Session Initiation Protocol SIP Telephony

SIP (English Session Initiation Protocol) is a data transfer protocol that describes a method for establishing and terminating a user Internet session that includes exchanging multimedia content (video and audio conferencing, instant messaging, online games).

In the open system interoperability model, SIP is an application layer network protocol. The protocol describes how a client application (for example, a softphone) can request a connection from another, possibly physically remote client located on the same network using its unique name. The protocol determines how clients agree to open exchange channels based on other protocols that can be used to directly transmit information (for example, RTP). You can add or remove such channels during the established session, as well as connect and disconnect additional clients (that is, you can participate in the exchange of more than two parties - conference call). The protocol also determines the session termination order.

The SIP protocol is based on the 'request-response' principle, which is very similar to protocols such as HTTP and SMTP Simple Mail Transfer Protocol - Simple mail transfer protocol, as a result of SIP telephony is quite easily integrated with various web services. Created as a replacement for legacy protocols such as H.323, it provides session control for the VOIP platform, which provides more opportunities for its integration and application in telecommunications systems.

Example of a SIP-based network

Principles of the protocol

The development was carried out by the IETF MMUSIC Working Group. The protocol began to be developed in 1996 by Henning Schulzrinne (Columbia University) and Mark Handley (University College London). In November 2000, SIP was approved as the 3GPP project signaling protocol and the main IMS architecture protocol (3GPP TS.24.229 modification). Along with the other common H.323 protocol, SIP is one of the protocols underlying Voice over IP.

The MMUSIC working group based the protocol on the following principles:

• Simplicity: includes only six methods (functions)
• Independent of the transport layer, can use UDP, TCP, ATM, etc.
• Personal mobility of users. Users can move within the network without restrictions. This is achieved by assigning a unique identifier to the user. At the same time, the set of services provided remains unchanged. The user reports his movements using the REGISTER message.
• Network scalability. The structure of a SIP-based network allows you to easily expand it and increase the number of elements.
• Protocol extensibility. The protocol is characterized by the ability to supplement it with new functions when new services appear.
• Integration into the stack of existing Internet protocols. SIP is part of the global media architecture developed by the IETF. In addition to SIP, this architecture includes RSVP (protocol), RTP, RTSP, SDP protocols.
• Interaction with other signaling protocols. SIP can be used in conjunction with other IP telephony protocols, PSTN protocols, and for communication with intelligent networks.

Design of the protocol

SIP clients traditionally use TCP port 5060 and UDP to connect SIP network elements. Basically, SIP is used to establish and disconnect voice and video calls. In this case, it can be used in any other applications where connection is required, such as notification systems, mobile terminals, and so on. There are many RFC recommendations related to SIP that determine the behavior of such applications. Other transport protocols, most often RTP, are used to transmit voice and video data themselves.

The main task of SIP development was to create an IP-based signaling protocol that could support an expanded set of call processing functions and services presented in the existing PSTN. SIP itself does not define these functions, but focuses only on call setup and signaling procedures. At the same time, it was designed with support for functional elements of the network, such as Proxy servers Servers and User Agents. These elements provide a basic set of services: dialing, calling a telephone, audible informing the subscriber about the status of the call.

SIP-based telephone networks can support more modern services, usually provided by SS7, despite the significant difference between the two protocols. OKS-7 is characterized by a complex, centralized intelligent network and simple, non-intelligent, terminals (traditional telephones). SIP - on the contrary, requires a very simple (and, accordingly, well-scalable) network with intelligence embedded in endpoints on the periphery (terminals built as physical devices or programs).

SIP is used with several other protocols and participates only in the signaling part of the communication session. SIP serves as the media for the SDP, which describes the media transmission parameters within the session, such as the IP ports and codecs used. In a typical application, SIP sessions are simply RTP packet flows. RTP is the direct carrier of voice and video data.

The first proposed version of the standard (SIP 2.0) was defined in RFC 2543. The protocol was further refined in RFC 3261, although many implementations are still based on intermediate versions of the standard. Please note that the version number is 2.0.

