Secure SIP between IPv4 endpoints and IPv6 endpoints

The Internet Protocol version 6 (IPv6) is designed to replace the current version IPv4. However, there will continue to be a demand for IPv4-based end users to access IPv6-based services, and vice versa. Some transition mechanisms are necessary to make IPv6 and IPv4 compatible. Network Address Trans...

Full description

Bibliographic Details
Main Author: Jiang, Xing
Format: Others
Published: 2003
Online Access:http://spectrum.library.concordia.ca/2362/1/MQ91052.pdf
Jiang, Xing <http://spectrum.library.concordia.ca/view/creators/Jiang=3AXing=3A=3A.html> (2003) Secure SIP between IPv4 endpoints and IPv6 endpoints. Masters thesis, Concordia University.
Description
Summary:The Internet Protocol version 6 (IPv6) is designed to replace the current version IPv4. However, there will continue to be a demand for IPv4-based end users to access IPv6-based services, and vice versa. Some transition mechanisms are necessary to make IPv6 and IPv4 compatible. Network Address Translation--Protocol Translation (NAT-PT) can provide protocol translation at the network layer. The Session Initiation Protocol (SIP) is an application layer control protocol that can initiate, modify and terminate interactive communication sessions between end users. When SIP is used with NAT-PT, a special Application Level Gateway (ALG) is required to handle the translation of the addresses inside the SIP messages. This thesis introduces an implementation of a SIP-ALG. The SIP-ALG is responsible for translating IPv6 addresses in a SIP packet into the corresponding IPv4 addresses, and vice versa, relying on the functionalities of NAT-PT as the packet traverses across the boundary between IPv6 and IPv4. In addition, this thesis describes and models a SIP end-to-end security solution between IPv4 end points and IPv6 end points, given that involvement of the SIP-ALG seems to be in conflict with the primary requirements of the end-to-end security. The proposed mechanism lets a SIP endpoint authorize a security proxy server to encrypt the SIP bodies on behalf of the end point. The security proxy will discover the capabilities of the receiving party and encrypt the SIP bodies for the other SIP security proxy server in the receiving domain. IP address translation must be done before the encryption at the sending security proxy or after the decryption at the receiving security proxy.