Sip Events and Presence

Shadhin Rahman

Overview
General introduction of Sip
Sip transaction and dialog
Presence architecture
Sip Events architecture and behavior
Security considerations


SIP Introduction
Sip user agent and sip network server
Client initiates a call and server routes the
call
Server is responsible for name resolution
and user location
Sip proxy receives calls and send it to its
destination or next hop.
QuickT ime and a
decompressor
are needed t o see t his pict ure.
Image source http://www.cafesip.org/projects/jiplet/sip_registrar.jpg
Sip Methods
Invite is for session request
Ack confirms a request
Cancel is to end a pending request
Bye to end a session
Register to keep track of user location
Sip Return Code
Sip has http like return code
100 trying
180 ringing
200 Ok
302 moved permanently
401 unauthorized
503 service unavailable
603 declined

Sip Transaction and Dialog
Transaction occurs between a client and a server
and comprises all messages from the first request
sent from the client to the server up to a final
response sent from the server to the client.

Dialog is a peer-to-peer SIP relationship between
two UAs that persists for some time. A dialog is
identified by a Call-ID, a local tag and a remote
tag.
Sip Transaction Dialog
Image source http://www.informatik.uni-
bremen.de/~prelle/terena/cookbook/Cookbook_D2/figures/chapter2/dialog.png
Presence
Presence is users reachability and willingness to
communicate its current status information
User subscribe to an event and receive notification
Presence user agent
Presence agent
Presence server
Watcher
Image source http://msdn.microsoft.com/en-us/library/bb896003.aspx
Presence Overview
Subscribe request
Presence agent should authenticate and send
acknowledgement
State changes should be notified to
subscriber
Ability to refresh and terminate subscription
Presence agent should be able to allow or
terminate subscription
Presence Flow
Image source http://download.oracle.com/docs/cd/B32110_01/ocms.1013/b31497/about_sdp.htm#BABDHHCJ
Sip Events Introduction
Sip was initially introduced as a signaling
protocol
Lack of method to emulate constant
communication and update status between
entity
Three more method was introduced namely
Publish , Subscribe and Notify

Simple Sip Events
Image source http://www.cisco.com/en/US/i/100001-200000/190001-200000/190001-191000/190463.jpg
Sip Event definitions
Event Package
Event Templates
Notification
Notifier
State Agent
Subscriber
Subscription
Description of Subscribe
Subscription Duration
Identification of subscribe event or event
classes
Optional accept header.


Subscriber Actions
Requesting a subscription.
Refreshing subscription.
Unsubscribing.
Confirmation of subscription.


Description of Notify
Event headers
Message body
Check for valid event type
Ensure local authentication and
authorization.
Notification should sent after removal of
subscription.
Notifier Responds
Initial subscribe transaction processing.
489 bad event.
Confirmation of subscription
creation/refreshing.
Authentication/Authorization of subscribe
request.
403 forbidden, 603 declined.

Description of Publish
Publishes event state
Create, modify and remove state
Event publication agent
Event state compositor
Duration of any event is well defined

Processing Publish Request
Event state compositor keeps track of state
for each Address-of-record
Esc inspects request uri
Esc examines event header
Esc process expires header field
Esc stores the event state in the body of the
message
SUBSCRIBE sip:presentity@example.com SIP/2.0
Via: SIP/2.0/UDP
host.example.com;branch=z9hG4bKnashds7
To: <sip:presentity@example.com>
From: <sip:watcher@example.com>;tag=12341234
Call-ID: 12345678@host.example.com
CSeq: 1 SUBSCRIBE
Max-Forwards: 70
Expires: 3600
Event: presence
Contact: sip:user@host.example.com
Content-Length: 0
SIP/2.0 200 OK
Via: SIP/2.0/UDP
host.example.com;branch=z9hG4bKnashds7
;received=192.0.2.1
To:
<sip:presentity@example.com>;tag=abcd1234
From:
<sip:watcher@example.com>;tag=12341234
Call-ID: 12345678@host.example.com
CSeq: 1 SUBSCRIBE
Contact: sip:pa.example.com
Expires: 3600
Content-Length: 0
NOTIFY sip:user@host.example.com SIP/2.0
Via: SIP/2.0/UDP
pa.example.com;branch=z9hG4bK8sdf2
To:
<sip:watcher@example.com>;tag=12341234
From:
<sip:presentity@example.com>;tag=abcd1234
Call-ID: 12345678@host.example.com
CSeq: 1 NOTIFY
Max-Forwards: 70
Event: presence
Subscription-State: active; expires=3599
Contact: sip:pa.example.com
Content-Type: application/pidf+xml
Content-Length: ...
SIP/2.0 200 OK
Via: SIP/2.0/UDP
pa.example.com;branch=z9hG4bK8sdf2
;received=192.0.2.2
To:
<sip:watcher@example.com>;tag=12341234
From:
<sip:presentity@example.com>;tag=abcd1234
Call-ID: 12345678@host.example.com
CSeq: 1 NOTIFY
PUBLISH sip:presentity@example.com SIP/2.0
Via: SIP/2.0/UDP
pua.example.com;branch=z9hG4bK652hsge
To: <sip:presentity@example.com>
From:
<sip:presentity@example.com>;tag=1234wxyz
Call-ID: 81818181@pua.example.com
CSeq: 1 PUBLISH
Max-Forwards: 70
Expires: 3600
Event: presence
Content-Type: application/pidf+xml
Content-Length: ...
SIP/2.0 200 OK
Via: SIP/2.0/UDP
pua.example.com;branch=z9hG4bK652hsge
;received=192.0.2.3
To:
<sip:presentity@example.com>;tag=1a2b3c4d
From:
<sip:presentity@example.com>;tag=1234wxyz
Call-ID: 81818181@pua.example.com
CSeq: 1 PUBLISH
SIP-ETag: dx200xyz
Expires: 1800
Security Consideration
Access control.
Notifier privacy mechanism.
Denial of service attacks.
Replay Attacks.
Man-in-the-middle attacks.
Confidentiality.

Implementation of Security
Sip registration
TLS
Digest Authentication
S/MIME
References
Rfc 3856 http://www.ietf.org/rfc/rfc3856.txt
Rfc 3265 http://www.ietf.org/rfc/rfc3265.txt
Rfc 2778 http://www.ietf.org/rfc/rfc2778.txt
Rfc 3261 http://www.ietf.org/rfc/rfc3261.txt
Rfc 3903 http://www.ietf.org/rfc/rfc3903.txt
http://en.wikipedia.org/wiki/Session_Initiation_Pr
otocol




Summery
Presence is a way to have sustained stateful
communication
Sip serves well for presence requirements
Sip presence deployment must confirm
security measurements
Question ?