Security challenges for peer-to-peer SIP

Recent research activities have proposed using a peer-to-peer network for user registration and user location in session initiation protocol (SIP)-based voice-over-IP (VoIP) networks. The main motivation for peer-to-peer (P2P) SIP is higher robustness as well as easy configuration and maintenance (compared to client-server SIP). However, these advantages come at the price of security. In this article the security challenges of using a P2P network as a substrate for SIP communication are explored. After a short introduction to SIP and structured P2P networks, the different approaches that have been proposed for using P2P technology in conjunction with SIP are compared. We focus on design issues that affect security in order to identify the security implications of using a structured overlay network for SIP registration and location lookup. Finally, possible solutions for securing P2P SIP are examined and explicit suggestions on how to improve the security of P2P SIP are given

[1]  Eunsoo Shim An Architecture for Peer-to-Peer Session Initiation Protocol (P2P SIP) , 2006 .

[2]  George Danezis,et al.  Sybil-Resistant DHT Routing , 2005, ESORICS.

[3]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[4]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[5]  Jan Seedorf,et al.  Using Cryptographically Generated SIP-URIs to Protect the Integrity of Content in P2P-SIP , 2006 .

[6]  David Bryan,et al.  A P2P Approach to SIP Registration and Resource Location , 2006 .

[7]  David R. Karger,et al.  Analysis of the evolution of peer-to-peer systems , 2002, PODC '02.

[8]  Mudhakar Srivatsa,et al.  Vulnerabilities and security threats in structured overlay networks: a quantitative analysis , 2004, 20th Annual Computer Security Applications Conference.

[9]  Joachim Posegga,et al.  Voice Over IP : Unsafe at any Bandwidth ? , 2005 .

[10]  Christian Scheideler,et al.  How to spread adversarial nodes?: rotate! , 2005, STOC '05.

[11]  Cullen Jennings,et al.  SOSIMPLE: A Serverless, Standards-based, P2P SIP Communication System , 2005, First International Workshop on Advanced Architectures and Algorithms for Internet Delivery and Applications (AAA-IDEA'05).

[12]  Henning Schulzrinne,et al.  Peer-to-peer internet telephony using SIP , 2005, NOSSDAV '05.

[13]  Henning Schulzrinne,et al.  Using an External DHT as a SIP Location Service , 2006 .

[14]  Henry Sinnreich,et al.  SIP, P2P, and Internet Communications , 2006 .

[15]  David R. Karger,et al.  Chord: a scalable peer-to-peer lookup protocol for internet applications , 2003, TNET.

[16]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[17]  Joseph M. Hellerstein,et al.  Maelstrom: Churn as shelter , 2005 .