Page 1
RFC 3261 Overview Known Authentication Attacks Unknown Attack
SIP Digest Access AuthenticationRELAY-ATTACK for Toll-Fraud
Humberto J. [email protected]
Radu [email protected]
Olivier [email protected]
Madynes teamhttp://madynes.loria.frLORIA-INRIA Lorraine
November 2, 2007
Page 2
RFC 3261 Overview Known Authentication Attacks Unknown Attack
Outline
1 RFC 3261 OverviewDirect Callre-INVITE RequestAuthenticated Call
2 Known Authentication AttacksMITM AttackReplay Attack
3 Unknown AttackRelay Attack
Page 3
RFC 3261 Overview Known Authentication Attacks Unknown Attack
RFC 3261 Overview
Page 4
RFC 3261 Overview Known Authentication Attacks Unknown Attack
Direct Call
Direct Call from user B to A
Page 5
RFC 3261 Overview Known Authentication Attacks Unknown Attack
re-INVITE Request
re-INVITE overview
“This modification can involve changing addresses or ports, adding a media
stream, deleting a media stream, and so on. This is accomplished by sending a
new INVITE request within the same dialog that established the session. An
INVITE request sent within an existing dialog is known as a re-INVITE.”1
1RFC 3261 Section 14 Modifying an Existing Session
Page 6
RFC 3261 Overview Known Authentication Attacks Unknown Attack
Authenticated Call
Call from User B to User A via a Proxy using DigestAccess Authentication (RFC 2617)
Page 7
RFC 3261 Overview Known Authentication Attacks Unknown Attack
Known Authentication AttacksRFC 2617 Section 4.5 ReplayAttacks
Page 8
RFC 3261 Overview Known Authentication Attacks Unknown Attack
MITM Attack
Man in the Middle Attack
Page 9
RFC 3261 Overview Known Authentication Attacks Unknown Attack
Replay Attack
Replay Attack
Page 10
RFC 3261 Overview Known Authentication Attacks Unknown Attack
Unknown Authentication Attack toSIP
Page 11
RFC 3261 Overview Known Authentication Attacks Unknown Attack
Relay Attack
Trigger a re-INVITE on User B in order to request himto authenticate