Addressing

SIP uses an e-mail address to communicate with existing IP network applications and to ensure user mobility. The workstation addresses are generic URL resource pointers, called SIP URLs:

• name @ domain,
• name @ host,
• name @ IP address,
• phone number @ gateway.

At the beginning of the SIP address (in the text), the word sip is put:, indicating that this is the SIP address, since there are others with the same format (for example, email addresses denoted by mailto:).

The address consists of two parts. The first part is the name of the user registered in the domain or workstation. If the second part identifies a gateway, the first part indicates the telephone number of the subscriber. The second part of the address indicates the name of the network domain, host, or IP address.

User names are common alphanumeric identifiers. In IP telephony, as a rule, they use purely digital identifiers ("numbers") for the convenience of expanding/replacing classical telephone networks. Local communication numbers are usually 2-3-4 digits.

The phone number transmitted to the gateway is any one available through it, and can be either a local number or a mobile or regular local phone number. The gateway address (IP address or domain name) is specified in the settings of the telephone or client program, and the user only needs to dial a number to make a call.

Safety

A separate section of RFC 3261 is devoted to SIP security. Signal traffic can be encrypted at the transport level using TLS instead of TCP/UDP. In addition, the SIPS standard (English SIPS) has been developed, imposing additional agreements on secure data transfer through SIP. SRTP is used to encrypt multimedia content.

2021: Investigation of the hacking of the telephone network of the state industrial enterprise

Cybercriminalists Informzashchita"" investigated the hacking of the state industrial company's telephone network. Experts warn that, IP telephony which is implemented in almost every organization, is too open for attacks attackers. This was reported by Information Defense on May 27, 2021.

The use of IP telephony in the corporate segment allows you to save on employee telephone conversations. However, fraudsters, having seized the company's telephone network, can easily ensure both the leak of confidential conversations and the appearance of extra zeros in the bill for communication.

IP telephony fraud is based on the hacking of corporate automated telephone exchanges operating using public SIP protocols. The task of the attackers is by choosing a login and password to access the telephone network in order to use it for their own purposes. During the deployment phase of IP telephony systems, SIP accounts are typically assigned simple passwords. This is done for the convenience of internal use of the system. Remember, however, that simple passwords often have sad consequences. So, in the incident studied, the attackers were able to gain access to the corporate telephone network in a short time.

Two areas of such attacks can be distinguished: the first - listening to sound traffic for the purpose of espionage, the second - making unauthorized long-distance and international calls to privileged numbers for the purpose of monetization. In the case under consideration, the second option of fraud occurred: attackers rented premium numbers from a mobile operator and made expensive calls to them from the phones of a hacked company.

The organization for which the investigation was conducted did not have special antifrode systems or other solutions to prevent the malicious use of IP telephony. Illegitimate activity was recorded by the IP-telephony provider, drawing attention to the uncharacteristic behavior of the client - a sharp surge in the number of international calls from the company's telephone numbers.

All calls were made from several corporate phones. Fraudsters would have enough a couple of rooms, but they used more so that they would not be detected immediately, "explained the specialist of" Information Protection. "

Attackers prepared for the attack in advance, having previously calculated a good time for its conduct. Unauthorized calls began to arrive on weekends, when, firstly, traffic was free from employee activity, and, secondly, technical personnel were absent from workplaces.

IP telephony is one of the simple attack vectors that will allow attackers to monetize the company's resources or penetrate further into its IT infrastructure. Hacking IP settings is possible through simple manipulation, which means cybersecurity specialists must be alert. The protection recipe fits into the general principles of information security: stable passwords, updating software and equipment, daily analysis of the call log outside the organization (billing), allow calls outside the organization only to a certain group of people who need it. And, of course, have at hand contacts of specialists in the investigation of cyber incidents.

