| With the rapid development of Internet technology, all kinds of multimedia applications based on Internet business has been fast promotion and popularization. As the essential protocol of multimedia applications, the Session Initialization Protocol was the standard protocol which was elected by the next generation network for performing the signaling control, thus its security was highly concerned.Because of its simplicity, flexibility, expansibility and other features in design, the SIP protocol was lack of effective security mechanism, meanwhile it 's coded in text, so the SIP protocol which worked in the open Internet environment was more easily pretended and illegally used by the attacker. There are several threats aiming at the SIP security, as follows: Registration hijacking attack, server camouflage attack, message tampering attack, session change attack, denial of service attack and so on. IETF did not define specialized security mechanisms for the SIP protocol, the mechanisms of SIP were mainly from the existing security mechanisms, such as HTTP digest authentication mechanism, S/MIME mechanism, TLS mechanism, IPsec mechanism. But these security mechanisms have their own scope of application, in practical there will be different limitations in practical use, and they cannot effectively guarantee the safety of SIP.At present,a hot topic of SIP was how to improve and expand the security mechanism of SIP, by which we can guarantee the safety of SIP communication effectively.This paper started with the analysis of SIP, firstly the structure, function and the form of SIP was introduced, secondly the SIP security was analyzed, and the security analysis of the SIP used by formal analysis methods, on this basis a feasible solution to security problem of SIP scheme was put forward, code implementation and experimental verification were made and good res ults have been achieved. The main contents are as follows:Firstly, the safety of SIP was analyzed from its design mechanism and operating mechanism, and several threats about SIP and its principle were also analyzed, and the scope of application of existing security mechanism proposed by IETF was summarized on the basis of it;Secondly, aiming at the analysis of SIP security, two methods of the formal methods,the logic of BAN and AVISPA, were used to respectively manual analysis and automated analysis, the defects that existed in the protocol and the attack trace caused by the defects were also analyzed;Thirdly, aiming at the analysis result of SIP, a method of security enhancement was proposed, in which the improved scheme of SIP was descripted in detail and the security of the improved scheme was also analyzed through formal methods.The method of security enhancement utilized elliptic curve bilinear pairings method and identity based on encryption method for improvement and t he improved scheme can both satisfy the authentication from server to client and the authentication from client to server, the key escrow problem under the HTTP digest authentication mechanism was also solved; the addition of the white list strategy in solution at the same time can provide further certification for some of the message header fields and provide another protection for both client and server simultaneously. According to the code implementation of the improved scheme, the validity of the scheme was verified, the security of the original SIP was improved and the attack trace was eliminated. |
PDF Full Text Request