This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The aim of the research is to discuss the constituents and features of SIP i.e. a Session Initiation Protocol and to analyze the different aspects of SIP including its functional components, messages, security, applications etc. Also, the research helps in distinguishing different call flows done on various types of servers by using SIP. This protocol helps in managing sessions for voice and multimedia applications. The main challenge is to get accustomed with SIP.
The Session Initiation Protocol (SIP) is an IETF-defined protocol which provides signaling, and also implemented for managing multimedia interacting sessions such as audio and video calls. This protocol is used for creating, modifying and terminating sessions between different applications.
In an IP communications solution, SIP is considered to be one module. This module design integrates and implements the features of other protocols, such as Session Description Protocol (SDP), Resource Reservation Protocol (RSVP), RADIUS, and Lightweight Directory Access Protocol (LDAP), Real-Time Transport Protocol (RTP). User Datagram Protocol (UDP) is used as an underlined protocol for SIP, but sometimes it might be implemented using TCP. SIP provides multiuser and multimedia conference calls.
SIP only includes session management and does not define its types and thus implements four basic services:
â€¢ Users are located and their SIP addresses are resolved to an IP address.
â€¢ Capabilities and features are negotiated among all the session participants.
â€¢ Session parameters are changed during the call.
â€¢ The setup and teardown of calls are managed for all users in the session.
The basis of SIP is a client-server model, which employs requests and responses similar to Internet applications. Domain Name System is used to resolve the address of users, and using which SIP can integrate with e-mail. To describe the contents of its messages, SIP uses Multipurpose Internet Mail Extension .
The concept of presence is one of the most unique parts of SIP which includes when and how a call is initiated. This information is provided by public switched telephone network (PSTN).
SIP is already influencing the marketplace. It is already being used by a number of IP Telephony Service Providers (ITSP), such as Skype. SIP-aware networks have been created by Traditional telephony providers, such as AT&T.
SIP FUNCTIONAL COMPONENTS
3.1 SIP Entities
A SIP network is composed of many types of logical SIP entities. Each entity has some specific functions and participates in SIP communication either as a client (initiates requests), as a server (responds to requests), or as both. One "physical device" can have the functionality of more than one logical SIP entity. For example, considering a network server which works as a Proxy server also functions as a Registrar at the same time.
Following are the various categories of SIP functional components:
USER AGENT - It is called as the endpoint entity and helps in managing sessions by exchanging requests and responses. User Agent is also defined by RFC 2543 as an application, containing both a User Agent client (UAC) and User Agent server (UAS), which are as follows:
User Agent Client (UAC)-a client application initiating SIP requests.
User Agent Server (UAS)-a server application contacting the user when a SIP request is received and also returning a response on behalf of the user. Some devices having UA function in their SIP network are IP-phones, workstations, telephony gateways; automated answering services, call agents.
PROXY SERVER - An intermediary entity acting as both a client and a server which makes requests on behalf of other clients. Requests are serviced either internally or by passing them on, possibly after translation, to other servers. A Proxy interprets, and, if required, rewrites a request message before forwarding it.
REDIRECT SERVER - A Redirect Server is a server accepting SIP requests, mapping them with the SIP address of the called party into zero (if there is no known address) or more new addresses and returning them to the client. Unlike Proxy servers, Redirect Servers do not pass the request on to other servers.
REGISTRAR - A server accepting REGISTER requests to update a location database with the contact information of the user specified in the request. The server maintains the location database locally, or it employs a separate location server.
LOCATION SERVER - Location database is maintained by this server for the registered User Agents.
BACK-TO-BACK USER AGENT (B2BUA)-This server is acting as a User Agent server and client at the same time. Signaling is terminated from the calling UA and then signaling is initiated to the called UA by using this server. To change the content of requests and giving more control over call parameters, B2BUAs are allowed.
PRESENCE SERVER -This server helps in gathering subscription information from Watchers, presence information from presentities and sends status notifications. To accomplish the goal of establishing and managing a session between two UAs, all these functions work together. Application servers are also interacted by SIP servers to provide services, such as authentication or billing.
