DOCSLIB.ORG

Security Issues of SIP

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Master Thesis Electrical Engineering Thesis no: MEE10:74 June 2010 BLEKINGE INSTITUTE OF TECHNOLOGY SCHOOL OF ENGINEERING DEPARTMENT OF TELECOMMUNICATION SYSTEMS Security Issues of SIP MASTER‘S THESIS Name: Gulfam Asghar Email: [email protected] Name: Qanit Jawed Azmi Email: [email protected] Blekinge Institute of Technology School of Engineering Supervisor: (Doktorand) Mr. Karel De Vogeleer Examiner: Prof. Dr. Adrian Popes Table of Contents Abstract ........................................................................................... 5 Objectives ........................................................................................ 5 Acknowledgments ........................................................................... 5 1 Introduction .................................................................................. 6 1.1 Background .............................................................................. 6 1.2 Problem description .................................................................. 7 1.3 Scope of work ........................................................................... 9 1.4 Test Environment ..................................................................... 9 1.5 Outline .................................................................................... 10 2 Overview of SIP & Security Considerations ............................. 11 2.1 The Evolution Of SIP protocol ................................................ 11 2.2 Basics of SIP protocol ............................................................ 12 2.2.1 Definition ......................................................................................... 12 2.2.2 Basic functionality of a SIP based VOIP system ............................. 12 2.2.3 Overview of Operation (A Simple Call Setup Example) ............. 14 2.2.4 SIP Call with Proxy Servers ............................................................ 22 2.2.5 The SIP Registration Process ......................................................... 24 2.2.6 Instant Messaging with SIP ............................................................. 25 2.2.7 Message Transports in SIP ............................................................. 27 2.2.7.1 UDP Transport ............................................................................. 27 2.2.7.2 TCP Transport ............................................................................. 28 2.2.7.3 SCTP Transport .......................................................................... 30 2.3 Threats to SIP Security .......................................................... 31 2.3.1 Registration Hijacking .................................................................... 32 2.3.2 Impersonating a server .................................................................. 33 2.3.3 Message Tampering ...................................................................... 34 2 2.3.4 Session Tear Down ....................................................................... 36 2.3.5 Denial of Service (DoS) Attacks ..................................................... 37 3 SIP with Firewall/NAT Traversal ................................................ 39 3.1 Firewalls and Network Address Translators (NAT) ................. 39 3.1.1 Internet Firewalls ............................................................................. 40 3.1.1.1 Packet filtering Gateways ............................................................ 40 3.1.1.2 Circuit Level Gateways ................................................................ 43 3.1.1.3 Application Level Gateways ......................................................... 44 3.1.2 Network Address Translators (NAT) ................................................ 44 3.1.2.1 NAT Operation .............................................................................. 45 3.1.2.2 Basic NAT Traversal ..................................................................... 46 3.1.2.3 NAPT Traversal ............................................................................ 47 3.1.2.4 NAT behaviors and classifications ................................................ 48 3.1.2.4.1 Symmetric Binding ......................................................................49 3.1.2.4.2 Full-cone Binding .........................................................................49 3.1.2.4.3 Restricted-cone Binding ..............................................................49 3.1.2.4.4 Port-restricted-cone Binding ........................................................49 3.1.2.5 Conclusions related to NAT .......................................................... 50 3.2 NAT/Firewall Traversal with SIP: ISSUES .............................. 50 3.2.1 NAT Traversal with SIP signaling ................................................... 50 3.2.2 SIP related media with NAT traversal ............................................ 51 3.3 NAT/Firewall Traversal with SIP: SOLUTIONS ...................... 51 3.3.1 Symmetric response ...................................................................... 51 3.3.2 Connection Re-use ........................................................................ 52 3.3.3 Symmetric RTP .............................................................................. 52 3.3.4 Simple Traversal of UDP through NAT (STUN) ............................. 52 3.3.5 Traversal Using Relay NAT (TURN) .............................................. 52 3.3.6 Interactive Connectivity Establishment (ICE) ................................. 53 3 3.3.7 Application Layer Gateway (ALG) .................................................. 53 3.3.8 Middlebox/MlDCOM (Middlebox Communications Protocol) ......... 53 3.3.9 Universal Plug and Play (UPnP) .................................................... 54 3.3.10 Session Border Control (SBC) ..................................................... 54 4 Model test Scenario .................................................................... 56 4.1 Virtualization ........................................................................... 58 4.1.1 OS Level ........................................................................................... 58 4.1.2 Network Level ................................................................................... 60 4.2 Call Hijacking Demonstration .................................................. 63 4.2.1 Packet dumps collected via wireshark ............................................. 65 4.3 IPSec and Firewall Implementation ........................................ 68 4.3.1 Router R1-Karlskrona ..................................................................... 69 4.3.1.1 IPSec Tunnel ...................................................................... 69 4.3.1.2 Firewall based Access Control policies ............................... 70 4.3.2 Router R2-Ronneby ........................................................................ 73 4.3.2.1 IPSec Tunnel ..................................................................... 73 4.3.2.2 Firewall based Access Control policies ............................... 74 5 Summary & Conclusions ........................................................... 77 5.1 Summary ................................................................................ 77 5.2 Conclusions ............................................................................ 77 List of Figures ................................................................................ 79 References ..................................................................................... 81 Appendix ........................................................................................ 83 4 Abstract Voice over IP (VoIP) services based on Session Initiation Protocol (SIP) has gained much attention as compared to other protocols like H.323 or MGCP over the last decade. SIP is the most favorite signaling protocol for the current and future IP telephony services, and it‘s also becoming the real competitor for traditional telephony services. However, the open architecture of SIP results the provided services vulnerable to different types of security threats which are similar in nature to those currently existing on the Internet. For this reason, there is an obvious need to provide some kind of security mechanisms to SIP based VOIP implementations. In this research, we will discuss the security threats to SIP and will highlight the related open issues. Although there are many threats to SIP security but we will focus mainly on the session hijacking and DoS attacks. We will demonstrate these types of attacks by introducing a model/practical test environment. We will also analyze the effect and performance of some the proposed solutions that is the use of Network Address Translation (NAT), IPSec, Virtual Private Networks (VPNs) and Firewalls (IDS/IPS) with the help of a test scenario. Objectives The main objective of this master‘s thesis is to learn the security issues of SIP and their practical implications. The primary goal of this project is to present the SIP security issues and will analyze the performance of some proposed solutions i.e. NAT/firewall traversal. Acknowledgments We would like to thank our supervisor at the Blekinge Institute of Technology (Sweden), who has helped and guided us throughout this thesis work. Our everlasting gratitude and acknowledgements are for our parents for their moral support and encouragement throughout our study period at BTH. 5 1 Introduction 1.1 Background The Session Initiation protocol
Recommended publications
  • User Datagram Protocol - Wikipedia, the Free Encyclopedia Página 1 De 6

