HAO Jianguo,ZOU Jia,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.04.033

2009-01-01

Abstract:The problems with present payment schemes for SIP services are overcomed with a real-time payment scheme for SIP services based on hash chains,SIPCoin.SIPCoin takes advantage of the efficiency and irreversibleness of the hash chain to improve performance.The scheme uses a simple extension to SIP and a standard payment message flow integrated with the hash chain-based micro-payment mechanism, and the SIP session establishment and management process to realize secure real-time payments for SIP services.SIPCoin is more efficient,has better real-time performance and extensibility,and can secure electronic currency from forgery and thievery.The scheme can defend against the common attacks during payments for SIP services,such as replay and man-in-the-middle attacks.

金康双,王泽兵,冯雁,陈海燕

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.08.034

2004-01-01

Abstract:Session Initiation Protocol(SIP) is the Internet Engineering Task Force (IETF) standard for IP telephony,and it has a promising applied prospect.In this work,the security authentication mechanism used by SIP is described.Moreover an experimental performance analysis of the SIP security mechanisms is provided,which based on the open source Java implementation of a SIP proxy server.

高俊娜,于继万,朱华飞,潘雪增

2004-01-01

Abstract:In current SIP protocol,to interact with other domain services,a node need multi-authentication processes. This paper integrates SAML into SIP protocol which well extends SIP authentication mechanism between multi-domains. It makes full use of SAML capability based on XML to bring an easy method to implement single sign-on(SSO).

Ke Xu,Xiaowei Ma,Chunyu Liu

DOI: https://doi.org/10.1109/icc.2008.292

2008-01-01

Abstract:Being one of the leading signaling protocols of VoIP applications, SIP protocol becomes popular in IP-based multimedia services, and securing SIP has become a priority. In this paper, we develop a novel authentication scheme which relies only on one way hash functions. In contrast to the computationally expensive asymmetric RSA signature scheme, our scheme is efficient in signing and verifying procedures. And hash tree is exploited to store and verify key information. Our scheme can be used in SIP entities which have less computation power and limited memory.

张旭光,平玲娣,潘雪增

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.14.037

2004-01-01

Abstract:With the development of the Internet technologies and computer communication technologies, the traditionary circuit-switch based network must evolves to the new generation network which is based on the packet-switch technology. Facing the progress and status of the convergence of the three-networks, This document presents a distributed and SIP protocal based VoIP system prototype. Due to combinating of merits of SIP and IP, this model not only provides the interoperation with the existed network, but also provides an extendable plat for the NGN. This model uses private VoIP network to achieve the QoS.

Fuqing Wang,Wei Dong,Yindong Ji

DOI: https://doi.org/10.1109/icebe.2008.62

2008-01-01

Abstract:As the development of online commercial transactions, the transactions that involve small amount of money are becoming popular. However, the existing micropayment systems are either not efficient enough for micropayment or too complicated and expensive for extensive application. A new credit based micropayment scheme is proposed in this paper. With only reasonable security performance, the efficiency of the scheme gets higher and the implementation is much cheaper, thus it is very suitable for extensive application. With reference to the mature credit card system, a credit mechanism was built in this scheme to achieve the better performance and lower cost. On the other hand, good practicability and strict anonymity are provided.

Jia Zou,Si Tiange,Huang Liansheng,Yiqi Dai

DOI: https://doi.org/10.1109/ICEBE.2005.12

2005-01-01

Abstract:Introducing micro-payment mechanism into P2P systems will bring economic incentives to various P2P applications and encourage peers to share their resources. In this paper, we present a new micropayment protocol, CPay, which exploits unique characteristics of P2P systems. The protocol establishes dynamic consistent hashing map between the set of all peers in the system and its subset of high performance peers. In each transaction, the payer's corresponding high performance peer checks the transaction to make sure that any illegal use of the ecoin will be timely detected. The protocol effectively exploits the heterogeneity of the P2P system and can achieve load balance.

