Research Of Security Technologies Provided In The Multimedia Communication Based On SIP

With the development of VoIP and softswitch, SIP gets more and more extensive application, SIP becomes the key protocol of the IP multimedia subsystem in the third generation of mobile communication system formally too. But the design ideas of SIP, and the unreliability of the bear network, bring the great potential security problems on a large scale application of SIP. So the security problem of SIP will restrict its development seriously. SIP is the lightweight protocol, referring to the existing protocols on Internet such as HTTP, SMTP, etc in its design, has advantage of opening, simple and easily extendible, but SIP has not developed the corresponding security machanism. The paper designs to protect SIP conversation using for reference of the relatively riper network security technologies now. These key technologies of the network security include HTTP authentication, S/MIME, TLS, IPSec, etc. This paper discusses the SIP multimedia communication's security problem mainly from the aspects of authentication and encrypt. HTTP digest authentication has offered the user's authentication mechanism with simple and convenient advantages, but has not encrypted the data, at the same time it is unsuitable to apply to the large-scale network. Based on the authentication mechanism of the public key certificate, S/MIME and TLS provide privacy, authentication, no denying and integrality protection, are better solutions. S/MIME, TLS and IPSec offer the data encrypt function during the whole session, ensure the security of conversation of both sides of communication. On the basis of studying the shortages and advantages of these security technologies, the paper discusses how to apply these mechanisms to SIP protocol, to offer the security protect for SIP communication. The signaling and media transmit are separated in SIP conversation, thus the security of RTP media stream in SIP multimedia communication is the focus of the paper research too. RTP protocol not offers the check of data authentication and integrality, and it is easy to crack RTP encrypt algorithms. Through comparing with other encryption methods, the paper select SRTP to security that ensure the media flows, and make a further research of the combination of SRTP with SIP and SDP. Based on the above analysis, this paper has designed two kinds of feasible solutions for SIP multimedia communication security. The first solution is based on TLS, and provides hop-by-hop communication protection, realizes SIP security on transport layer. The main problem faced by TLS solution is the lack of the well-known Certificate Authority for user's public key certificate, and TLS can only use TCP connect. Another solution is using S/MIME method to encrypt SIP message. Handling CMS data causes some setup delay. SRTP are adopted for encryption of RTP media stream in two solutions. Then paper discusses the design of secure network structure. Finally, the paper discusses the problems that introducing the new security solution may bring to the existing SIP network system, such as NAT traveling, delay problem.