Patent Application
20090138954
This application claims all benefits of Korean Patent Application No. 10-2007-0119812 filed on Nov. 22, 2007 in the Korean Intellectual Property Office, the disclosures of which are incorporated herein by reference.
1. Technical Field
The present invention relates to a security system and a securing method of a call signaling message for a SIP (Session Initiation Protocol) based VoIP (Voice Over Internet Protocol) service. More specifically, the invention relates to a security system and a securing method of a call signaling message, which block a message of call signaling messages transmitted/received between a transmit terminal and a server, which violates a message grammar, includes block information registered in a block list or is not suitable for a session state of the message, thereby enabling a VoIP service to be provided without an effect by a modified packet and the like.
2. Description of the Related Art
A VoIP (Voice Over Internet Protocol) service is a common name of a service that provides a voice call using an IP network, and is an internet telephone service that is currently highlighted due to a convenient using method and low cost. In a telephone communication using the VoIP service, a call setup protocol is required. Among the various kinds of call setup protocols, a SIP (Session Initiation Protocol) is researched most actively.
The SIP based VoIP service is made with a call signaling message through the SIP and a call message using a RTP packet. Through the call signaling message, the information for a user registration, a request for call initiation and a call is exchanged. Through the call message, the voice packets corresponding to an actual call are exchanged. The SIP is defined in RFC 3261 (SIP: Session Initiation Protocol) that is the global standard prescribed by the International Standardization Organization IETF (Internet Engineering Task Force).
However, since the call signaling message and the voice packet are easily exposed, the VoIP service has such a security drawback that attacks such as payment avoidance, call termination, service denial or the like can be made on the service. This drawback is a potential threat to the VoIP service that is currently activated, and may give rise to a high damage when it causes a failure in the IP backbone network. Hence, it is needed a scheme to cope with the security threat to the VoIP service.
Accordingly, the present invention has been made to solve the above problems. An object of the invention is to provide a security system and a securing method of a call signaling message, in which even when a call signaling message is leaked out and thus modified in a SIP (Session Initiation Protocol) based VoIP (Voice Over Internet Protocol) service, the modified message is blocked in advance to enable the VoIP service to be provided without an attack effect by the packets.
In order to achieve the above object, there is provided a security system of a call signaling message comprising: a message suitability verifying module that receives call signaling messages transmitted between a terminal and a server, blocks a call signaling message of the received call signaling messages which does not correspond to a preset format, and forwards the call signaling messages that are not blocked; a filtering module that receives the call signaling messages from the message suitability verifying module, blocks a call signaling message of the received call signaling messages which includes block information registered in a block list stored in advance, and forwards the call signaling messages that are not blocked; and a message state verifying module that receives the call signaling messages from the filtering module, blocks a call signaling message of the received call signaling messages which does not correspond to a session state of the call signaling message, and transmits the call signaling messages that are not blocked to the terminal or server.
According to an embodiment of the invention, there is provided a securing method of a call signaling message comprising the steps of: (a) receiving, at a message suitability verifying module, call signaling messages transmitted/received between a terminal and a server; (b) blocking a call signaling message of the call signaling messages received in the step of (a), which does not correspond to a preset format, and forwarding the call signaling messages that are not blocked to a filtering module; (c) blocking a call signaling message of the call signaling messages forwarded in the step of (b), which includes block information registered in a block list stored in advance, and forwarding the call signaling messages that are not blocked to a message state verifying module; and (d) blocking a call signaling message of the call signaling messages forwarded in the step of (c), which does not correspond to a session state of the call signaling messages, and transmitting the call signaling messages that are not blocked to the terminal or server.
When using the security system and the securing method of a call signaling message according to an embodiment of the invention, it is possible to prevent, in the SIP based VoIP service, a call signaling message from being modified to cause a call failure when requesting a call or during the call, and to block an attack on the call signaling message in advance.
The above and other objects, features and advantages of the present invention will be more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which:
Hereinafter, a preferred embodiment of the present invention will be described with reference to the accompanying drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.
The invention provides a security system and a securing method of a call signaling message for coping with an attack that may be made in a process of transmitting/receiving a call signaling message between a terminal and a proxy server in a SIP (Session Initiation Protocol) based VoIP (Voice Over Internet Protocol) service.
At this time, a security system 5 of a call signaling message according to an embodiment of the invention may be connected between the transmit terminal 1 and the transmit-side proxy server 2. However, contrary to the embodiment shown in
The SIP based call signaling messages are classified into a request message and a response message. The request message is a message for performing a request such as a session request, a call termination and a state confirmation, for example INVITE, Cancel, BYE, Option and the like. The response message is a response or error notifying message to a request, for example 100 Trying, 180 Ringing, 200 OK, ACK and the like. One of the call signaling messages is structured as shown in a table 1.
