| With the rapid development of Internet, the demand of multimedia communications business integrated with data, video and audio, gets rapid development. As the main technical support during the integration, VoIP technology is becoming a hot spot of people's research and application. Session Initiation Protocol is a widely used VoIP protocol nowadays, mainly for the realization of instruction control over IP, including the creation, management and termination of the multi-user participatory voice conversation process. While on the other hand, facing the complex and open Internet application environment, the lack of strong security mechanisms making SIP seem to be week in safety and bring great security risks for SIP. This paper aims to provide a solution of SIP securiy.This paper first analyses the major vulnerabilities of SIP.Because of plain text transmission of SIP messages and the lack of effective mechanisms for identification, SIP is is vulnerable to face various attack.We analyze the existing security mechanism of SIP, i.e., TLS, IPSec, S/MIME, and then point out the shortcoming of them. One of the main shortcomings is they count on the SIP clients to obtain a certificate, which is not realistic. By expanding SIP protocol, we provide a security mechanism on application layer, which does not count on SIP clients'certificate and does not rely on external security protocol. The mechanisim provided pay attention to hop-by-hop security and end-to-end authentification, and can realize privacy, integrality, and authentication of SIP message.Next we give the implementation of SIP server and SIP client supporting with the mechanism we provided, and we demonstrate the communation correctness of our implementation, and the effectiveness of defending kinds of attacks, and test the commucation efficiency of our security mechanism. |
PDF Full Text Request