Internet Communications Using SIP : Delivering VoIP and Multimedia Services With Session Initiation Protocol {2Nd Ed.}

(Steven Felgate) #1
controller to the controlled parties and to make the controlled SIP endpoints
exchange RTP media with each other. If the controller has the same identity as
one of the parties (for example, if the controller is just another device that is
associated with A in Figure 11.5), then no new authorization or identity issues
are caused by this. However, if the controller is a different identity, then this
scenario can appear to the parties involved as a man in the middle attack
(MitM). That is, B is exchanging signaling with the controller, but media with
A. Note that since the controller is not actually manipulating and modifying
the SDP, but is just cutting and pasting it from one message to another, it is
possible that the SDP bodies could be encrypted with S/MIME. A and B could
use this to securely exchange SRTP master keys to have an encrypted and
authenticated media session between them.

Figure 11.5 Basic third-party call control

Party A Party B
1 INVITE with no media SDP

2 200 OK with no media SDP


  1. Controller sets up
    call to A using SDP
    with no media lines.


Controller and
party A can
be on same
desktop


  1. Controller sets up
    call to B and gets SDP
    data from B.

  2. Controller re-INVITEs
    A using SDP data from B.
    Party B receives the SDP
    from A in the ACK.
    Conversation between
    A and B.

  3. Party A originates BYE
    to controller who in turn
    sends BYE to party B. The
    BYEs are confirmed and
    the call is terminated.


10 RTP Session from A to B

4 INVITE

8 ACK with SDP from A

12 BYE

7 200 OK with SDP from A

11 BYE

3 ACK

6 INVITE using SDP from B

9 ACK

14 200 OK
13 200 OK

5 200 OK with SDP from B

Controller

204 Chapter 11

Free download pdf