Critical Review of An Identity-based Mechanism for Enhancing SIP Security

Introduction

The article “An Identity-based Mechanism for Enhancing SIP Security” describes security issues of VOIP

network due to inherent weaknesses of SIP protocol [1]. The author clearly demonstrates the problem that

inherent vulnerabilities of SIP protocol are responsible for numerous critical attacks since the primary

design purpose was to provide efficiency and reliability rather than security. According to researches, the

pivotal cause of such successful attacks is weak digest authentication mechanism during session

establishment phase in VOIP. The researchers reviewed different articles and concluded that the problem

is significant since VOIP integrates the worlds of data and telephony by assisting the transportation of

content related to voice and media over the network. VOIP is contingent on transference of voice traffic

over the IP network. So, security in such domain is significantly important.

Body

First of all, the research describes the core functionality of Session Initiation Protocol (SIP) in Voice over

IP (VOIP) network. SIP is a signaling protocol which is widely used in IP telephony. SIP is an open and

scalable protocol which can be easily integrated with other applications and protocols. Different research

articles were reviewed by the research to identify the fact that SIP is de facto protocol of VOIP and http

digest authentication is the only security mechanism. However, HTTP digest authentication is not secure

enough to deal with advanced and persistent threats in VOIP environment as it is one of the most

important areas to exploit. It is confined to unilateral authentication and is not resistant to dictionary or

brute force attacks. The research article efficiently demonstrates the issues in embedding security among

VOIP network. Although, TLS certifies transport layer security by offering secure sessions, however, it

does not run over the UDP protocol. To support real-time communication, SIP utilizes UDP to

communicate which don’t possess security. Moreover, S/MIME related solutions utilize PKI which is

difficult to manage. Similarly, IPSec is also based on Internet Key Exchange protocol which utilizes
public key so possesses same shortcomings of PKI. Therefore, according to researchers, the security of

VOIP network is complex and difficult than data applications as it utilizes different protocol stack.

Furthermore, such network requires interoperability between legacy and new protocols.

Although the research article demonstrates the security issues of VOIP efficient but the methodology

suggested in order to overcome such issues is not very much reliable. It is still prone to man in the middle

attacks in some scenarios since it only uses Deffie-Hellman technique. However, the analysis and

discussion session is well-organized and describes efficiency of proposed technique.

Conclusion

The research article clearly demonstrates the security issues of VOIP network along with its relative

importance in the domain of networking. It also highlights the importance of security in VOIP network. It

enlists all the vulnerabilities in SIP protocol which impede the security of VOIP. However, the

methodology to overcome such security issues is not very much reliable. In addition, the discussion and

analysis sections are also organized properly.

Reference

[1] R. Yu, J. Yuan, G. Du and P. Li, "An Identity-based Mechanism for Enhancing SIP Security", in

Software Engineering and Service Science (ICSESS), 2012 IEEE 3rd International Conference, 2012, pp.

447-451.

Link of research paper

http://jmp.sh/skH5Y3u