ZOU Jia,SI Tiange,HUANG Liansheng,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2006.04.030

2006-01-01

Abstract:Current P2P micropayment protocols face processing bottleneck and lack a load balance mechanism.A micro-payment protocol,CPay,was developed based on the unique characteristics of P2P systems with a dynamic consistent hashing map between the set of all peers in the system and its subset of high performance peers.In each transaction,the payer's corresponding high performance peer checks the transaction to provide timely detection of illegal use of e-coins.The protocol effectively exploits the heterogeneity of the P2P system to achieve load balancing.A stochastic Petri net model of CPay showed CPay has lower latency and higher throughput than previous methods.

Liang Ni,Gongliang Chen,Jianhua Li

DOI: https://doi.org/10.1109/ncis.2011.49

2011-01-01

Abstract:The session initiation protocol (SIP) is widely used as a signaling protocol based on the challenge-response exchange mode for handling multimedia sessions in both wire line and wireless world. The original authentication mechanism of SIP is HTTP digest based authentication, which is vulnerable to many forms of known attacks and therefore can not provide security at an acceptable level. In this paper, we propose an identity-based authenticated key agreement mechanism which can be used in SIP to solve the security problems existing in its original authentication procedure. The proposed scheme uses Elliptic Curve Cryptography and does not require expensive bilinear pairing operations, which makes it computationally much more efficient than previous identity-based and Certificateless schemes using pairings. We show the security of our proposal under the Canetti-Krawczky model. Our scheme captures many desirable security properties and can prevent various possible attacks induced by open networks and the standard of SIP message. Furthermore, through introducing some design ideas from Certificateless cryptography, our proposal avoids not only the requirement of a large Public Key Infrastructure but also key escrow problem.

Jin-long Hu,Ling Zhang,Yong Xu,Zhao Ye

DOI: https://doi.org/10.3969/j.issn.1000-565X.2012.04.001

2012-01-01

Abstract:As the traditional software-based SIP security schemes are vulnerable to embezzlement, deception and invasion, a dual authentication framework combined with the trusted computing technology is proposed for endpoint system and user identity. Then, a new SIP security scheme for Internet multimedia communication is presented, which takes advantage of the trusted platform module and the direct anonymous attestation algorithm to design a new registration sub-protocol for improving the security of multimedia communication systems. Moreover, the security of the registration sub-protocol is verified by using the provable security model, and the characteristics of the whole scheme are finally analyzed.

Haoran Chen,Jianhua Chen,Han Shen

DOI: https://doi.org/10.1504/ijesdf.2017.10004413

2017-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:As a lightweight and flexible signalling protocol, session initiation protocol (SIP) has been widely used for establishing, modifying and terminating the sessions in the multimedia environment. The increasing concerns about the security of communication sessions that run over the public Internet has made authentication protocols for SIP more desired. Recently, Lu et al. proposed an authentication scheme for SIP and claimed that their scheme is secure against various known attacks while maintaining efficiency. However, in this paper we will indicate that their protocol suffers from server spoofing attacks and failed to provide mutual authentication as they claimed. Further, we have presented an improved authentication protocol for SIP and proved its security using BAN logic. Though the security and performance analysis, we illustrate that the proposed scheme is more secure and flexible.

Yankai Xie,Ruian Li,Yan Huang,Chi Zhang,Lingbo Wei,Yani Sun

DOI: https://doi.org/10.1109/tsc.2024.3390396

2024-01-01

Abstract:The Bitcoin blockchain enables users to conduct transactions securely, but its performance is restricted by the need for global consensus. Payment channels, as a promising solution to this issue, overcome this limitation through off-chain transactions. Instead of conducting each transaction on-chain, they only settle the final payment balances with the underlying blockchain. However, the most prominent scheme, the Lightning Network payment channel, requires participants to regularly monitor blockchain; otherwise, there is a potential risk of fund loss. Moreover, this scheme also fails to support participants in settling the final payment balances in real time, compromising the efficiency of fund utilization. Existing payment channel enhancing technologies are unable to overcome the above issues without compromising payment privacy. To solve the above issues, we apply the Intel Software Guard Extensions (SGX), which provides trusted execution environments with confidentiality and integrity guarantees, to design a novel Bitcoin payment channel scheme. The scheme can support real-time settlement yet guarantee the participants' fund security without monitoring the blockchain. Through a combination of the additive homomorphic property of keys, the secret sharing scheme, and customized punishments, our scheme can still guarantee fund security and off-chain transaction privacy, even if the confidentiality of SGX is compromised by side-channel attacks. Finally, security and performance analysis demonstrate that our scheme allows participants to construct a secure yet efficient payment channel to transfer value.

