SIP - Basics

Seminar on Instant Messaging and PresenceArchitectures in the Internet

Niko Lindqvist (niko.lindqvist@cs.helsinki.fi)28.9.2005

Wed 16:15 C222

Agenda

• SIP Introduction & Examples• SIP Definitions• SIP Building Blocks• SIP Messages• SDP Protocol & Example• DNS and SIP• SUBSCRIBE/NOTIFY Extension• MESSAGE Extension• SIP Security

SIP Introduction

• Session Initiation Protocol (RFC 3261)– Initiates (negotiates), modifies and

terminates session– Compare to telephony signaling protocols

• Does not reserve any resources or any kind ofcircuits

– Is not used to carry user data– SIP URI: sip:ville@karpaasi.fi

• Text based

Mari Ville

1: INVITE ville@pc2.acme.fi

2: 100/Trying

3: 180/Ringing

4: 200/OK

5: ACK

Media

1: BYE

2: 200/OK

Simple SIP Example

Mari Ville(pc6.karpaasi.fi)

1: INVITE ville@karpaasi.fi

3: 100/Trying

8: ACK

9: BYE

10: 200/OK

acme.fi

SIPProxyServer

&SIP

RegistrarServer

2: INVITE ville@pc6.karpaasi.fi

4: 180/Ringing

5: 180/Ringing

6: 200/OK

7: 200/OK

karpaasi.fi karpaasi.fi

Media

SIP session with Proxy server

LocationService

Mari

Ville(ws14.epo.fi)

1: INVITE ville@karpaasi.fi

8: INVITE ville@ws14.epo.fi

9: 200/OK

acme.fi

SIPRedirectServer

2: ville@karpaasi.fi?

3: ville@ws14.epo.fi

karpaasi.fi

4: 302/Moved temporarily contact: ville@ws14.epo.fi

5: ACK

epo.fi

SIP Redirect Server

SIP Definitions• Address-of-Record: An address-of-record (AoR)

is a SIP URI that points to “public” SIP address ofthe user.

• Call: A call is an informal term that refers to somecommunication between peers

• Dialog: A dialog is a peer-to-peer SIP relationshipbetween two UAs.

• Location Service: A location service is used by aSIP redirect or proxy server to obtain informationabout users possible SIP URIs.

• Message: Data sent between SIP entities. Requestor Response message.

SIP Building BlocksUA - User Agent– A user agent is an SIP session endpoint entity. In

practice a UA is for example a VoIP softphoneapplication installed to users workstation.

Proxy Server– A Proxy reads the SIP message and if necessary,

rewrites it before forwarding it.Redirect server– A Redirect server maps the SIP address to zero or

more new addresses and returns them to the client.Registrar server– A Registrar updates the location database.

SIP Messages

• Two kinds of messages– Request– Response

• Message contents– Start Line (one line)– Headers (one or more lines)– Body

SIP Request Message

• Request– Message Start Line describes the SIP

Method (ie. INVITE), SIP URI and SIPversion:

– INVITE sip:ville@pc2.acme.fiSIP/2.0

SIP Response Message

• Response (SIP/2.0 200 OK)– Is divided to six different categories:

• 1xx: Provisional class: For example: 180 Ringing• 2xx: Success class: For example: 200 OK• 3xx: Redirection class: For example: 302 Moved temporarily contact:

<SIP URI>• 4xx: Client Error class• 5xx: Server Error class• 6xx: Global Failure class

Request Message Example1. INVITE sip:ville@pc2.acme.fi SIP/2.0

2. Via: SIP/2.0/UDP pc1.acme.fi:5060

3. Max-Forwards: 70

4. To: Ville <sip:ville@pc2.acme.fi>

5. From: Mari <sip:mari@pc1.acme.fi>;tag=19283017

6. Call-ID: a84b4c76e66710@pc1.acme.fi

7. CSeq: 314159 INVITE

8. Contact: <sip:mari@pc1.acme.fi>9. Content-Type: application/sdp

10. Content-Length: 142

(Message body, SDP data, not shown)

Mari Ville

1: INVITE ville@pc2.acme.fi

2: 100/Trying

3: 180/Ringing

4: 200/OK

5: ACK

Media

1: BYE

2: 200/OK

Response Message Example(with Proxy)

