| SIP is an application-layer control protocol developed by the Internet Engineering Task Force, which has a wide range of uses, such as Internet multimedia conferences, Internet telephony and multimedia distribution and so on. With its simplicity, good scalability, powerful functionality and other features, SIP is paid more and more attention, and has become the standard signaling protocol for IP telephony. Just because of its simplicity and trustless Internet environment, safety issues related to SIP protocol has been particularly conspicuous, and SIP security mechanisms has become a research focus currently. In recent years, at home and abroad new solutions have been proposed from time to time. However, SIP security issues have not been satisfactorily resolved. In the existing SIP communication systems, the most widely used authentication mechanism is HTTP Digest Authentication, however, the mechanism has two major flaws:it only supports server-to-client authentication, and it does not provide key agreement scheme. In this paper, digest authentication has been improved to achieve mutual authentication and key agreement function, and safety issues about this new scheme are analyzed.First of all, this paper introduces the research background of SIP security issues and the current status of research, which shows the significance of the research of this subject. Then the stack, the functionality, the network entities, the message structure and other aspects of SIP protocol is studied, from which you can see the SIP's simplicity and its powerful functionality. According to common security threats of SIP systems, this paper analyzed the existing security mechanisms of SIP emphatically, and pointed out the inadequacies of their own, and illustrates the importance of identity authentication and encryption technologies.Based on this, an improved scheme for HTTP digest authentication is proposed. This scheme makes full use of the existing SIP signaling procedure, and implements the functions of two-way authentication and session key negotiation, by extending the SIP header fields.Then, this paper presents the design of a SIP security communication system on the Windows platform, and implements the major functional modules using existing open source libraries. The focus of implementation is on authentication module, giving the generation means of the temporary random number nonce and the response values, and the realization of several involving encryption algorithms, including MD5, SHA1, AES and RSA. Finally, the functionalities of the system and the performance of the authentication scheme were tested by experiments, and the security was analyzed. The results showed that the system does provide two-way authentication and key negotiation capability; although the performance is not as good as the basic digest authentication, the security has greatly improved. Due to the fairly good compatibility with the original digest authentication it provides, the improved authentication scheme has certain practical application value. |
PDF Full Text Request