    User Datagram Protocol - Wikipedia, the Free Encyclopedia Página 1 De 6

    User Datagram Protocol - Wikipedia, the free encyclopedia Página 1 de 6 User Datagram Protocol From Wikipedia, the free encyclopedia The five-layer TCP/IP model User Datagram Protocol (UDP) is one of the core 5. Application layer protocols of the Internet protocol suite. Using UDP, programs on networked computers can send short DHCP · DNS · FTP · Gopher · HTTP · messages sometimes known as datagrams (using IMAP4 · IRC · NNTP · XMPP · POP3 · Datagram Sockets) to one another. UDP is sometimes SIP · SMTP · SNMP · SSH · TELNET · called the Universal Datagram Protocol. RPC · RTCP · RTSP · TLS · SDP · UDP does not guarantee reliability or ordering in the SOAP · GTP · STUN · NTP · (more) way that TCP does. Datagrams may arrive out of order, 4. Transport layer appear duplicated, or go missing without notice. TCP · UDP · DCCP · SCTP · RTP · Avoiding the overhead of checking whether every RSVP · IGMP · (more) packet actually arrived makes UDP faster and more 3. Network/Internet layer efficient, at least for applications that do not need IP (IPv4 · IPv6) · OSPF · IS-IS · BGP · guaranteed delivery. Time-sensitive applications often IPsec · ARP · RARP · RIP · ICMP · use UDP because dropped packets are preferable to ICMPv6 · (more) delayed packets. UDP's stateless nature is also useful 2. Data link layer for servers that answer small queries from huge 802.11 · 802.16 · Wi-Fi · WiMAX · numbers of clients. Unlike TCP, UDP supports packet ATM · DTM · Token ring · Ethernet · broadcast (sending to all on local network) and FDDI · Frame Relay · GPRS · EVDO · multicasting (send to all subscribers). HSPA · HDLC · PPP · PPTP · L2TP · ISDN · (more) Common network applications that use UDP include 1.
  • RFC 8872: Guidelines for Using the Multiplexing Features of RTP To

