1. SIP - Basics
Seminar on Instant Messaging and Presence
Architectures in the Internet
Niko Lindqvist (niko.lindqvist@cs.helsinki.fi)
28.9.2005
Wed 16:15 C222
2. Agenda
• SIP Introduction & Examples
• SIP Definitions
• SIP Building Blocks
• SIP Messages
• SDP Protocol & Example
• DNS and SIP
• SUBSCRIBE/NOTIFY Extension
• MESSAGE Extension
• SIP Security
3. SIP Introduction
• Session Initiation Protocol (RFC 3261)
– Initiates (negotiates), modifies and
terminates session
– Compare to telephony signaling protocols
• Does not reserve any resources or any kind of
circuits
– Is not used to carry user data
– SIP URI: sip:ville@karpaasi.fi
• Text based
4. Simple SIP Example
1: INVITE ville@pc2.acme.fi
2: 100/Trying
3: 180/Ringing
4: 200/OK
Mari 5: ACK Ville
Media
1: BYE
2: 200/OK
5. SIP session with Proxy server
acme.fi 1: INVITE ville@karpaasi.fi
karpaasi.fi karpaasi.fi
SIP 2: INVITE ville@pc6.karpaasi.fi
3: 100/Trying
Proxy
Server
4: 180/Ringing
&
5: 180/Ringing SIP
Registrar 6: 200/OK
7: 200/OK
Server
Ville
Mari (pc6.karpaasi.fi)
8: ACK
Media
9: BYE
10: 200/OK
6. SIP Redirect Server
acme.fi 1: INVITE ville@karpaasi.fi
karpaasi.fi
SIP
2: ville@karpaasi.fi? Location
Redirect 3: ville@ws14.epo.fi Service
4: 302/Moved temporarily Server
contact: ville@ws14.epo.fi
5: ACK
Mari
epo.fi
8: INVITE ville@ws14.epo.fi
Ville
9: 200/OK (ws14.epo.fi)
7. SIP Definitions
• Address-of-Record: An address-of-record (AoR)
is a SIP URI that points to “public” SIP address of
the user.
• Call: A call is an informal term that refers to some
communication between peers
• Dialog: A dialog is a peer-to-peer SIP relationship
between two UAs.
• Location Service: A location service is used by a
SIP redirect or proxy server to obtain information
about users possible SIP URIs.
• Message: Data sent between SIP entities. Request
or Response message.
8. SIP Building Blocks
UA - User Agent
– A user agent is an SIP session endpoint entity. In
practice a UA is for example a VoIP softphone
application installed to users workstation.
Proxy Server
– A Proxy reads the SIP message and if necessary,
rewrites it before forwarding it.
Redirect server
– A Redirect server maps the SIP address to zero or
more new addresses and returns them to the client.
Registrar server
– A Registrar updates the location database.
9. SIP Messages
• Two kinds of messages
– Request
– Response
• Message contents
– Start Line (one line)
– Headers (one or more lines)
– Body
10. SIP Request Message
• Request
– Message Start Line describes the SIP
Method (ie. INVITE), SIP URI and SIP
version:
– INVITE sip:ville@pc2.acme.fi
SIP/2.0
11. SIP Response Message
• Response (SIP/2.0 200 OK)
– Is divided to six different categories:
• 1xx: Provisional class: For example: 180 Ringing
• 2xx: Success class: For example: 200 OK
• 3xx: Redirection class: For example: 302 Moved temporarily contact:
<SIP URI>
• 4xx: Client Error class
• 5xx: Server Error class
• 6xx: Global Failure class
12. Request Message Example
1. INVITE sip:ville@pc2.acme.fi SIP/2.0
2. Via: SIP/2.0/UDP pc1.acme.fi:5060
3. Max-Forwards: 70
4. To: Ville <sip:ville@pc2.acme.fi>
5. From: Mari <sip:mari@pc1.acme.fi>;tag=19283017
6. Call-ID: a84b4c76e66710@pc1.acme.fi
7. CSeq: 314159 INVITE
1: INVITE ville@pc2.acme.fi
8. Contact: <sip:mari@pc1.acme.fi> 2: 100/Trying
9. Content-Type: application/sdp 3: 180/Ringing
