Implementation Of SIP Security Authentication Scheme Based On HTTP Digest Authentication And Ciphertext Steganography

SIP (session initiation protocol) is one of the key protocols for Next Generation Network (NGN), and its security problem is gotten more attention in the research fields of communication and network. However, a good solution to this problem has not been proposed up till now.According to the text characteristic of the SIP message, the technology of HTTP digest authentication and the ciphertext steganography is combined in this thesis, the expansion message headers of Authentication-Info and Encryption in the SIP is used and the parameters of auth-param and algorithm is added to HTTP digest authentication mechanism. And this improved authentication method is called a HTTP one. Followed is its analysis of the ABNF grammatical rule of the SIP message, to whose parsing process the Tomita algorithm is applied. The thesis has three steps. First, this thesis designs an analysis-detection module of SIP message, in which a common detection rule is constructed and the concrete detection content is set. By using this module, the SIP message is analyzed, in the meantime, the possibly existent and illegal SIP message is screened out to a certain degree and range. Second, the improved HTTP digest authentication module is designed. According to it, the response value, used in identity authentication, is possessed with the higher encryption byte intensity after the TripleDES encryption; next, the ciphertext of message digest is changed into the text with the same statistical property as the natural language by means of the ciphertext steganography technology. As such, the chance of being decoded is reduced. Third, the software part of the security certification frame is realized on Windows XP. To say it in detail, the software programming of the sub-modules of encryption and steganography are fulfilled separately. Finally, the test results are analyzed and the validity of this method is verified to a certain extent.The SIP-protocol-based authentication method and its application to the signal control of the distributed multimedia conference systems are mainly discussed in this dissertation, which consists of the following five chapters:Chapter one is the introduction. First, it gives an overview of the SIP security in the current situation both at home and abroad. Second, based on the problems in the present researches, it put forwards a feasible method and presents the framework of the whole thesis.Chapter two illustrates the SIP message in detail, and summarizes its important network factors and key operation. Chapter three introduces the frame of the SIP security authentication, and discusses the hierarchy of the SIP security authentication module and the design idea.Chapter four illustrates the scheme in detail, and discusses the design process of each module.Chapter five is some tests of bidirectional identity authentication, and the analysis of the test results.