    RFC 8872: Guidelines for Using the Multiplexing Features of RTP To

    Stream: Internet Engineering Task Force (IETF) RFC: 8872 Category: Informational Published: January 2021 ISSN: 2070-1721 Authors: M. Westerlund B. Burman C. Perkins H. Alvestrand R. Even Ericsson Ericsson University of Glasgow Google RFC 8872 Guidelines for Using the Multiplexing Features of RTP to Support Multiple Media Streams Abstract The Real-time Transport Protocol (RTP) is a flexible protocol that can be used in a wide range of applications, networks, and system topologies. That flexibility makes for wide applicability but can complicate the application design process. One particular design question that has received much attention is how to support multiple media streams in RTP. This memo discusses the available options and design trade-offs, and provides guidelines on how to use the multiplexing features of RTP to support multiple media streams. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8872. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document.
  • Routing Loop Attacks Using Ipv6 Tunnels

    Routing Loop Attacks Using Ipv6 Tunnels

    Routing Loop Attacks using IPv6 Tunnels Gabi Nakibly Michael Arov National EW Research & Simulation Center Rafael – Advanced Defense Systems Haifa, Israel {gabin,marov}@rafael.co.il Abstract—IPv6 is the future network layer protocol for A tunnel in which the end points’ routing tables need the Internet. Since it is not compatible with its prede- to be explicitly configured is called a configured tunnel. cessor, some interoperability mechanisms were designed. Tunnels of this type do not scale well, since every end An important category of these mechanisms is automatic tunnels, which enable IPv6 communication over an IPv4 point must be reconfigured as peers join or leave the tun- network without prior configuration. This category includes nel. To alleviate this scalability problem, another type of ISATAP, 6to4 and Teredo. We present a novel class of tunnels was introduced – automatic tunnels. In automatic attacks that exploit vulnerabilities in these tunnels. These tunnels the egress entity’s IPv4 address is computationally attacks take advantage of inconsistencies between a tunnel’s derived from the destination IPv6 address. This feature overlay IPv6 routing state and the native IPv6 routing state. The attacks form routing loops which can be abused as a eliminates the need to keep an explicit routing table at vehicle for traffic amplification to facilitate DoS attacks. the tunnel’s end points. In particular, the end points do We exhibit five attacks of this class. One of the presented not have to be updated as peers join and leave the tunnel. attacks can DoS a Teredo server using a single packet. The In fact, the end points of an automatic tunnel do not exploited vulnerabilities are embedded in the design of the know which other end points are currently part of the tunnels; hence any implementation of these tunnels may be vulnerable.
  • Problems of Ipsec in Combination with NAT and Their Solutions

