This ensures that a message is not copied or rerouted by hackers and then
used to create duplicate messages (cloned) for accessing the network (replay attack).
Security Procedures in the IMS 153
The route list is maintained throughout the period of registration. If the subscriber
moves (or changes the IP address), then the subscriber device must be registered again.
The new route list is created during this new registration process.
If a hacker had copied a SIP request and used it to create a ???cloned??? message for
unauthorized access into the network, the route used would be different than the real
subscriber (most likely). This then makes it simple to verify subscribers by location
alone.
If the P-CSCF receives a request with a route other than the recorded route, it will
change the routing headers in the message and forward the SIP message through the
authorized and registered route list. This would then result in the request/response being
sent to the authorized subscriber and the appropriate rejection being returned.
This also prevents session hijacking where an INVITE is intercepted by a hacker,
who then sends a 3xx response. This form of attack redirects a request to the hacker??™s
server, which then assumes control of the session. This can also be used in multimedia
sessions where voice and video are used, for example. In these cases the hacker could
redirect a portion of the call, since each portion of the call (the video being one portion)
requires its own session.
Pages:
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320