TLS TLS
SIP SIP SIP

SIP
TLS 20-2
CA
SIP CA
CA 20-2 SIP
CA
CA CA
CA CA SIP
SIP
(CA)
CA
131
SIP 3
20. SIP TLS
RFC 3647
X.509 PKI ()
2)
TLS
TLS 2008 9
TLS 1.2
(a)
(b)
(c)
(d)
(e) DES
IDEA
(f)
20-1 TLS
TLS
Diffie-Hellman
TLS
ServerHello
TLS

DES
IDEA
TLS 1.2
Appendix D.1
TLS 1.2
Appendix D.2
TLS 1.2
Appendix D.3
TLS 1.2
Appendix D.4
draft-ietf-tls-de
s-idea
(@IT)
20.3
1) TLS
TLS
(CA)
[RFC 3647]
132
SIP 3
20. SIP TLS
1) TLS
RFC 5246 TLS 1.2 Appendix D.
Implementation Notes
Appendix E, F
TLS ASN.1 AES
SHA1
2) TLS
3) TLS
133
SIP 3
20. SIP TLS
20.4
2003 10
2003 11
2006 4
2006 9
2007 5
2010 5
2008 4
2008 5
2008 8
2008 6
CA-2003-26 Multiple Advisories in SSL/TLS Implementations

http://www.lac.co.jp/info/cert_advisory/ca-2003-26.html
ASN.1 OpenSSL, SSLeay
RFC 3647: X.509 PKI
()
http://www.ipa.go.jp/security/rfc/RFC3647JA.html
() RFC 3647 Internet X.509 Public Key Infrastructure Certificate
Policy and Certification Practices Framework

http://www1.tools.ietf.org/html/rfc4347
Peer Authentication Vulnerability In Ingate Products
(SIP Over TLS - X.509)
http://www.derkeiler.com/Mailing-Lists/Securiteam/2006-09/msg00023.ht
ml
exponent 65535 exponent 3 TLS
JVNDB-2007-000404
RSA BSAFE Cert-C Crypto-C (DoS)
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000404.html
Cisco Security Advisory: Vulnerability In Crypto Library
Document ID: 91890
Advisory ID: cisco-sa-20070522-crypto.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
TLS ASN.1

Security (DTLS)
6.9. Media over SRTP
iSkoot disclosure of Skype credentials resolved
http://voipsa.org/blog/2008/04/28/iskoot-disclosure-of-skype-credentials-res
olved-new-version-by-wednesday/
Skype Symbian Skype
AST-2008-007 Cryptographic keys generated by OpenSSL on
Debian-based systems compromised
http://voipsa.org/pipermail/voipsec_voipsa.org/2008-May/002671.html
Debian Linux Asterisk OpenSSL
RFC 5246 The Transport Layer Security (TLS) Protocol, Version 1.2
TLS
Datagram Transport Layer Security version (DTLS) 1.2
http://tools.ietf.org/html/draft-ietf-tls-rfc4347-bis
2010 7 04
134
SIP 3
20. SIP TLS
IETF TLS Working Group

http://www.ietf.org/html.charters/tls-charter.html
TLS
IETF PKIX Working Group
http://www.ietf.org/html.charters/pkix-charter.html
X.509
20.5 CVSS ()
CVSS
2.6
CVSS
135
SIP 3
21. SRTP
21. SRTP
21.1
8 RTP RTP
SRTP(Secure RTP)
SRTP ()SIP
SDP
SIP SDP SRTP
SIP
SRTP
21.2
SIP
A

SIP
SIPA
INVITESDPa=
SIP
B
SIPA
INVITESDPa=
SIPB
200 OKSDPa=
SIPB
200 OKSDPa=
SRTP
SIP
SRTP
SRTP
SRTP
21-1 SIP SRTP SRTP
136
A

