Research On The Security Of SIP Protocol

With the constant advance of information technology, the multimedia communications business integrated with data, video and audio gets rapid development, and will become one of mainstream businesses of the NGN. As the main technical support during the integration, VoIP technology is becoming a hot spot of people's research and application. Session Initiation Protocol which was first proposed by the IETF at 1999 is a widely used VoIP protocol nowadays, mainly for the realization of instruction control over IP, including the creation, management and termination of the multi-user participatory voice conversation process. SIP protocol will become the core control protocol of the NGN, and gets great significance for large-scale commercial of NGN. But on the other hand, facing the complex, open Internet application environment, the lack of strong security mechanisms making SIP seem to be week in safety and bring great security risks in the large-scale applications for SIP. Therefore, the studies of SIP security issues are becoming increasingly important.The article first analyses the major vulnerabilities of SIP: plain text transmission of SIP messages and the lack of effective mechanisms for identification, then do research on the security threats caused by the vulnerabilities of SIP, including registration hijacking, impersonating a server, tampering with message bodies, tearing down sessions and denial of service. After setting up a SIP communication platform in the laboratory environment, the article confirms the existence of security risks by using simulation attacking experiments. At the next stage, the article does research on the data encryption and identification mechanism respectively against the two major vulnerabilities. Based on the analysis of relatively mature network security technology that can be introduced by SIP, by the means of improving and applications, the article realizes TLS hop-by-hop encryption, S/MIME end-to-end encryption mechanism, improved HTTP digest authentication, S/MIME end-to-end signature mechanism and so on.