SIP consists of plain-text messages, which follows the format of standard Internet text messages. This help in troubleshooting, because it is easy to read SIP messages.
SIP messages are basically two types; requests or responses to a request; the function that is responsible for invoking a request on a server is called a method. There are several types of SIP methods. The original SIP specification included the following six methods.
REGISTER -A UA client sends the message to inform a SIP server about its location.
INVITE -A caller sends this message to request another endpoint join a SIP session, such as a conference or a call. This message can also be sent to change session parameters during a call.
ACK -A SIP UA can receive different responses to an INVITE. This method acknowledges the final response to the INVITE.
CANCEL-This message is used to end a call that has not yet been fully established.
OPTIONS-This message helps in querying the capabilities of a server.
BYE-This message ends a session or declines to take a call.
SIP entities send additional messages in response to a method. Responses to SIP methods come into six categories. The following figure 1 [x] shows the different six categories.
Provisional and Informational
Report is progressing but not yet complete.
Request has been completed successfully.
Request should be tried at another location.
Request was not completed due to an error in the request, can be retried when corrected.
Request was not completed due to an error in the recipient, can be retried at another location.
Request has failed and should not be retried again.
4.2.1 Class of Response Status Code Explanation
The below table (figure 2) explains the different classes of response status code explanation in detail:-
300 Multiple Choices
400 Bad Request
500 Internal Server Error
600 Busy Everywhere
301 Moved Permanently
501 Not Implemented
181 Call Is Being Forwarded
302 Moved Temporarily
402 Payment Required
502 Bad Gateway
604 Does Not Exist Anywhere
305 Use Proxy
503 Service Unavailable
606 Not Acceptable
380 Alternative Service
404 Not Found
504 Server Timeout
405 Method Not Allowed
505 SIP Version Not Supported
406 Not Acceptable
513 Message Too Large
4.3 SIP Syntax
SIP messages are composed of the following three parts:
Start Line- Every SIP message begins with a Start Line. The Start Line may be either a Request-line (requests) or a Status-line (responses) and the Protocol version, as follows:
The Request-line including a Request URI,indicates the user or service to which this request is being addressed.
The Status-line holds the numeric Status code and its associated textual phrase.
Headers - SIP header fields convey message attributes and modifies message meaning. They are similar in syntax and semantics to HTTP header fields. Headers can span multiple lines. Some SIP headers such as Via, Contact, Route and Request-Route can appear multiple times in a message or, can take multiple comma-separated values in a single header occurrence.
Body (Content) - A message Body is used to describe the session to be initiated (for example, in a multimedia session this may include audio and video codec types, sampling
rates etc.), or alternatively it may be used to contain opaque textual or binary data of any type which relates in some way to the session. Message bodies can appear both in request and in response messages. SIP makes a clear distinction between signaling information.
SIP CALL FLOW
In a basic SIP session setup, SIP UA client (UAC) will send an invite request to the SIP URL of the endpoint which is UAS. If IP address of the UAS is known to UAC, it will directly send the request. But if the IP address of the UAS is not known, then UAC will send the request to proxy server or redirect server to locate the UAS. Since, SIP address is mapped to an IP address, call request will be forwarded to the UAS and as UAS accepts the call request, the call will be successful otherwise it can be diverted to voice mail.
5.1 Call flow between two SIP Gateways:
SIP gateways are useful when call has been requested from non-SIP phone. In such cases SIP gateways will function as SIP UAs and initiates the SIP session between two end users. Figure 4 shows using SIP how two routers handle the analog phones between them. Here PBX will send a request for call setup to GATEWAY-1 using normal analog call signaling. SIP GATEWAY-1 will acts as a UAC and sends INVITE request to GATEWAY-2 which is acting as UAS. Here only two gateways will exchange the SIP messages.