B
SIP 3
21. SRTP
SIP
SIP IP
INVITE 200 OK SDP
a=crypt SRTP
a=crypt 21-2 1
RFC 4568 a=crypt 2

a=crypt
v=0
o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5
s=SDP Seminar
i=A Seminar on the session description protocol
u=http://www.example.com/seminars/sdp.pdf
e=j.doe@example.com (Jane Doe)
c=IN IP4 161.44.17.12/127
t=2873397496 2873404696
m=video 51372 RTP/SAVP 31
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
m=audio 49170 RTP/SAVP 0
a=crypto:1 AES_CM_128_HMAC_SHA1_32
inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
m=application 32416 udp wb
a=orient:portrait
21-2 SDP (RFC 4568)
SRTP SRTP
SRTP
SRTP RTP
IP IP
(IVR)
SRTP
RTP
RTP RTP RTCP(:

Realtime Control Protocol)RTP RTP
RTP
RTCP []10.
RTCP
1)
RFC4568 SDES
SRTP[RFC3711]
RTP
IPsec IP SRTP RTP
137
SIP 3
21. SRTP
SRTP
RFC 4568 SRTP
SDP
SIP SDP a=
a=crypt sDescription(SDES)
RFC4568 SRTP RFC4568 SDP
SDP SIP
SRTP
2)
SRTP
SRTP SDP
SIP TLS IPsec SIP
S/MIME SDP
SDP MIKEY ZRTPIKE
8
SRTP SRTP
TLS
IPsec
S/MIME
MIKEY
ZRTP
IKE
8
SRTP
SIP SIP
SIP
SDP
SRTP
1
RTP
IPsec
IP-PBX
RTP
SIP
8 SRTP SIP
SIP SIP SIP SIP
SRTP SIP 1 1
SIP SRTP
RTP
SIP SIP
SRTP SIP
138
SIP 3
21. SRTP
TLS UDP DTLS(RFC 4347: Datagram Transport Layer Security)

SIP SRTP
DTLS-SRTP
Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure
Real-time Transport Protocol (SRTP)
DTLS-SRTP TLS
SRTP SRTP
DTLS
DTLS
SRTP DTLS-SRTP SRTP
SIP
SIP RTP
DTLS-SRTP framework(RFC 5763: Framework for Establishing a Secure Real-time
Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security
(DTLS))
21.3
1) SIPSRTP RTP
SIP VLAN
2) SIP TLS DTLSIPsec
1) RTP SRTP
SIP TLS DTLSIPsec
2) IPsec SIP/RTP
IPsec
139
SIP 3
21. SRTP
21.4
2003 7
2004 3
2006 4
2008 7
2010 5
2010 5

9. Security
*(Erratta) http://www.rfc-editor.org/errata_search.php?rfc=4347
DTLS-SRTP Key Transport
http://tools.ietf.org/html/draft-wing-avt-dtls-srtp-key-transport
RFC5764 - Datagram Transport Layer Security (DTLS) Extension to
Establish Keys for the Secure Real-time Transport Protocol (SRTP)
Security (DTLS)
21.5 CVSS ()
CVSS
5.0
CVSS
140
SIP 3
22. SRTP
22. SRTP
22.1
VBR(Variable Bit Rate: )
SRTP(Secure RTP)
SRTP (2008 )
22.2
SRTP IP
SRTP
VBR(Variable Bit Rate: )
2008 3 [VBR ]
90%
50%
VBR RTP
RTP
G.711
8,000 8
G.711 PCM 64Kbps
(CBR: Constant Bit Rate)
VBR
JPEG MPEG
RTP
CELP(Code-Excited Linear Prediction)CELP
CELP
CELP
141
SIP 3
22. SRTP
CELP QCELP
Speex VBR
(VAD: )
VBR
VBR 90%
[VBR ]
Winny Skype
P2P
22.3
1) SRTP VBR
(CBR)
2) SRTP VBR
1) SRTP VBR
2) VBR
3) SRTP RTP VBR
142
SIP 3
22. SRTP
22.4
2003 7
2004 3
2007 4
2008 3
2008 6