张珂,黄永峰,李星

DOI: https://doi.org/10.3969/j.issn.1000-3428.2009.13.001

2009-01-01

Abstract:Aiming at the problems of integration of real-time services in Internet, an heterogeneous real-time services integrated platform based on Session Initiation Protocol(SIP) is proposed, in which, real-time services are assigned SIP URI address and encapsulated into atomic services with uniform interface.Atomic services are invocated by service-register and application-layer-routing mechanisms.Considering scalability of the platform, real-time information is transferred by P2P method.By implementing the prototype system, the public traffic guide system, the feasibility of this platform is proved.

Qianwen Wei,Shujun Li,Wei Li,Hong Li,Mingsheng Wang

DOI: https://doi.org/10.1007/978-3-030-23597-0_29

2019-01-01

Abstract:In Bitcoin, the knowledge of private key equals to the ownership of bitcoin, which occurs two problems: the first problem is that the private key must be kept properly, and the second one is that once the private key is given, it can't be taken back, hence the bitcoin system can only implement the transfer function. In this paper, we first propose a new digital signature algorithm and use it to design an online wallet, which can help the user derive the signature without obtaining the user's private key. Secondly, using our proposed online wallet, we extend the application of private key so that the cryptocurrency system can implement the authorization function. In more detail, we define a new primitive that we call decentralized hierarchical authorized payment scheme (DHAP scheme). We next propose a concrete instantiation and prove its correctness. Finally, we analyze the security and usability of our scheme. For security, we prove our scheme to be secure under the random oracle model. For usability, we examine its performance and compare it with bitcoin's performance.

LI Jing-yuan,HUANG Liu-sheng,JIA Wei-jia

2009-01-01

Abstract:In recent years,VoIP applications are growing rapidly.However,the commonly used offer/answer mechanism cannot work properly in the environment where network address translators(NAT) are massively deployed.Current solutions rely on STUN,in which heartbeat messages would periodically be sent out to maintain the mapping between the public and private addresses.The state of maintaining heartbeat messages would become a huge burden to the VoIP server.We design and implement an adaptive SIP-based peer-to-peer communication system that supports VoIP over NATs.The system extends the SDP offer/answer model to share the public and private IP addresses and ports of both media ends at the call establishment of a session.We demonstrate its feasibility through the implementation of a real system.We evaluate the effectiveness of our proposed scheme and show that our system has a better performance when compared to other VoIP applications that use the supernode-relay mechanism.

Saru Kumari,Fan Wu,Xiong Li,Mohammad Sabzinejad Farash,Qi Jiang,Muhammad Khurram Khan,Ashok Kumar Das