    Problems of Ipsec in Combination with NAT and Their Solutions

    Problems of IPsec in Combination with NAT and Their Solutions Alexander Heinlein Abstract As the Internet becomes more and more a part of our daily life it also evolves as an at- tractive target for security attacks, often countered by Internet Protocol Security (IPsec) to establish virtual private networks (VPNs), if secure data communication is a primary objective. Then again, to provide Internet access for hosts inside Local Area Networks, a public IP address shared among all peers is often used, achieved by Network Address Translation (NAT) deployment. IPsec, however, is incompatible with NAT, leading to a variety of problems when using both in combination. Connection establishments origi- nating from the outside are blocked and NAT, as it modifies the outer IP header, breaks IPsec’s security mechanisms. In the following we analyze problems of NAT in combination with IPsec and multiple approaches to solve them. 1 Introduction The current TCP/IP protocols originate from a time where security was not a great concern. As the traditional Internet Protocol (IP) does not provide any guarantees on delivery, the receiver cannot detect whether the sender is the same one as recorded in the protocol header or if the packet was modified during transport. Moreover an attacker may also easily replay IP packets or read sensitive information out of them. In contrast, today, as the Internet becomes more and more a part of our everyday life, a more security aware protocol is needed. To fill this gap the Internet Engineering Task Force (IETF) worked on a new standard for securing IP, called Internet Protocol Security (IPsec).
  • Hybrid ATA with FXS and FXO Ports

    Hybrid ATA with FXS and FXO Ports

    Hybrid ATA with FXS and FXO ports HT813 The HT813 is an analog telephone adapter that features 1 analog telephone FXS port and 1 PSTN line FXO port in order to offer backup lifeline support using a PSTN line. The integration of a FXO and FXS port enables this hybrid ATA to support remote calling to and from the PSTN line. For added flexibility, the FXS port extends VoIP service to one analog device. Users can convert their analog technology to VoIP thanks to the HT813’s ultra-compact size, HD voice quality, advanced VoIP functionality, high-end security protection and multiple auto provisioning options. These advanced features also allow service providers to offer high quality IP service to customers looking to upgrade to VoIP. Supports 2 SIP Dual 100Mbps LAN Lifeline support (FXS 3-way voice profiles through 1 and WAN ports port will be hard- conferencing per FXS port and 1 FXO relayed to FXO port) port port in case of power outage Automated & secure Supports T.38 Fax Failover SIP server Strong AES encryption provisioning options for reliable Fax- automatically with security using TR069 over-IP switches to certificate per unit secondary server if main server loses connection www.grandstream.com Telephone Interfaces One (1) RJ11 FXS port, One (1) RJ11 FXO PSTN line port with lifeline support Network Interface Two (2) 10/100Mbps ports (RJ45) with integrated NAT router LED Indicators POWER, LAN, WAN, FXS, FXO Factory Reset Button Yes Voice, Fax, Modem Caller ID display or block, call waiting, flash, blind or attended transfer, forward,
  • NAT Tutorial

    NAT Tutorial

    NAT Tutorial Dan Wing, [email protected] IETF77, Anaheim March 21, 2010 V2.1 1 Agenda • NAT and NAPT – Types of NATs • Application Impact – Application Layer Gateway (ALG) – STUN, ICE, TURN • Large-Scale NATs (LSN, CGN, SP NAT) • IPv6/IPv4 Translation (“NAT64”) • NAT66 2 Agenda • NAT and NAPT – Types of NATs • Application Impact – Application Layer Gateway (ALG) – STUN, ICE, TURN • Large-Scale NATs (LSN, CGN, SP NAT) • IPv6/IPv4 Translation (“NAT64”) • NAT66 3 NAT • First described in 1991 • 1:1 translation – Does not conserve IPv4 addresses • Per-flow stateless • Today’s primary use is inside of enterprise networks – Connect overlapping RFC1918 address space draft-tsuchiya-addrtrans-00 4 NAT Diagram • Hosts seem to have multiple IPv4 addresses – almost like “ghosts” 192.168.0.2 10.1.1.2 192.168.0.1 10.1.1.1 192.168.0.3 10.1.1.3 5 NAPT • Described in 2001 (RFC3022) • 1:N translation – Conserves IPv4 addresses – Allows multiple hosts to share one IPv4 address – Only TCP, UDP, and ICMP – Connection has to be initiated from ‘inside’ • Per-flow stateful • Commonly used in home gateways and enterprise NAT 6 NAPT Diagram • Hosts share an IPv4 address 192.168.0.2 157.55.0.1 Internet 192.168.0.3 192.168.0.1 7 NAPT complications • NAPT requires connections initiated from ‘inside’ • Creates state in the network (in the NAPT) – This is bad – NAPT crashes -> connections break • When to discard state? – TCP RST? Spoofed RSTs? – Timeout? 8 Terminology • “NAT” is spoken/written instead of “NAPT” – Even though NAPT is often more accurate – The more accurate
  • Guidelines for the Secure Deployment of Ipv6

