SIP realisert i Asterisk - teori og eksperiment

Today commercial electronic communications are developing fast, at the same time the tendency is that commercial and military systems use the same technologies. Therefore the Norwegian Armed Forces has been interested in taking a closer look at some of these new communications systems. Based on this, the Norwegian Defence Research Establishment has studied some selected relevant commercial systems and technologies for electronic communication. In this report Voice over Internet Protocol (VoIP) is described with focus on security. VoIP is voice communication or other multimedia sessions over IP based networks, which means networks that are packet-switched. We have set up our own lab, where we have looked at how the most used protocols for VoIP, Session Initiation Protocol (SIP) and Real-time Transport Protocol (RTP) work in the case of voice communication. Both the VoIP-servers and the VoIP-clients have used VoIP-freeware. The VoIP-servers used the Asterisk software. We have focused on how the VoIP-clients register with the VoIP-servers, and how the voice sessions are being started and terminated in different experimental setups. The different experimental setups were:  The VoIP-clients were registered with the same server  The VoIP-clients were registered with different VoIP-servers and were communicating directly using SIP Unified Resource Identifier (URI)  The VoIP-clients were registered with different VoIP-servers and were communicating using an external VoIP service provider  A VoIP-client was communicating with a Public Switched Telephone Network (PSTN) or Global System for Mobile Communication (GSM) phone via an external VoIP service provider The VoIP-clients have been connected to the servers in different ways in the experiments. They have been connected using internal “Wireless Local Area Network” (WLAN), external WLAN and ”Universal Mobile Telecommunications System” (UMTS). The main conclusion is that the SIP and RTP traffic is mostly independent of the experiments and how the clients are connected to the servers. The traffic is also mostly as expected according to examples found in the literature. The experiments verified that there was no authentication of the client if he tries to modify session parameters during the session or end the session. This is a vulnerability in SIP. There is neither any authentication of the caller client if he uses the SIP URI when he contacts the receiver.