DOI: https://doi.org/10.1007/s11042-015-2988-4

IF: 2.577

2015-01-01

Multimedia Tools and Applications

Abstract:In recent years, Voice over Internet Protocol (VoIP) has gained more and more popularity as an application of the Internet technology. For various IP applications including VoIP, the topic of Session Initiation Protocol (SIP) has attracted major concern from researchers. SIP is an advanced signaling protocol operating on Internet Telephony. SIP uses digest authentication protocols such as Simple Mail Transport Protocol (SMTP) and Hyper Text Transport Protocol (HTTP). When a user seeks SIP services, authentication plays an important role in providing secure access to the server only to the authorized access seekers. Being an insecure-channel-based protocol, a SIP authentication protocol is susceptible to adversarial threats. Therefore, security is a big concern in SIP authentication mechanisms. This paper reveals the security vulnerabilities of two recently proposed SIP authentication schemes for VoIP, Irshad et al.'s scheme [Multimed. Tools. Appl. doi:10.1007/s11042-013-1807-z] and Arshad and Nikooghadam's scheme [Multimed. Tools. Appl. DOI 10.1007/s11042-014-2282-x], the later scheme is based on the former scheme. Irshad et al.'s scheme suffers from password guessing, user impersonation and server spoofing attacks. Arshad and Nikooghadam's scheme can be threatened with server spoofing and stolen verifier attack. None of these two schemes achieve mutual authentication. It also fails to follow the single round-trip authentication design of Irshad et al.'s scheme. To overcome these weaknesses, we propose a provable secure single round-trip SIP authentication scheme for VoIP using smart card. We formally prove the security of the scheme in random oracle and demonstrate through discussion its resistance to various attacks. The comparative analysis shows that the proposed SIP authentication scheme offers superior performance with a little extra computational cost.

Mixue Xu,Chao Yuan,Xueming Si,Gang Yu,Jinhua Fu,Feng Gao

DOI: https://doi.org/10.1109/hoticn.2018.8605975

2018-01-01

Abstract:Bitcoin is the first decentralized cryptocurrency proposed by Satoshi Nakamoto. Although transactions are conducted between pseudonyms, Bitcoin cannot offer strong privacy guarantees. Mixing coins, to some extent, can address this drawback through different technologies, but also meets flexibility, storage and anonymity problems. This paper proposes a decentralized coin mixing scheme CoinMingle, based on ring signature, one-time output address, CoinJoin and our mutual recognition delegation strategy. Our mutual recognition delegation strategy is simple but effective: when a user prepares to submit messages, he will delegate it to other users for anonymity. Users in CoinMingle don’t need pre-compute. And CoinMingle can tolerate different input amounts and plug the leak of personal information in shuffling phase. In addition, CoinMingle owns parallel structure which is more efficient than other coin mixing schemes.

Guangwu Hu,Wenlong Chen,Qi Li,Yong Jiang,Ke Xu

DOI: https://doi.org/10.1016/j.future.2016.09.005

IF: 7.307

2016-01-01

Future Generation Computer Systems

Abstract:Despite the Internet has been rapidly developed in the past three decades, its intrinsic security mechanism, e.g., IP source address validation and user identification authentication, is still not well addressed. This results in numerous cyber security threats. In order to enhance the Internet accountability and deter potential cyber-attacks, in this paper, we propose TrueID, an IPv6 header extension scheme which can embed hash-based, creditable and undeniable user identity code inside IPv6 packets. We present the system architecture, header’s format and viable implementation approaches with different credibility granularities. Meanwhile, to verify packet credibility and integrity, we design an Autonomous System (AS) level public-key distribution system which can disseminate user’s public keys between allied ASes safely. Also, the prototype experiment has proved that our scheme possesses these features with desirable performance.

SI Duanfeng,Han Xinhui,LONG Qin,PAN Aimin

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.10.001

2005-01-01

Abstract:Session initiation protocol is one of the core protocols of NGN. SIP is a promising protocol and will be applied in many fields, including the third generation communication, network control, multimedia distribution, voice over IP, multimedia conference, instant message, networked appliance, etc.This paper presents the history and architecture of SIP ,also evaluates the SIP application in every pop fields, points out the problem and gives a direction of SIP application development.

Zhong Xian Wu,Jiang Zhou,Wang Wen-Nai

DOI: https://doi.org/10.1109/ITAPP.2010.5566313

2010-01-01

Abstract:A P2P-SIP architecture relying on open-source SIP stacks and JXTA platform is proposed, where the centralized SIP registration and location are implemented via P2P publishing and service location, respectively. A novel P2P-SIP protocol-JXP is presented and a prototype is designed and developed based on LINUX. The prototype system has been developed for transporting typical VoIP call controls and real-time media stream. ©2010 IEEE.