Presence and IM
The main threats to presence and IM are described in Table 9.2. They are
described in terms of their impact on a single SIP user. A similar set of threats
could be listed as threats against a server or service provider.
Table 9.2 Threats on SIP Presence and IM
THREAT DESCRIPTION PROTECTION MECHANISM
Instant message An instant messag- Authentication of Digest, Enhanced
session hijacking ing session signaling; identity Identity
intended for one
user is redirected to
a third party.
Presence publi- An attacker modi- Authentication of auth-int Digest or
cation hijacking fies presence publi- signaling; integrity TLS
cation data or protection of
injects false data publication.
for a user.
Presence An attacker sends Authentication of Enhanced Identity
notification false presence signaling; integrity
impersonation notifications about protection of
another user. publication.
Eavesdropping A third party tracks Confidentiality TLS
on Presence and records the of SIP
presence of a user.
Eavesdropping on A third party tracks Confidentiality of Secured MSRP
Instant Messages and records IM SIP or MSRP
exchanges between
two parties.
Denial of Service IMs to or from IP, SIP, and RTP Variety of
a user or presence layer traffic Mechanisms
publications or management
notifications are
prevented.
IM session Instant messages Integrity Secure SIP
disruption to or from a user
are blocked or
deleted.
Bid-down attack IM sessions to or Integrity protection; Secure SIP
from a user are not supporting low
forced to use a security modes of
lower level of secu- communication
rity by an attacker.
SIP Security 161