9. Security
Asterisk encryption
http://www.voip-info.org/wiki/view/Asterisk+encryption
Asterisk SRTP
[VBR ]
Uncovering spoken phrases in encrypted VoIP conversations
Johns Hopkins University, Department of Computer Science
http://www.cs.jhu.edu/~fabian/papers/oakland08.pdf
VoIP VBR
MIT Technology Review - Breaking Phone-Call Encryption

http://www.technologyreview.com/Infotech/20913/?a=f
VBR VoIP
MIT Technology Review Technology Review
(1899 )
143
SIP 3
22. SRTP
22.5 CVSS ()
CVSS
5.0
CVSS
144
3GPP
3rd Generation Partner Project 3
ACK
SIP
AES
Advanced Encryption Standard (NIST)
AIPN
All IP Network: IP
AJAX
Asynchronous JavaScript + XML JavaScript HTTP

Web
ARP
Address Resolution Protocol IP Ethernet

MAC
ARP Poisoning
MAC
ARP Spoofing
IP
ASCII
ASCII
BYE
SIP
CA
Certificate Authority PKI
Call-ID
SIP ID
CANCEL
SIP
CELP
Code-Excited Linear Prediction

1
CNAME
Canonical Name
CODEC
Contact
URI
CSeq()
SIP
CVE
Common Vulnerabilities Exposures MITRE

Corporation
CVSS
Common Vulnerability Scoring System
DCCP
Datagram Congestion Control Protocol UDP
DDoS
Distributed Denial of Service
DES
Data Encryption Standard 1960 IBM
Diffie-Hellman
DNS
Domain Name System IP
145
DoS
Denial of Service
DTLS
Datagram Transport Layer Security
DTMF
Dial Tone Multi Frequency
Ethernet
IEEE 802.3 Xerox DEC LAN
FirewallFWF/W
From
tag
FTTH
Fiber To The Home
Fuzzing
G.711
ITU-T PCM
64kbps
H.323
ITU-T
HA
High Availability
hop-by-hop
HTTP
Hypertext Transfer Protocol Web Web HTML
I/F
Interface
ICMP
Internet Control Message Protocol TCP/IP
ID
Identifier
IPS
Intrusion Prevention System
IDS
Intrusion Detection System
IETF
The Internet Engineering Task Force
IMS
IP Multimedia Subsystem
INFO
SIP
INVITE
SIP
IP
Internet Protocol OSI
IPsec
Security Architecture for Internet Protocol

IP
IP
VoIP
146
IVR
Interactive Voice Response
JPEG
JVN
Japan Vulnerability Notes
MAC
Media Access Control address Ethernet
MD5
Message Digest 5
()
MEGACO
media gateway control IP
MESSAGE
SIP
MIB
Management Information Base
MIKEY
Multimedia Internet Keying SRTP
MITM
Man in the Middle
MPEG
Moving Picture Experts Group
NGN
Next Generation NetworkIP
NOTIFY
SIP
NTP
Network Time Protocol
OMA
Open Mobile Alliance
PKI
Public Key Infrastructure
PPPoA
PPP over ATM PPP ATM
PPPoE
PPP over Ethernet PPP Ethernet
PRACK
SIP
PUBLISH
SIP
QCELP
Qualcomm's Code Excited Linear Prediction CDMA

CELP
REFER
SIP
REGISTER
SIP contact
re-INVITE
SIP
response
RFC
Request For Comment IETF
RLOGIN
UNIX
147
ROHS
Restriction of the Use of Certain Hazardous Substances in

Electrical and Electronic Equipment EU
RST
TCP
PSTN
Public Switched Telephone Networks

IP
RTCP
RTP Control Protocol RTP
RTP
Real-time Transport Protocol
S/MIME
Secure Multipurpose Internet Mail Extensions
SANS
SDP
Session Description Protocol
SHA
Secure Hash Algorithm 1 SHA1
SIMPLE
SIP for Instant Messaging and Presence Leveraging Extensions
SIP
Session Initiation Protocol
SIP UA
SIP User AgentSIP
SIP URISIP-URL
SIP Uniform Resource IdentifierSIP
SIP
SIP
SIP
SIP
SNMP
Simple Network Monitoring Protocol
SPAM
Speex
SPIT
Spam for Internet TelephonyIP
SRTP
Secure Real-time Transport Protocol

