Session Initialization Protocol (SIP)

The Session Initialization Protocol (SIP) is defined by the SIP working group of IETF. The SIP working group first defined the SIP protocol [65] in 1999, and in 2002 defined a new edition of the SIP protocol in RFC3261 [65]. The new edition of the SIP the protocol added the use of SCTP in transporting SIP messages.

SIP allows integration/convergence of telephony services, IP-based voice calls and IP- based data transmission over an IP network. Thus, it can be used to create a unified infras- tructure for both voice and data services. It is an efficient, and scalable IP-based signalling protocol to establish a communication session. SIP is a key component of VoIP technol- ogy. For voice calls in the pure-IP domain, SIP represents the signalling protocol used to establish a connection between two voice-enabled devices, whether they are SIP-enabled IP phones, adapters for analog phones, or PC-based voice communication software. So SIP is an integral part of end-to-end IP-based voice communications. SIP is the protocol which will enable voice networks to become multimedia networks.

SIP is an application layer control protocol that is used in multimedia sessions such as Internet telephony calls. The role of SIP is to establish, modify and terminate multimedia sessions. SIP can also invite participants to already existing sessions, such as multicast conferences. Media can be added to (and removed from) an existing session. SIP supports five facets of establishing and terminating multimedia communications:

• Determination of the communication system to be used.

• Determination of the user availability of the called party to engage in communica-

• Determination of the media and media parameters to be used. • Establishment of session parameters at both called and calling party.

• Call handling including transfer and termination of sessions, modifying session pa-

rameters, and invoking services.

SIP can be used with other protocols to build a complete multimedia architecture. Typically, these architectures will include protocols such as:

• the Real-time Transport Protocol (RTP) [68] for transporting real-time data and pro- viding Quality of Service (QoS) feedback;

• the RTP Control Protocol (RTCP) [68] for providing feedback on the quality of the data distribution and controlling sessions in multicasting;

• the Real-Time streaming protocol (RTSP) [69] for controlling delivery of streaming media;

• the Media Gateway Control Protocol (MEGACO) [20] for monitoring controlling gateways to the Public Switched Telephone Network (PSTN);

• the Session Description Protocol (SDP) [32] for describing multimedia sessions;

• and the Session Announcement Protocol (SAP) [33] to announce a multicast session. However, the basic functionality and operation of SIP does not depend on any of these protocols. Since SIP messages and the sessions they establish can pass through entirely different networks, SIP cannot, and does not, provide any kind of network resource reser- vation capabilities. The nature of the services provided make security particularly impor- tant. SIP provides a suite of security services, which include denial-of-service prevention, authentication (both user to user and proxy to user), integrity protection, and encryption and privacy services.

SIP over SCTP

As already stated, SIP is an application layer protocol and works independently from the transport protocol used. It can run over both reliable and unreliable transport protocols such as UDP and TCP. Usually, SIP procedures are defined for transport over UDP and TCP. However, SCTP is also a suitable transport protocol for SIP, as it provides most of the features of UDP and TCP. There are advantages in using SCTP instead of TCP or UDP for SIP and these are described below.

Advantages of SIP over SCTP, compared to SIP over UDP

1. Fast retransmission: By using the selective acknowledgement (SACK) mechanism, SCTP [75] can quickly detect the loss of a packet. When the receiver detects seg- ments received out of order it sends a new SACK for every incoming data packet. 1 As a consequence, the sender will resend lost messages quickly.

2. Congestion Control: SCTP provides congestion control over the association. 3. Transport layer fragmentation: SCTP performs transport layer fragmentation. IP

fragments messages for UDP when the message is bigger than MTU. When one fragment of the UDP data is lost then the whole UDP packet is lost. In this case, SCTP needs to retransmit only the lost data fragment.

Advantages of SIP over SCTP, compared to SIP over TCP

1. Head-of-line blocking: By using independent streams and unordered delivery, SCTP avoids head-of-line blocking. This is very important for SIP, when multiple transac- tions are running over one TCP connection and one message of the particular trans- actions is lost, then all transactions will be stopped. With head-of-line blocking, other streams are not affected.

2. Multihoming: SCTP provides support for multihoming which improves fault toler- ance. When a primary network (path) fails, SCTP can use another network (path) and continue to transport messages.

Security considerations

The SIP protocol requires fundamental security services to:

• preserve the confidentiality and integrity of messaging, • to prevent replay attacks or message spoofing,

• to provide for the authentication and privacy of the participants in a session and to

prevent denial-of-service attacks.

SIP message bodies each require the security services of confidentiality, integrity and authentication. Full encryption of messages provides the best security but SIP messages have some fields, which must be visible (i.e. unencrypted) to proxies. For example, request Uniform Resource Identifier (URI) and route. More details about security mechanisms of SIP are given in section 26 of [65].