LanScape Support Forum: Bug for SIP Message Encryption Found

		Active Topics Member List Search Help Register Login

LanScape VOIP Media Engine™ - Technical Support
LanScape Support Forum -> LanScape VOIP Media Engine™ - Technical Support

Topic: Bug for SIP Message Encryption Found

Author

Message

<< Prev Topic | Next Topic >>

speedvoip
Vetran
Vetran

Joined: August 07 2008
Location: Canada
Posts: 156

Posted: December 12 2008 at 11:35am \| IP Logged

Hi Support:
For latest v6.0.0.3 image, there is bug related to encrypt/decrypt SIP message. when I use proprietary algorithm which converts SIP message into non-ASCII byte stream, ModifySIPMessage API still regards it into string for process, therefore results in broken byte stream transmission or reception.
Most simple example is to use XOR byte by byte for encryption/decryption algorithm for testing.

On the whole, I think media engine must be carefully tested until release. In my opinion, there is far way to commercial level.

support
Administrator

Joined: January 26 2005
Location: United States
Posts: 1666

Posted: December 12 2008 at 3:18pm \| IP Logged

Hi George,

The media engine expects the encrypted SIP message to consist of printable ASCII characters – not binary data. This is by design.

Is there a fundamental reason that you insist on using binary data encryption? What am I missing?

Unless you are facing an encryption sip-inter-op issue with other equipment, take all of your XORed SIP data and perform a final convertion to ASCII hex characters then let the media engine transmit/receive that. The same level of SIP message obfuscation will be achieved.

If we have to support binary data for encrypted SIP, that should not be a problem. Give me your encrypt/decrypt algorithm and we will see if we can support it easily. Don’t worry, its all ok…..

Other Notes:
By the way, I am working on the “bo bo” noise update as we speak. Please email me with the SIP account information I can use to perform live testing if required.

Thanks,

Randal

Suki
Intermediate

Joined: December 13 2008
Location: China
Posts: 1

Posted: December 13 2008 at 2:03am \| IP Logged

Hi Support:

I'm Suki, a developer of speedvoip corporation.

Here, I post our encryption/decryption algorithm of sip message. This algorithm which is described as follows in ANSI C applies for both operation.

Code:

#define RF_SECURITY_KEY   0X4854

#define RF_END_KEY        0X53

void  ByteAlgorithm(IN char *pMsg, IN  unsigned short nMsglen)                                     

{

       int i;  

       unsigned short endnum = 0;

       if(nMsglen <= 0)

       {

           return ;

       } 

       endnum = nMsglen;

      //if odd, encrypt the end byte

       if(0 != nMsglen % 2)  

       {

           endnum = nMsglen -1;

           *(pMsg + endnum ) = *(pMsg + endnum) ^ RF_END_KEY; 

       }

       for(i = 0; i<endnum; ++i) 

       { 

           *(pMsg + i) = RF_SECURITY_KEY^ *(pMsg + i); 

       } 

       *(pMsg + nMsglen) = '\0';            

}

support
Administrator

Joined: January 26 2005
Location: United States
Posts: 1666

Posted: December 13 2008 at 6:42am \| IP Logged

Hi Suki,

Thanks for posting to this forum.

We will take a look and see what updates will allow the media engine to use binary data encoding/decoding for SIP messages. If its not too much of a change, then we may include the update when we remove the “bo bo” noise issue George reported.

Its Saturday today and I will be working on your behalf today.

Thanks,

Randal

support
Administrator

Joined: January 26 2005
Location: United States
Posts: 1666

Posted: December 18 2008 at 3:36pm \| IP Logged

Hi George and Suki,

We have looked at what it will take to support native binary data handling of SIP messages for encoding/decoding. It will take more than a few simple changes.

If you want to obfuscate media engine SIP messages, you will have to resort to the following method:

Encoding SIP Messages:

1)
Have your VOIP app process the SipModifySipMessage immediate event to access the “ready-to-be-transmitted” media engine SIP message.

2)
Use your XOR binary algorithm on the SIP message.

3)
Perform a final Base64 encoding of your binary data and call the ModifySipMessage API proc as normal.

Decoding SIP Messages:

1)
Have your VOIP app process the SipModifySipMessage immediate event.

2)
Take the received Base64 data you receive from the media engine and Base 64 decode it back to your XOR binary encoding.

3)
Use your XOR binary algorithm on data from step 2 to decode your XOR data back to the original SIP message.

As I previously stated, the media engine supports SIP message encoding/decoding for obfuscation purposes. By design the media engine expects to handle ASCII data with regards to SIP message flows.

We won’t be adding binary SIP message handling to the media engine unless it is absolutely necessary. If it is necessary, then we would consider this a custom version of the media engine and would perform the work only on a contract basis. If you can budget for us to add binary SIP message handling to the product – not a problem. We can get it scheduled right away.

Thanks,

Randal

speedvoip
Vetran
Vetran

Joined: August 07 2008
Location: Canada
Posts: 156

Posted: December 19 2008 at 11:35am \| IP Logged

Hi Randal:
You have fully explained principle for SIP message obfuscation. We think your advice is constructive, so a thin base64 wrapper to binary-powered SIP message will be added into our application.

Thanks

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

Printable version

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum