| With advances in computer science technology,IP data networks based on packet-switched technology have replaced the core status of traditional circuit-switched traditional telephone networks in the communication field,with their convenience and cheapness.As an application layer signaling control protocol,SIP protocol provides a complete session creation and session change service for various instant messaging services,whereby the security of the SIP protocol plays a crucial role in the security of instant messaging.With the development of network monitoring technology,the threat to SIP protocol is becoming more and more serious,so it is of great significance to study the security mechanism of SIP protocol.In this paper,the security requirements of SIP protocol are studied.It analyzes several types of attack that SIP protocol can suffer from the four aspects of information security,and uses SIPP to simulate the attack,in order to find out the vulnerabilities in the SIP protocol,and try to improve the exist security mechanism inadequacy.This paper mainly improves the security mechanism of SIP protocol from the application layer,and the main innovation points are as follows:(1)the MKP message security transport model is proposed.The model provides the SIP protocol application layer end-to-end encryption security of key distribution mechanism through the message encryption,key encryption and public key encryption three layers encryption mechanism.It ensures the confidentiality and authenticity of SIP message transmission.(2)the DOS defense security model is proposed.The model is used to prevent the flooding attack of INVITE through the DOS monitoring layer and the defense processing layer.In this paper,the ACK anomaly detection algorithm is proposed in the DOS defense security model,which has a faster monitoring effect than the ordinary threshold monitoring algorithm.The algorithm works in conjunction with online authentication and session exception monitoring to provide DOS monitoring services and design different processing strategies for DOS attacks with different characteristics in the model,guaranteeing the availability of information and control.(3)On the basis of the security improvement mechanism proposed in this paper,a unified security agent interface is provided.The interface between the security mechanism and the SIP application is realized on the basis of hardly changing the source code of the software.In view of the security requirements of SIP protocol,this paper makes a research and analysis on the key issues,improves the security mechanism of SIP protocol,and verifies the security model through the realization of the real-time communication system.Additionally,the security and real-time requirements has been tested,and the s security model has been applied to the actual project. |
PDF Full Text Request