In the table 1, the start line includes a type of a message and receiver information. The message header includes mandatory information necessary for communication. The message body includes additional information necessary for communication.
In the SIP, items located in each row of the message header are referred to as fields. Among them, six fields of Via, Max-Forwards, To, From, Call-ID and CSeq are necessarily included as mandatory fields. The Via field indicates the information about hops through which the SIP message passes, the Max-Forwards field indicates the number of hops that are available for transmission, the To field indicates a receiver, the From field indicates a transmitter, the Call-ID field indicates an inherent identifier of a corresponding session and the CSeq field is a value that is increased by 1 (one) in accordance with a message order and indicates an identifier for identifying transaction that will be described below.
In addition, Route and Record-Route fields, which are additional fields, indicate a server address that will be necessarily passed through in transmission, and a server address that has been passed through, respectively. Moreover, an Authorization field indicates authorization-related information. The types of the SIP message and each field of the message header are specifically described in the RFC 3261 that is the global standard, and can be thus easily understood by one skilled in the art. Accordingly, the detailed descriptions thereof will be omitted.
First, the message suitability verifying module 10 receives a call signaling message that is transmitted/received for a call signaling between the server 2 and the terminal 1 and parses each field value from the received message. Then, the message suitability verifying module 10 examines whether the values described in each field are made in accordance with the description format of the SIP. As described above, the values and formats described in each field of a call signaling message are defined in the RFC 3261 standard.
In one embodiment of the invention, the message suitability verifying module 10 may examine whether harmful information is included in the value of each field of the call signaling message. Here, the harmful information means an unsuitable character string having a possibility of detouring a user authorization of a server in the VoIP service, for example a special character or a SQL (Structured Query Language) command, which deviate from a description format of the SIP. The message suitability verifying module 10 determines whether a message is suitably prepared in each value of the mandatory fields of a call signaling message such as From, To, Via, Call-ID, Max-Forwards and CSeq fields, the extended fields such as Route and Record-Route fields or the authorization-related fields such as Authorization and Proxy-Authorization fields, and retrieves the harmful information to determine whether the corresponding message is modified.
When it is determined that the field value is unsuitable or the harmful information is included, as a result of the retrieval, the corresponding message is blocked by the message suitability verifying module 10 and the messages that are not blocked are forwarded to the filtering module that will be described below.
The filtering module 20 is a module for receiving a call signaling message from the message suitability verifying module 10, for which the verification has been completed, and blocking a message including block information registered in a block list stored in advance. The module comprises a block list DB 22 and a filtering unit 21.
A block list that is based on the fields of the SIP call signaling message is stored in advance in the block list DB 22. For example, the block list is a character string for the field values of the SIP call signaling message. According to an embodiment of the invention, the block list may be inputted in advance to the block list DB 22 by a service provider, or alternatively, may be stored in the block list DB 22 through an intrusion detection system (IDS) for the SIP protocol.
The filtering unit 21 filters the call signaling message using the block list stored in the block list DB 22. In one embodiment of the invention, the filtering unit 21 compares each field value of the header of the call signaling message with the character string registered in the block list. When any one field includes the character string in the block list, the filtering unit blocks the corresponding call signaling message. That is, when the character string recorded in the fields of a call signaling message, such as From, To, Via, Route, Record-Route and the like, is registered in the block list, the corresponding call signaling message is blocked.
The block lists stored in the block list DB 22 may be inputted by receiving the block-lists already-collected from an administrator before the filtering unit 21 operates, or may be inputted through an analysis of a result detected in the intrusion detection system (IDS) for the SIP protocol. The invention is not limited to a method of recording the block list.
The state verifying module 30 receives a call signaling message for which the verification has been completed by the message suitability verifying module 10 and the filtering module 20, and verifies whether the call signaling message corresponds to a session state stored in a terminal or server that will receive the corresponding message, based on a transaction flow of a call signaling message disclosed in the RFC 3261. If the call signaling message does not correspond to a session state, the state verifying module 30 determines that the corresponding call signaling message is modified and thus blocks the message.
The SIP is a transaction based protocol in which a call signaling message transits a corresponding session state of a transaction layer of a terminal or server that has received the corresponding call signaling message. The transaction layer is a functional module that is used to receive a signaling message in a server or terminal in accordance with a call connection state. The types of a message that a server or terminal can receive are different in accordance with the state transition. Accordingly, the invention uses this to select and block an unsuitable message.
