| With the increasing popularity of VoIP, its security issues become significant. Some security mechanisms, such as S/MIME, SRTP, MIKEY, ZRTP, etc, have been proposed and implemented. These security mechanisms provide a secure data transmission channel for VoIP traffic with achieving data confidentiality and providing message authentication and integrity protection. However, as these secure channel technologies without considering security of communication endpoints, malicious users and attackers in computer network can attack against the secure channel through destroying endpoints.Trusted computing technology can enhance the security level of the secure channel by improving the security of terminal platforms. In this paper, we provide a method of trusted ZRTP protocol for trustworthy SIP-based VoIP media transmission. Our proposed method aims at make full use of remote attestation technology of Trusted Computing to enhance endpoint security, and eventually, to establish a trusted channel between two VoIP users.We first study ZRTP session key negotiation process and trusted computing techniques including the Integrity Measurement mechanism and remote attestation technology. Then we analyze the feasibility about combining the ZRTP protocol with the remote attestation protocol and propose the trusted ZRTP protocol. At last, we apply formal verification tool SPIN to verify whether the two proposed protocols meet the security requirements.The verification results show that direct integration scheme cannot meet necessary security attributes. Through analyzing the counter-example generated by SPIN, the second protocol that we improved passes security validation. Finally we propose a perfect trusted transmission scheme of VoIP traffic which not only holds the confidentiality of platform information on the Internet but also achieves the transparency of remote attestation technique in key exchanging algorithm. |
PDF Full Text Request