The Session Initiation Protocol (SIP) is a signaling protocol that is currently widely used for establishing, managing, and terminating multimedia communications over Internet Protocol (IP) networks. SIP-based applications utilize SIP to provide multimedia communication services such as Voice over Internet Protocol (VoIP), instant messaging, conferencing (e.g., audio, web, or video conferencing), data sharing, unified communications (e.g., integrated voicemail, e-mail, SMS, or fax), IP Television (IPTV), or presence information (telepresence) sharing.
Because SIP is a text-based protocol that operates over IP networks, much like the Hypertext Transfer Protocol (HTTP), SIP-based communications are also vulnerable to similar types of cybersecurity threats. However, traditional network firewalls are ineffective at protecting SIP-based communications from cybersecurity threats. This is, in part, because SIP is an application level protocol that operates at the session layer (i.e., layer 5) of the Open Systems Interconnection (OSI) model.
Moreover, many SIP service providers implement different versions of SIP, which introduces additional threat vectors specific to the SIP version. In fact, there currently exists hundreds of Request for Comments (RFCs) related to SIP, each of which may specify optional SIP-related features. As a result, current security systems often cannot parse SIP messages to secure SIP-related communications.