Given the ubiquitous nature of mobile electronic devices such as, for example, mobile communication devices like cellular telephones, many people are utilizing an expanding variety of applications that are executable at such mobile electronic devices. For example, applications for providing services related to communications, media sharing, information gathering, education, gaming, and many others have been developed, fueled by consumer demand. One particular area in which consumer demand has triggered an expansion of services relates to the establishment of communication sessions during which, for example, Internet telephone calls, multimedia distribution, multimedia conferences and the like may be established. One particular protocol for setting up such sessions is the Session Initiation Protocol (SIP).
SIP is an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. SIP is widely used as a signaling protocol for Voice over Internet Protocol (VoIP) and media sharing applications. SIP is addressing neutral, with addresses expressed as a uniform resource locator (URL), a uniform resource identifier (URI), a telephone number, an email like address, or the like. SIP is generally considered to be lightweight since it has a limited number of methods to reduce complexity, and transport-independent since it can be used with User Datagram Protocol (UDP), Transport Control Protocol (TCP) and other transport protocols.
SIP clients may use, for example, TCP or UDP to connect to a SIP server and/or other SIP endpoints. As such, SIP may be used in setting up and tearing down voice or video calls or in any application where session initiation is employed. SIP, therefore, provides a signaling and call setup protocol for IP-based communications that can support a superset of call processing functions and features present in the public switched telephone network (PSTN).
SIP is a peer-to-peer protocol which works in concert with several other protocols and is typically only involved in the signaling portion of a communication session. SIP invitations are used to create sessions and SIP signaling is used to carry session descriptions that allow participants to agree on a set of compatible media types. SIP servers, or proxy servers, may help route requests to users, implement provider call-routing policies, provide features to users, etc. SIP also provides a registration function to allow users to upload their current locations to the proxy server.
With respect to SIP sessions and other services which may be provided over a network, it is common for subscriber authentications to be performed by the network instead of by SIP servers or some other servers associated with various different services. For example, a transport network such as a radio access network (RAN), a packet data serving node (PDSN), an authentication, authorization, and accounting (AAA) server or the like, may provide authentication for network access. Accordingly, once a particular subscriber passes the network authentication, the subscriber can access, for example, the SIP server as long as the mobile device number (MDN) of the device being used to access the server is stored in the server's database.
The lack of authentication at the server itself may cause problems with regard to security. For example, a hacker could obtain subscriber information using SIP signaling messages. If the hacker is able to obtain a valid MDN, i.e., an MDN that has been authenticated by the network, the hacker could use an in-network device and purport to be associated with the MDN to access information about the subscriber who is legitimately associated with the MDN including contact information including other valid MDNs. Additionally, the hacker could launch a denial of service attack by pinging the SIP server with SIP signaling messages that appear to be from valid MDNs. Since the server may attempt to respond to each “valid” message, the server, and possibly other network resources, may be overloaded. Additionally, having gained valid MDNs, the hacker may attempt to perform other types of damage.
Accordingly, it may be desirable to provide a mechanism by which to reduce the vulnerability of servers and other network resources to the attacks described above.