Combat Duty Sip Security Scheme Based On Identity Research In The System

Modern war has become the phase of information war. With the rapid development of information and network technology, military communication network is developing towards a next generation network, a new combat duty system is designing with the next generation network technology. However, SIP is one of the core protocols of next generation network, the security of SIP is one security problem in combat duty system, too.SIP is a text-based protocol, it is open, simple and easy to expand, it also has a strong function, but it did not make a corresponding security strategy, it needs a external security mechanisms to guarantee its safety. The thesis firstly analyzed the threats of SIP, they are registration attack, server disguising, message body tampering, deceit request and service denial, and so on. Then this thesis introduced several common security mechanisms, they are TLS/IPSec, SIPS URI, HTTP authentication, S/MIME, certificate-based security mechanism, and so on. Through the analysis, we can find there are some defects in these safety mechanisms when we use them in the practical application, most security threats in SIP are because that identity authentication and encryption problem were not solved well.In order to solve the problem of SIP safety certification, this thesis introduced the identity-based encryption algorithm. This algorithm is especially suitable for closed groups of users, it will make the user’s identity as a public key directly, and then the private key of users is calculated by a credible private key generation center. Compared with the traditional PKI system, the identity-based cryptosystem no longer depends on certificates, it makes the cryptosystem management simpler.This thesis analyzed characteristics of next military network, chose the signature and key agreement algorithm suited army network environment, proposed a identity-based SIP security solutions, described the design and procedure of the security implementation, and analyzed the security and efficiency of the scheme. Finally, the thesis carried out a simulation experiment. Through the analysis of the experimental results in the security scheme when being attacking, the thesis verified the feasibility and validity of the security scheme.