Electro/Telecom Industry Trends
February 2005
The Other Side of SIP
| Issue Table of Contents |
|
|
 |
In many ways, the Session Initiation Protocol (SIP) is a victim of its own success. As the protocol has increased in popularity, its drawbacks have become more apparent, leaving vendors and regulatory bodies with the task of trying to work out the kinks.
One of the primary concerns about SIP is one that is common to all Internet-based communications — security. The irony is that the very tools that organizations use to protect their networks — firewalls — can also hamper SIP-based Voice over IP (VoIP) communications. Since firewalls are designed to block unexpected packets from entering the network, they do such a good job that they effectively limit the ability of people on either side of a firewall to exchange SIP calls with one another.
One way to solve the firewall issue is to permanently open ports that are dedicated to SIP traffic. Unfortunately, this creates an open door that anyone can use to enter into the network. Instead, organizations are enabling SIP communications with session border controllers, which are designed to stand between the firewall and the public Internet. These devices both camouflage the addresses of the users behind the firewall and control VoIP sessions, ensuring that firewall ports are dynamically opened only when needed.
Protecting networks isn't the only SIP-related security concern. Some prospective VoIP customers remain skeptical of the integrity of packet-based communications and point to packet sniffers as a potential danger. To address these concerns, SIP vendors are turning to the same Pretty Good Privacy (PGP) encryption technology used to protect other types of Internet-based communications, such as email. They are also looking at other ways in which SIP can be strengthened to ensure the security of VoIP sessions.
Despite these concerns, telecommunications experts say that VoIP communications are far more difficult to eavesdrop on than calls made over the public switched network. In fact, the anonymous nature of packet-based communications offers new headaches for VoIP telecommunications providers who are faced with the Communications Assistance for Law Enforcement Act of 1994 (CALEA), which defines the requirements of telecommunications providers in helping law enforcement agencies conduct electronic surveillance of communications. While there is debate as to whether VoIP should be subject to the same regulations as other types of telecommunications, providers are now under pressure to comply with CALEA and help law enforcement officials tap into packet-based communications. One tool being used to deal with this issue is the session border controller, which can duplicate signaling and voice data packets as they pass through the device and then send this information on to law enforcement agencies as needed.
The anonymity of the Internet is also causing another compliance problem for telecommunications providers who need to support enhanced 911 (E911). E911 can literally mean the difference between life and death — the technology allows emergency personnel to quickly pinpoint the location of people who have placed 911 calls, and therefore better deploy the right resources to handle the emergency. While E911 has been in effect for a number of years for other types of telecommunications to support, especially SIP-based VoIP calls. Since SIP devices can be plugged in anywhere there is a network connection, they are virtually impossible to locate. In order to solve this problem, vendors are exploring different avenues, such as global positioning system (GPS) chips, which can be placed in the SIP device and be used to locate it when a 911 call is made.
Obviously, SIP is a work in progress. Even so, for many, the potential of SIP continues to outweigh all of its faults. For more information on the latest SIP standards, visit the related standards section of this newsletter.