    Guidelines for the Secure Deployment of Ipv6

    Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
  • Datagram Transport Layer Security Dtls Protocol

    Datagram Transport Layer Security Dtls Protocol

    Datagram Transport Layer Security Dtls Protocol Lipless Arie expertised bootlessly. Kermit still hilltop bulgingly while Cesarean Silvain mutualising that serigrapher. Which Patsy homologating so wrongly that Stefano carcasing her Morley? Display real time to the connection close messages back its communications security layer datagram transport dtls protocol is located somewhere After sending state alive at all connections except you enable smart, it must not recommend contacting your. Ipsec can defend against almost has with transport layer datagram transports. Cbc ciphers must not apply settings, dtls with unlimited data packets. All local network layer transport receiver responds to allocate state. Please enter a transport datagram layer security protocol deadlocks could derive from. Dtls protocol secured with ssl certificate errors, also supported extensions, through reference to. Both against denial of sequence number to syslog over time taken by maintaining a different ip office of service to use with saying that your tunnel? Tls features of using ssl protocol to find commands shown when replay. Dtls payload in another thread, and hacking just slightly different os sockets interface mtu that works and provisioning processes, each of output generated. Registration flag for dtls protocol identifier, but it can be taken to. Ssl protocol needs to facilitate certification authority can present certificate checks udp protocols. Tls will cause connection state machine translated for dtls api and servers including ehs headset and may treat receipt; login attempts and authorization server. This attack is datagram layer datagram transport security dtls protocol to attack. Can improve your site may be found or esp payload of the next generation must be used, transferring this service provision information, will detail the.
  • HT801/HT802 Analog Telephone Adaptors Administration Guide

    HT801/HT802 Analog Telephone Adaptors Administration Guide

    Grandstream Networks, Inc. HT801/HT802 Analog Telephone Adaptors Administration Guide COPYRIGHT ©2021 Grandstream Networks, Inc. http://www.grandstream.com All rights reserved. Information in this document is subject to change without notice. Reproduction or transmittal of the entire or any part, in any form or by any means, electronic or print, for any purpose without the express written permission of Grandstream Networks, Inc. is not permitted. The latest electronic version of this user manual is available for download here: http://www.grandstream.com/support Grandstream is a registered trademark and Grandstream logo is trademark of Grandstream Networks, Inc. in the United States, Europe and other countries. CAUTION Changes or modifications to this product not expressly approved by Grandstream, or operation of this product in any way other than as detailed by this User Manual, could void your manufacturer warranty. WARNING Please do not use a different power adaptor with your devices as it may cause damage to the products and -void the manufacturer warranty. P a g e | 1 HT801/HT802 Administration Guide Version 1.0.29.8 GNU GPL INFORMATION HT801/HT802 firmware contains third-party software licensed under the GNU General Public License (GPL). Grandstream uses software under the specific terms of the GPL. Please see the GNU General Public License (GPL) for the exact terms and conditions of the license. Grandstream GNU GPL related source code can be downloaded from Grandstream web site from: http://www.grandstream.com/support/faq/gnu-general-public-license/gnu-gpl-information-download P a g e | 2 HT801/HT802 Administration Guide Version 1.0.29.8 Table of Content DOCUMENT PURPOSE ................................................................................................
  • TR-069 CPE WAN Management Protocol V1.1