4: 200/OK
10. Content-Length: 142 Mari 5: ACK Ville
Media
(Message body, SDP data, not shown) 1: BYE
2: 200/OK
13. Response Message Example
(with Proxy)
1. SIP/2.0 200 OK
2. Via: SIP/2.0/UDP sip.karpaasi.fi;received=192.168.4.1
3. Via: SIP/2.0/UDP pc1.acme.fi;received=172.16.1.1
4. To: Ville <sip:ville@karpaasi.fi>;tag=a6c85cf
5. From: Mari sip:mari@pc1.acme.fi>;tag=19283017
6. Call-ID: a84b4c76e66710@pc1.acme.fi
7. CSeq: 314159 INVITE
8. Contact: <sip:ville@pc6.karpaasi.fi>
9. Content-Type: application/sdp
acme.fi karpaasi.fi karpaasi.fi
10. Content-Length: 131 1: INVITE ville@karpaasi.fi
Proxy 2: INVITE ville@pc6.karpaasi.fi
3: 100/Trying
& 4: 180/Ringing
5: 180/Ringing
Registrar 6: 200/OK Ville
11. (Message body, SDP Mari 7: 200/OK
(pc6.karpaasi.fi)
data, not shown) 8: ACK
Media
9: BYE
10: 200/OK
14. SDP Protocol
• RFC 2327
• Describes media streams within
multimedia sessions
• Unicast and multicast supported
15. SDP Example (Request)
1. v=0
2. o=Mari 58474833 5849388548 IN IP4 192.168.4.5
3. s=Call from Mari.
4. c=IN IP4 pc1.acme.fi
5. m=audio 3456 RTP/AVP 0 31 35
16. DNS & SIP
• DNS SRV record is used to find out a the SIP
Proxy server serving the certain domain.
Compare to DNS MX records use in SMTP.
• DNS SRV record format:
Service._Proto.Name TTL Class SRV Priority Weight Port Target
• For Example (sip:ville@karpaasi.fi):
_sip._udp.karpaasi.fi 43200 IN SRV 10 10 5060 sip.karpaasi.fi
17. SUBSCRIBE/NOTIFY
Extension
• RFC 3265
• Both are SIP Methods --> Used in SIP
Request messages
• SUBSCRIBE: Requests current state
and state updates from a remote UA
• NOTIFY: Notifies the current state
information of the UA
18. SUBSCRIBE/NOTIFY
Message Flow
Subscriber Notifier
|-----SUBSCRIBE---->| Request state
|<-------200--------| ACK subscription
|<------NOTIFY------| Return current state
|--------200------->| ACK NOTIFY
|<------NOTIFY------| Return current state
|--------200------->| ACK NOTIFY
19. MESSAGE Extension
• RFC 3428
• SIP “Instant Messaging”
• MESSAGE is a SIP method, used in
Request messages
• User Data (messages) carried in SIP
Request messages, not it response
messages.
21. SIP Security
• SIP Message and User Data - Both
need to be secure
• Speech hard to modify, easy to listen
and record. (packet snooping)
• Instant messages trivial to modify
• Identity theft
• Bogus Proxys or other entities (Man-In-
The-Middle)
22. Auhenticated Identity
Management
• “Enhancements for Authenticated Identity
Management in the Session Initiation Protocol
(SIP)” Internet Draft
• Solution to SIP Message alteration problems
• Does not solve possibility to listen the
conversation (IPSec VPN?)
• PKI is needed only on the central servers. Not
on every device.
23. AIM - Basics
• UA’s register to Proxy over TLS link. UA can
be certain that the proxy is legitmate
• Outbound Proxy authenticates the user. -->
User identity within Proxys domain is
legitmate.
• Outbound Proxy counts a hash from the
whole SIP message including body and
headers (also From header) and signs with
it’s private key.
• Receivers Inbound Proxy verifies the
signature and hash --> Receiver can be sure
that the actual caller is who she claims to be
and that the message has not been altered.
24. AIM
• Two new headers:
– Identity: calculated hash
– Identity-Info: information how to obtain
public key of the signing server