The development of SIP telephony has opened up business access to call analytics

SIP is a technology for receiving calls over the Internet, which is the basis of a virtual PBX. It handles telephone calls at a minimum resource cost. You need to buy a low-power computer, have a stable internet connection and good headphones. With innovation, small and medium-sized businesses can:

• Optimize internal and external business processes
• Organize units in different cities or countries;
• Include freelance employees in the company's overall information and technology space.

Virtual PBX tools (IVR, grouping, complex call forwarding, single number plan, etc.) allow you to monitor the level of employment of each employee from key departments: sales, customer support, technical support, call center. Segmentation and referral of customers according to the department they need allows you to determine the effectiveness of business processes and get rid of "weak" points.

The situation is also with the logical continuation of SIP telephony - call tracking, which allows companies to abandon a large number of regional numbers and different operators in favor of dynamic substitution for each visitor to the site. Thanks to this technology, managers will be able to receive information about how many calls a particular channel, advertising on the Internet or billboard on the street brought.

For example, for a business selling ceramic tiles, the introduction of call tracking can allow you to win 5-10 extra orders that were missed due to oversight or technical reasons. It is worth noting that the average check of those who contact by phone is much more than those who prefer to use online forms.

In addition, it is possible to improve the quality of communication between operators, which will give the client another plus to call again. But the most important thing is that the introduction of call tracking will allow, for example, the owner of the online tile store to use the money invested in advertising more profitably, because he will be able to understand which advertising brings him calls and which does not.

According to the law, the city number should be used only in the city to which it belongs. It is also possible to use a number that, unlike the urban one, can be included anywhere in the host country. With it, you can organize internal corporate telephony. Of the shortcomings - calls to city rooms are more expensive by about 25%.

Any business that sells by phone is a potential customer for SIP and call tracking technology providers. The main restrictor of market growth are, first of all, psychological moments of readiness for the introduction of new technologies and subsequent optimization of business processes.

What is the difference between SIP telephony and Skype?

SIP telephony is often compared to Skype or Viber. Yet there are two main differences between these Internet communication technologies. The first difference factor is price. Calls via Skype are more expensive if you are talking about the commercial use of this service.

The second is the usual numbering for customers. They call city numbers, and calls are forwarded using a virtual PBX to SIP numbers, which are already answered by company representatives/managers. Operators can also give each subscriber a free extension. Thus, the client can call the city number, add the internal code in voice mode, as on the PBX, to get to the necessary manager.

2017: RF: The ban on number substitution will not apply to Skype

On October 11, 2017 State Duma Committee on Information Policy , he recommended adopting a bill in the second reading, according to which telecom operators will have to transmit the subscriber's number unchanged when sending short text messages at the request of law enforcement officers. The requirement applies only to mobile radiotelephone operators. At the same time, the committee rejected the amendments that extended the application of the document to subscriber calls both in cellular networks and in the networks of other participants in the establishment of a telephone connection, reports "."Kommersant

The State Duma of the Russian Federation adopted the aforementioned bill in the first reading in April 2017. The main purpose of the document is to ensure transparency in the provision of subscriber numbers and authenticity of information during operational-search measures. As the author of the initiative, Senator Lyudmila Bokova, explained, with the help of amendments that extend the requirements of the law not only to messages, but also to voice calls, it will be possible to more effectively counter telephone terrorism.

During the meeting of the committee, Bokova opposed narrowing the law only to mobile operators. Thus, it is impossible to completely solve the problem of number substitution when calling from IP-telephony services (for example, through Skype or WhatsApp), the senator is sure. "Changing numbers is possible both in a fixed network and in roaming," she said.

According to the head of the State Duma Committee on Information Policy Leonid Levin, the deputies failed to agree with the security forces on regulating the substitution of numbers, and the amendment was never adopted. The operators themselves do not comment on the decision of the State Duma. Nevertheless, according to one of the sources of Kommersant, the operators note an increase in the number of calls with the replacement of a number from fixed communication networks. The prohibition of number substitution should concern not only text messages, but also voice calls in various communication networks, the source said.