Referring to
Meantime,
Referring back to
In the SIP based VoIP, each call that is controlled by a call signaling message has an inherent value recorded in a Call-ID field and the like of the message header. The state verifying unit 31 retrieves the inherent value from the server state DB 32 or terminal state DB 33, thereby referring to a terminal or server, which will receive the call signaling message forwarded, for a corresponding session state.
To be more specific, when a call signaling message to be transmitted to the transmit-side proxy server 2 from the transmit terminal 1 is forwarded, the state verifying unit 31 refers to the server state DB 32 for the corresponding session state information of the transmit-side proxy server 2 that will receive the message. When the forwarded call signaling message is suitable for a current state, the state verifying unit 31 transmits the corresponding message to the transmit-side proxy server 2. When the forwarded call signaling message is not suitable for a current state, the state verifying unit 31 blocks the corresponding message while considering it as a modified message. For example, referring to
To the contrary, when a call signaling message to be transmitted to the transmit terminal 1 from the transmit-side proxy server 2 is forwarded, the state verifying unit 31 refers to the terminal state DB 33 for the corresponding session state information of the transmit terminal 1. Likewise, when the call signaling message is suitable for a current state of the transmit terminal 1, the state verifying unit 31 transmits the corresponding message to the transmit terminal 1. When the call signaling message is not suitable for a current state of the transmit terminal 1, the state verifying unit 31 blocks the corresponding message while considering it as a modified message.
Furthermore, in an embodiment of the invention, when the session state information corresponding to the call signaling message forwarded from the filtering module 20 is not stored in the server state DB 32 or terminal state DB 33, the state verifying unit 31 may store a change in a session state of the server or terminal due to the corresponding call signaling message in the corresponding DB.
The message suitability verifying module 10 forwards the call signaling message having the suitable message to the filtering module 20. The filtering module 20 examines whether the forwarded call signaling message includes a character string of the field registered in the block list (S3). The message having a character string of the field in the block list is blocked by the filtering module 20 (S5). The character string of the field registered in the block list may include, for example an address of a server that transmits a modified packet, and the like. The block list having the character strings for the fields is stored in advance in the block list DB 22. The filtering unit 21 of the filtering module 20 refers to the block list DB 22 for the block list, thereby blocking a corresponding call signaling message.
The call signaling message for which the filtering has been completed by the filtering module 20 is forwarded to the message state verifying module 30. The message state verifying module 30 determines whether the forwarded call signaling message is suitable for a corresponding session state in the server or terminal that will receive the call signaling message (S4). The call signaling message, which is not suitable for the state of the terminal or server that will receive the message, is blocked (S5).
The session state information of the SIP based terminal or server is stored in the terminal state DB 33 and the server state DB 32, respectively. The state verifying unit 31 of the state verifying module 30 refers to the terminal state DB 33 or server state DB 32 in accordance with the object that will receive the call signaling message, thereby selectively blocking the unsuitable message. Meantime, the other call signaling messages not blocked are transmitted to the terminal or server in accordance with the object that will receive the message (S6).
For example, when the call signaling message is transmitted to the terminal from the server, the state verifying unit 31 refers to the terminal state DB 33. When the call signaling message is transmitted to the server from the terminal, the state verifying unit refers to the server state DB 32. In an embodiment of the invention, when the session state information corresponding to the call signaling message is not stored, as a result of referring to the server state DB 32 or terminal state DB 33, the state verifying unit 31 may store the session state information by the call signaling message in the server state DB 32 or terminal state DB 33 (S43).
As a result of referring to the server state DB 32 or terminal state DB 33, when the session state information corresponding to the forwarded call signaling message is stored therein, the state verifying unit 31 determines whether the corresponding call signaling message is a message transmitted from the terminal (S44). When the call signaling message is transmitted from the terminal, the state verifying unit refers to the server state DB 32 to determine whether the call signaling message is suitable for the current session state of the server (S45). In the meantime, when the call signaling message is not a message transmitted from the terminal, i.e., when the call signaling message is transmitted from the server, the state verifying unit refers to the terminal state DB 33 to determine whether the call signaling message is suitable for the current session state of the terminal (S46).
When using the security system and the securing method of a call signaling message according to an embodiment of the invention, it is possible to block a call signaling message of the call signaling messages transmitted/received in a SIP based VoIP service, which is not suitable for a format, includes the harmful information, includes a character string of a field registered in the block list or does not correspond to the transaction state of the terminal or server that will receive the message, thereby preventing a modified call signaling message from being introduced. Hence, it is possible to prevent a call failure from being caused when requesting a call or during the call in the VoIP service, and to block an attack on a call signaling message in advance.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made thereto without departing from the spirit and scope of the invention as defined by the appended claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 10-2007-0119812 | Nov 2007 | KR | national |