RTP
SSL
Secure Socket Layer TCP UDP

(TLS )
SSL-VPN
Secure Socket Layer Virtual Private Network SSL

VPN
SSRC
Synchronization Source Identifier
SUBSCRIBE
SIP
TCP
Transmission Control Protocol

TCP UDP
TCP/IP
Transmission Control Protocol/Internet Protocol

TCP IP
148

TELNET
TFTP
Trivial File Transfer Protocol
TLS
Transport Layer Security TCP UDP

(SSL )
To
UA
UAC
User Agent Client
UAS
User Agent Server
UDP
User Datagram Protocol

UDP TCP
UOPF
Ubiquitous Open Platform Forum
UPDATE
SIP
URL
Uniform Resource Locator
VBR
Variable Bit Rate:
Via
SIP
VLAN
Virtual LAN
VoIP
Voice over IP IP
VRRP
Virtual Router Redundancy Protocol
Web
World Wide Web
WEP
Wired Equivalent Privacy
WPA
Wi-Fi Protected Access WEP
X.509
(CRL)
ZRTP
PGP Phil Zimmerman(

) RTP
ID
To From Call-ID
149
SIP
SDPSession Description Protocol
LAN
LAN
IP
150
SIP
IP
[
3
[
1 2
[
] NTT AT

IPA
URL: http://www.ipa.go.jp/security/todoke/
OS
IC
W eb
W eb
Web
JPCERT/CC JPCERT

113-6591
288
16
http://www.ipa.go.jp
TEL: 03-5978-7527 FAX 03-5978-7518
http://www.ipa.go.jp/security/

Sip JP

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sip JP

Uploaded by

Copyright:

Available Formats

SIP

Sun MicrosystemsSun Java SolarisJavaJDK

18. ..................................................................................... 117

IETFInternet Engineering Task Force

NIAC: National Infrastructure Advisory Council

CVSS (Temporal Score)

IPA JVN iPedia1

Ethernet (IEEE802.3), Wireless (IEEE802.11), etc...

SIP UA SIP SIP

UACUser Agent Client

SIP SIP SIP

Registrar, Registration Server

sip: alice @ example.co.jp

INVITE sip:bob@biloxi.com SIP/2.0

100 Trying180 Ringing

200 OK202 Accepted

300 Multiple Choices 301 Moved

400 Bad Request401 Unauthorized

500 Server Internal Error 501 Not

600 Busy Everywhere603 Decline

487 Request Terminated

487 Request Terminated

401 Unauthorized HTTP

407 Proxy Authentication Required

INVITE (Proxy, UA)

INVITE (Proxy, UA)

LAN SIP SIP

-1-20 NGN SIP

SIP SIP SIP /

LAN WPA(Wi-Fi Protected Access)

IMS SIP P-CSCF(Proxy-CSCF)

IMS IPsec IPsec

IMS IPsec IPsec

SIP TLS(Transport Layer Security)RTP

1) SIP over TLS over TCP

(Comprehensive VoIP Security for the Enterprise)

Visual C++ 2010

IPv4 TCP SIP

AJAX Web 2.0

1-1 SIP SIP

SIP INVITE SIP IP

REGISTER SIP (IP )

1-3 SIP INVITE Call-ID

RFC3261 22.1 Framework CANCEL SIP

1-5 INVITE SIP

SIP UDP UDP

1-6 SIP INVITE 183 Session

1-7 CANCEL Cseq

RFC3261 SIP: Session Initiation Protocol

2-1 SIP SIP

2-2 SIP INVITE SIP 100 Trying

302 Moved Temporarily ()

INVITE 302 Moved Temporarily

INVITE 302 Moved Temporarily

SIP-URI 302 Moved Temporarily Contact

2-3 SIP INVITE SIP 100 Trying

2-3 Moved Temporarily ()

404 Not Found ()

INVITE 404 Not Found

INVITE 404 Not Found INVITE

404 Not Found

2-4 CANCEL 2-2/2-3

2-4 404 Not Found ()