2 sip gatewaysFigure 4
As the analog phone initiates the call, the call flow will be as below:
The PBX (Private Branch Exchange) sends a call setup to GATEWAY-1. As it receives a call setup request, a SIP INVITE message will be sent to GATEWAY-2 from GATEWAY-1 via IP networks and it also sends a Call Processing message to PBX. SIP INVITE message contains SDP information for capabilities negotiation.
Call setup messages will be exchanged between GATEWAY-2 and PBX. And SIP Response 100 message will be sent to GATEWAY-1. As GATEWAY-2 receives alerting message from its PBX, it will send SIP 180 message to GATEWAY-1.
GATEWAY-1 will notify its PBX about messages-came from GATEWAY-2 using - using analog signaling.
As the receiver picks up the call, his PBX will send a Connect message to GATEWAY-2 and then GATEWAY-2 will send a 200 OK message response to GATEWAY-1 and it will contain SDP information which will mention the capabilities supported by both devices.
After receiving SIP 200, GATEWAY-1 will send a Connect message to its PBX. When GATEWAY-1 will receive an acknowledgement from its PBX, a SIP ACK message is sent to GATEWAY-2.
A Connect acknowledgement is sent to GATEWAY-2's PBX after this call is active. At this active call stage, RTP streams exist between gateways normal voice streams and between the two analog phones .
When caller hangs up the call, a Call Disconnect message will be sent to GATEWAY-1 and then GATEWAY-1 will send a SIP BYE message to GATEWAY-2. Release and Release Complete messages will be exchanged between GATEWAY-1 and its PBX.
Similarly Call Disconnect and Release messages will be exchanged between GATEWAY-2 and its PBX.
To terminate the call completely, GATEWAY-2 will send SIP 200 OK message to GATEWAY-1 and also sends a Release message to its own PBX.
5.2 Call Flow Using Proxy Server
SIP Proxy servers are used when end points are like: a Computer running a SIP application, a SIP phone, and a cell phone that uses SIP. Proxy servers act as intermediary for SIP calls.
Every SIP UA has to register itself with a proxy server. A special "Record route"  option is available in proxy server. When this option is enabled, it will stay in communication link between UAC and gateway and knows the status of a call otherwise it will just leave the communication link and rest of the communication will occur directly between UAC and gateway. Figure 5 shows the call flow when SIP Proxy Servers are used.
proxy serversFigure 5
In figure 5, one endpoint requests a call to an analog phone. The call flow proceeds as bellow:
An INVITE message with SDP information will be sent to proxy server for initiating the call. Phone number of a destination end will be saved in the Request URI field of the message.
Proxy server will create a new INVITE message by copying the information from the previous message but it will put address of GATEWAY-2 in the Request URI field.
GATEWAY-2 exchanges call setup message with its PBX and also sends SIP Response 100 (trying) to proxy server. And then proxy server will send response 100 (Trying) to SIP UAC which is not mandatory.
PBX sets up the call with its analog call and sends alerting message to GATEWAY-2 and then GATEWAY-2 will send a SIP 180 Ringing message to proxy server. Proxy server will forward this message to UA Client.
As receiver picks up the phone, a Connect message is being sent to GATEWAY-2 from PBX and then GATEWAY-2 will send response message 200 OK to proxy server. Proxy server will forward this message to UA Client. This SIP message will contain SDP information for the session. After this, proxy server will leave the signaling path as the Record-route is disabled. Further communication will be between UA Client and GATEWAY-2.
UAC sends an acknowledgement to GATEWAY-2 and then, GATEWAY-2 sends Connect ACK to PBX. As the call become active a RTP stream exists between the GATEWAY-2 and UAC. And normal voice stream exists between GATEWAY-2 and PBX.
When endpoint hangs up it will send BYE message to GATEWAY-2 and GATEWAY-2 will send disconnect message to PBX.
PBX response with release message to GATEWAY-2. GATEWAY-2 will send 200 OK message to UA Client and Release Complete message to PBX. Call is terminated completely at this point.