1. SIP/2.0 200 OK

2. Via: SIP/2.0/UDP sip.karpaasi.fi;received=192.168.4.1

3. Via: SIP/2.0/UDP pc1.acme.fi;received=172.16.1.1

4. To: Ville <sip:ville@karpaasi.fi>;tag=a6c85cf

5. From: Mari sip:mari@pc1.acme.fi>;tag=19283017

6. Call-ID: a84b4c76e66710@pc1.acme.fi

7. CSeq: 314159 INVITE

8. Contact: <sip:ville@pc6.karpaasi.fi>9. Content-Type: application/sdp

10. Content-Length: 131

11. (Message body, SDP

data, not shown)Mari Ville

(pc6.karpaasi.fi)

1: INVITE ville@karpaasi.fi

3: 100/Trying

8: ACK

9: BYE10: 200/OK

acme.fiProxy

&Registrar

2: INVITE ville@pc6.karpaasi.fi

4: 180/Ringing5: 180/Ringing

6: 200/OK7: 200/OK

karpaasi.fi karpaasi.fi

Media

SDP Protocol

• RFC 2327• Describes media streams within

multimedia sessions• Unicast and multicast supported

SDP Example (Request)

1. v=0

2. o=Mari 58474833 5849388548 IN IP4 192.168.4.5

3. s=Call from Mari.

4. c=IN IP4 pc1.acme.fi

5. m=audio 3456 RTP/AVP 0 31 35

DNS & SIP

• DNS SRV record is used to find out a the SIPProxy server serving the certain domain.Compare to DNS MX records use in SMTP.

• DNS SRV record format:Service._Proto.Name TTL Class SRV Priority Weight Port Target

• For Example (sip:ville@karpaasi.fi):_sip._udp.karpaasi.fi 43200 IN SRV 10 10 5060 sip.karpaasi.fi

SUBSCRIBE/NOTIFYExtension

• RFC 3265• Both are SIP Methods --> Used in SIP

Request messages• SUBSCRIBE: Requests current state

and state updates from a remote UA• NOTIFY: Notifies the current state

information of the UA

SUBSCRIBE/NOTIFYMessage Flow

Subscriber Notifier

|-----SUBSCRIBE---->| Request state

|<-------200--------| ACK subscription

|<------NOTIFY------| Return current state

|--------200------->| ACK NOTIFY

|<------NOTIFY------| Return current state

|--------200------->| ACK NOTIFY

MESSAGE Extension

• RFC 3428• SIP “Instant Messaging”• MESSAGE is a SIP method, used in

Request messages• User Data (messages) carried in SIP

Request messages, not it responsemessages.

MESSAGE Example1. MESSAGE sip:ville@karpaasi.fi SIP/2.0

2. Via: SIP/2.0/TCP pc1.acme.fi

3. Max-Forwards: 70

4. From: sip:mari@pc1.acme.fi;tag=49583

5. To: sip:ville@karpaasi.fi

6. Call-ID: asd88asd77a@1.2.3.4

7. CSeq: 1 MESSAGE

8. Content-Type: text/plain9. Content-Length: 21

10. Ville, lunch at 11am.

SIP Security

• SIP Message and User Data - Bothneed to be secure

• Speech hard to modify, easy to listenand record. (packet snooping)

• Instant messages trivial to modify• Identity theft• Bogus Proxys or other entities (Man-In-

The-Middle)

Auhenticated IdentityManagement

• “Enhancements for Authenticated IdentityManagement in the Session Initiation Protocol(SIP)” Internet Draft

• Solution to SIP Message alteration problems• Does not solve possibility to listen the

conversation (IPSec VPN?)• PKI is needed only on the central servers. Not

on every device.

AIM - Basics• UA’s register to Proxy over TLS link. UA can

be certain that the proxy is legitmate• Outbound Proxy authenticates the user. -->

User identity within Proxys domain islegitmate.

• Outbound Proxy counts a hash from thewhole SIP message including body andheaders (also From header) and signs withit’s private key.

• Receivers Inbound Proxy verifies thesignature and hash --> Receiver can be surethat the actual caller is who she claims to beand that the message has not been altered.

AIM

• Two new headers:– Identity: calculated hash– Identity-Info: information how to obtain

public key of the signing server

The End