SIP security

SIP security is a vast and somewhat challenging field.

  • Authentication: Can users steal other users identity?
  • Integrity: Is the SIP message received the same as the one sent?
  • Confidentiality: Is someone else listening on your SIP call setup?
  • Privacy
  • Non-repudiation: Making sure we can trace callers

In addition, the RTP media stream, the actual conversation audio, may need to be confidential.

Client security

  • Replay

Server security

  • Denial of service attacks


  • RFC 3329 Security Mechanism Agreement for the Session Initiation Protocol (SIP)
  • RFC Draft SIP digest authentication relay attack


Additional Reading

White Paper from Newport Networks: SIP, Security and Session Controllers

Multimedia services using SIP face a range of challenges including traversing Firewalls which were never designed to be VoIP aware, exposing a publicly accessible address for a client which invited hacking and so on. Some of the basic issues surrounding SIP and security are examined.

PATTON Electronics whitepaper...
Securing Internet Telephony: Encrypting Voice with VoIP-over-VPN

Ever wonder who eavesdrops on your VoIP conversations? Unencrypted VoIP compromises information security for companies that handle sensitive information and the carriers that serve them. This Patton white paper explains how you can make your Internet Telephony solution completely secure. Find out why VoIP-over-VPN technology is more expedient than emerging CODEC-based approaches such as SRTP and SIP TLS. You'll also learn how Internet Key Exchange (IKE) simplifies VoIP installation at the same time it strengthens information security whitepaper: VOIP Security in SIP-Based Networks

Tools This is a simple tool that allows to ban hosts (using iptables) by using pcap to look if a host is receiving too many SIP responses higher or equal than 400 from asterisk. This does not peek into asterisk logs and does not require a cron job.

See also

Created by: oej, Last modification: Mon 30 of Mar, 2015 (10:53 UTC) by dumais
Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+