Call Flow Using Multiple Servers
Multiple servers are required for making a call to the number which is outside the local domain. For making a call outside the local domain proxy server, redirect server and registrar server will act for completing the call. Here, proxy server requests the details to redirect server about where to send an INVITE message. In reply, redirect server will give information about endpoint address or address of next hop server. On basis of this information, proxy server will route the INVITE message.
The call flow using proxy server, redirect server and registrar server is shown in figure 6. These servers can be in one device as they are just functional components . Figure shows how INVITE message is routed using different servers.
multiple serversFigure 6
As the SIP device initiates the INVITE message, Call flow will take place as follow:
GATEWAY-2 will first send register message to registrar sever for registering its analog phone. Registrar server replies with 200 OK messages which indicate that phone number has been registered now.
As any SIP device tries to initiate the call it will send INVITE message to its proxy server -C.
On receiving the INVITE message, proxy server finds that requested number is not in local domain. So it will forward this INVITE message to redirect server for getting information for routing the message.
In response, Redirect server will send 300- series message which contain the details about the SIP address of Proxy server S.
Proxy server C has now information that next hop for routing this INVITE message is Proxy Server S. So it will forward the INVITE message to Proxy Server S.
Proxy Server S sends a query message to registrar server for the location of the destination number. In response message Registrar server provides the SIP address of GATEWAY-2.
Now Proxy Server S knows the address of called number. It will send INVITE message to GATEWAY-2.
Now GATEWAY-2 will set up a call with its PBX. After setting up the call it will notify to Proxy server S. This notification will be forwarded to endpoint via the Proxy servers. Remaining call flow will take place as described in section 5.2.
SIP PROS AND CONS
SIP is simply a call control protocol which contains some pros and cons. The following section shows some pros and cons for SIP.
SIP provides flexibility because it works separately from the media or the type of the session used.
SIP is an open standard, which allows integration and multivendor support.
The messages in the SIP are clear text, makes the troubleshooting easier.
SIP can put up multiple users with different capacities. For example, during the conference, if both the users of video and audio ability are present then, the video users do not need to switch to audio.
In SIP, gateways need to process all text messages. The router has to translate text of the message to the language which can be understood by router. Furthermore, the code of conversion must need to be there in Cisco IOS.
Few people understand SIP thoroughly than older protocols. So while implementing the SIP within the network, trained personnel is required.
While using SIP and SCCP phones simultaneously on the same network, the conversation between the out-band and in-band of the DTMF tones are necessary.
Features in SIP are still being under process; also some venders have exclusive rights for the protocol. So, the user may find some difficulty while implementing SIP for the network.
SIP APPLICATIONS [x]
setting up voice-over-IP calls
In this type of application setting up of voice is done over IP calls. Skype is a SIP application which does setting up voice-over-IP calls. In this application the user has a list of contacts and it can do voice and video conferencing.
setting up multimedia conferences
An SIP communicator is an example of SIP multimedia applications. This provides capability to establish communications in media like voice, video, file sharing and messaging. Microsoft, Yahoo!, Google have significant customers on this bases.
Instance Messaging and presence
Instant Messaging applications are used to exchange messages over the Internet or any other IP networks. IM applications allow the users to transfer files, video, data and any other media. One important feature of it is presence which show the contact list when the user opens the IM application.
text and general messaging
To offer additional services in their 3G networks, Cellular phone providers use SIP. The Microsoft real-time communications platform-including voice, instant messaging, application-sharing and video-is based on SIP. SIP is supported by Cisco applications such as MeetingPlace, CallManager and CallManager Express (CME). To allow heart monitors and other devices to send an instant message to nurses, some hospitals are implementing SIP. Its use is expected to increase as more applications and extensions are created for SIP.
8.1 Attacks and Threats in SIP
SIP is use to carry IP communications in the Internet environment. In this environment the attacks are not traceable. The most common attacks for this IP communications will be as below. 
When an attacker tries to register on behalf of user, this attack occurs. This will cause all the traffics to go toward the attacker's device. This type of attack requires authentication while doing registration.