    TR-069 CPE WAN Management Protocol V1.1

    TECHNICAL REPORT TR-069 CPE WAN Management Protocol v1.1 Version: Issue 1 Amendment 2 Version Date: December 2007 © 2007 The Broadband Forum. All rights reserved. CPE WAN Management Protocol v1.1 TR-069 Issue 1 Amendment 2 Notice The Broadband Forum is a non-profit corporation organized to create guidelines for broadband network system development and deployment. This Technical Report has been approved by members of the Forum. This document is not binding on the Broadband Forum, any of its members, or any developer or service provider. This document is subject to change, but only with approval of members of the Forum. This document is provided "as is," with all faults. Any person holding a copyright in this document, or any portion thereof, disclaims to the fullest extent permitted by law any representation or warranty, express or implied, including, but not limited to, (a) any warranty of merchantability, fitness for a particular purpose, non-infringement, or title; (b) any warranty that the contents of the document are suitable for any purpose, even if that purpose is known to the copyright holder; (c) any warranty that the implementation of the contents of the documentation will not infringe any third party patents, copyrights, trademarks or other rights. This publication may incorporate intellectual property. The Broadband Forum encourages but does not require declaration of such intellectual property. For a list of declarations made by Broadband Forum member companies, please see www.broadband-forum.org. December 2007 © The Broadband
  • IP Intercom User Manual

    IP Intercom User Manual

    IP Intercom User Manual Single button Dual button 1 / 50 Safety Notices 1. Please use the specified power adapter. If special circumstances need to use the power adapter provided by other manufacturers, please make sure the voltage and current provided in accordance with the requirements of this product, meanwhile, please use the safety certificated products, otherwise may cause fire or get an electric shock. 2. When using this product, please do not damage the power cord, or forcefully twist it、Stretch pull or banding, and not to be under heavy pressure or between items, Otherwise may cause the power cord damage, thus lead to fire or get an electric shock. 3. Before use, please confirm the temperature and environment humidity suitable for the product work. (Move the product from air conditioning room to natural temperature, which may cause this product surface or internal components produce condense water vapor, please open power use it after waiting for this product is natural drying). 4. Non-technical staff not remove or repair, improper repair or may cause electric shock, fire or malfunction, etc,Which can lead to injury accident, and also can cause your product damage. 5. Do not use fingers, pins, wire and other metal objects, foreign body into the vents and gaps. It may cause current through the metal or foreign body, which even cause electric shock and injury accident. If any foreign body or objection falls into the product please stop usage. 6. Please do not discard the packing bags or stored in places where children could reach, if children trap his head with it, may cause nose and mouth blocked, and even lead to suffocation.
  • AES Standard for Audio Applications of Networks - High-Performance Streaming Audio-Over-IP Interoperability

    AES Standard for Audio Applications of Networks - High-Performance Streaming Audio-Over-IP Interoperability

    AES STANDARDS: DRAFT FOR COMMENT ONLY DRAFT REVISED AES67-xxxx STANDARDS AND INFORMATION DOCUMENTS Call for comment on DRAFT REVISED AES standard for audio applications of networks - High-performance streaming audio-over-IP interoperability This document was developed by a writing group of the Audio Engineering Society Standards Committee (AESSC) and has been prepared for comment according to AES policies and procedures. It has been brought to the attention of International Electrotechnical Commission Technical Committee 100. Existing international standards relating to the subject of this document were used and referenced throughout its development. Address comments by E-mail to [email protected], or by mail to the AESSC Secretariat, Audio Engineering Society, PO Box 731, Lake Oswego OR 97034. Only comments so addressed will be considered. E-mail is preferred. Comments that suggest changes must include proposed wording. Comments shall be restricted to this document only. Send comments to other documents separately. Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation. This document will be approved by the AES after any adverse comment received within six weeks of the publication of this call on http://www.aes.org/standards/comments/, 2018-02-14 has been resolved. Any person receiving this call first through the JAES distribution may inform the Secretariat immediately of an intention to comment within a month of this distribution. Because this document is a draft and is subject to change, no portion of it shall be quoted in any publication without the written permission of the AES, and all published references to it must include a prominent warning that the draft will be changed and must not be used as a standard.