Tearing Down and Modification of Sessions
An attacker can falsify the messages within the session. It can also modify the session description. This requires stopping of attackers from reading the SIP messages. Furthermore, it also requires all the requests within a dialog should come from the sender which has initiated the session.
Impersonating a Server
An attacker might masquerade as a server. After doing this it may redirect the user to unsuitable or insecure resources. It can also stop processing of the user. This attack can be resolved by authenticating the servers by UAs on which the user requests are sent.
Tampering with Message Bodies
An attacker may change the content within a SIP message when it is in the middle way of exchange. For this, end-to-end security for SIP message bodies should be required for UAs.
In addition to this some SIP headers are not used by proxies, so they also need security.
Denial of Service
DOS attacks are targeted at causing a particular network element, such as a UA or proxy, to become unavailable by flooding it with requests. Attackers might even want to leverage network elements such as forking proxies in order to amplify the effect of their DOS attack.
8.2 Security Mechanisms
Now, to resolve these threats and attacks SIP provides security mechanisms. In order to provide security to SIP, the following mechanisms can be used depending upon the security service needed. 
A number of authentication mechanisms can be used by SIP. First is the HTTP Digest authentication which provides simple way for UA or proxy server to test whether the initiator of the request is really who claims to be. It uses Message Digest 5 (MD5) hash algorithm in which the credential means password must never be send in a clear text. Here, when the server receives the request, it will ask client a "question" referred to as nonce value. In a valid response means result of applying MD5 algorithm to username, password, and nonce value given by server, the SIP method and the request-URI. The result of this is send to server. The server checks the response send by client with its own calculated response. If both are matching, server comes to know that client really knows the password, and then it will authenticate the client.
Second, certificates can be also be used by SIP to provide Authentication. A third party named Certificate Authority (CA) generates a digital document called certificate. If SIP uses TLS (Transport Level Security), the client can request the certificate of server. If the certificate received during the TLS Handshake protocol exchange matches with the server with whom the UA wants to talk, then the connection is authenticated. Self- signed certificates are also used in certain situation. It allows UA to generate a self-signed certificate and then it can upload it to certificate server.
To make a message or communication session private Confidentiality is used. It can be implemented by the Encryption technique. SIP utilizes encryptions at any layer. Encryption at the IP layer by using the IPSec can also be utilized. Between any two Internet hosts, IPSec can be established. It is performed by hosts at kernel/ operating system level. So as a result, it is difficult for SIP to know whether the IPSec is used or not.
Encryption using TLS at transport layer is visible at application. So, when UA attempts to open a TLS connection over TCP to another server or UA and if the connection between UA and that another UA or server is not established, then the UA will get a failure message.
3. Secure SIP URI Scheme
TLS only provides a single hop confidentiality and authentication. But most SIP sessions has at least one proxy server so, there are more than one hop between the two communicating UAs. So, to provide end-to-end confidentiality we use Secure SIP. Secure SIP uses the URI scheme sips, which guarantee end-end confidentiality of a SIP session. In this technique at each hop, TLS transport must be used otherwise it will send connection failed back to initiator. But for the last hop, it can use any other mechanism for providing confidentiality except TLS.
End-to-end confidentiality can also be done in SIP using Secure Multipurpose Internet Mail Extensions(S/MIME). SIP header fields that are not required by the proxy servers can be encrypted using S/MIME and sent in a message body.
The recipient of a SIP request must need to know whether the contents of the message is altered by the third party or not and this can be done by Integrity. It can be provided by using a secure hash or by using digital signatures. Integrity can be provided by Digest authentication across the method type and Request- URI. It contains option which provides integrity protection across the SIP message body between the UA and proxy server.
SIP URI of the user is an Identity in SIP. The UA at the receiver side will get this by looking at the "From" header field of the SIP message. Network asserted identity is the mechanism which is used in SIP for asserting identity. After getting the request from a proxy server which UA trusts, it can then trust the asserted identity and display it as a calling party ID. After authenticating a request and validating the "From" header in the request, the proxy server will add "Identity" header field which contains a cryptographic signature over a subset of SIP header fields.