金康双,王泽兵,冯雁,陈海燕

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.08.034

2004-01-01

Abstract:Session Initiation Protocol(SIP) is the Internet Engineering Task Force (IETF) standard for IP telephony,and it has a promising applied prospect.In this work,the security authentication mechanism used by SIP is described.Moreover an experimental performance analysis of the SIP security mechanisms is provided,which based on the open source Java implementation of a SIP proxy server.

Qi XIE,XiuYuan YU,WenHao LIU,DeRen CHEN,GuiLin WANG,JiYi WU

DOI: https://doi.org/10.1360/112011-915

2012-01-01

Scientia Sinica Informationis

Abstract:Mutual authentication between the user and the public cloud is essential requirement for the user to access the public cloud in cloud computing. In 2011, Juang et al. proposed a first authentication scheme based on proxy signature. The advantage of the scheme is that the user only needs to register on his home service cloud (HSC), and can pass through the authentication of the public cloud with the help of his HSC. However, their scheme has three weaknesses: 1) the users HSC needs to update the users public key in each session to protect the users privacy; 2) HSC may suffer from network jam when many users in the same HSC need to register on different public clouds simultaneously; and 3) a secret key should be shared between HSC and visiting cloud. To overcome these weaknesses, a provably secure convertible proxy signcryption for privacy preserving is proposed. Based on this scheme, a novel one-round authentication protocol is proposed, which the user only needs to register on his HSC, and can pass through the authentication of the visiting cloud without the help of his HSC. On the other hand, the proposed protocol can provide some nice properties, such as user privacy protection, non-repudiation, without updating the users public key, and secret key does not have to be shared between HSC and visiting cloud. In addition, the proposed scheme is provably secure in the random oracle model, and is more efficient than Juang et al.s scheme.

Hossen A. Mustafa,Wenyuan Xu,Ahmad-Reza Sadeghi,Steffen Schulz

DOI: https://doi.org/10.1109/DSN.2014.102

2014-01-01

Abstract:Caller ID (caller identification) is a service provided by telephone carriers to transmit the phone number and/or the name of a caller to a callee. Today, most people trust the caller ID information, and it is increasingly used to authenticate customers (e.g., by banks or credit card companies). However, with the proliferation of smartphones and VoIP, it is easy to spoof caller ID by installing corresponding Apps on smartphones or by using fake ID providers. As telephone networks are fragmented between enterprises and countries, no mechanism is available today to easily detect such spoofing attacks. This vulnerability has already been exploited with crucial consequences such as faking caller IDs to emergency services (e.g., 9-1-1) or to commit fraud. In this paper, we propose an end-to-end caller ID verification mechanism CallerDec that works with existing combinations of landlines, cellular and VoIP networks. CallerDec can be deployed at the liberty of users, without any modification to the existing infrastructures. We implemented our scheme as an App for Android-based phones and validated the effectiveness of our solution in detecting spoofing attacks in various scenarios.

Zang Li,Wenyuan Xu,Robert D. Miller,Wade Trappe

DOI: https://doi.org/10.1145/1161289.1161297

2006-01-01

Abstract:Although conventional cryptographic security mechanisms are essential to the overall problem of securing wireless networks, these techniques do not directly leverage the unique properties of the wireless domain to address security threats. The properties of the wireless medium are a powerful source of domain-specific information that can complement and enhance traditional security mechanisms. In this paper, we propose to utilize the fact that the radio channel decorre-lates rapidly in space, time and frequency in order to to establish new forms of authentication and confidentiality that operate at the physical layer and can be used to facilitate cross-layer security paradigms. Specifically, for authentication services, we illustrate two channel probing techniques that can be used to verify the authenticity of a transmitter. Similarly, for confidentiality, we examine several strategies for establishing shared secrets/keys between two communicators using the wireless medium. These strategies range from extracting keys from channel state information, to utilizing the channel variability to secretly disseminate keys. We then validate the feasibility of using physical layer techniques for securing wireless systems by presenting results from experiments involving the USRP/GNURadio software defined radio platform.

XIE Qi,WU JiYi,WANG GuiLin,CHEN DeRen,YU XiuYuan

2012-01-01

Abstract:Mutual authentication between the user and the public cloud is essential requirement for the user to access the public cloud in cloud computing.In 2011,Juang et al.proposed a first authentication scheme based on proxy signature.The advantage of the scheme is that the user only needs to register on his home service cloud(HSC),and can pass through the authentication of the public cloud with the help of his HSC.However, their scheme has three weaknesses:1)the user’s HSC needs to update the user’s public key in each session to protect the user’s privacy;2)HSC may suffer from network jam when many users in the same HSC need to register on different public clouds simultaneously;and 3)a secret key should be shared between HSC and visiting cloud.To overcome these weaknesses,a provably secure convertible proxy signcryption for privacy preserving is proposed.Based on this scheme,a novel one-round authentication protocol is proposed,which the user only needs to register on his HSC,and can pass through the authentication of the visiting cloud without the help of his HSC.On the other hand,the proposed protocol can provide some nice properties,such as user privacy protection, non-repudiation,without updating the user’s public key,and secret key does not have to be shared between HSC and visiting cloud.In addition,the proposed scheme is provably secure in the random oracle model,and is more efficient than Juang et al.’s scheme.

David Samuel Bhatti,Salbia Sidrat,Shahzad Saleem,Annas Wasim Malik,BeomKyu Suh,Ki-Il Kim,Kyu-Chul Lee

DOI: https://doi.org/10.1371/journal.pone.0293626

IF: 3.7

2024-01-25

PLoS ONE

Abstract:The rapid replacement of PSTN with VOIP networks indicates the definitive phase-out of the PBX/PABX with smartphone-based VOIP technology that uses WLAN connectivity for local communication; however, security remains a key issue, regardless of the communication coverage area. Session initiation protocol (SIP) is one of the most widely adopted VOIP connection establishment protocols but requires added security. On the Internet, different security protocols, such as HTTPS (SSL/TLS), IPSec, and S/MIME, are used to protect SIP communication. These protocols require sophisticated infrastructure and some pose a significant overhead that may deteriorate SIP performance. In this article, we propose the following: i) avoid using Internet bandwidth and complex Internet protocols for local communication within an organization, but harness WLAN connectivity, ii) use multi-threaded or multicore computer systems to handle concurrent calls instead of installing hardware-based SIP servers, and iii) run each thread in a separate core. Cryptography is a key tool for securely transmitting confidential data for long- and short-range communication, and the Diffie-Hellman (DH) protocol has consistently been a popular choice for secret key exchanges. Primarily, used for symmetric key sharing, it has been proven effective in generating public/private key pairs, sharing public keys securely over public channels, and subsequently deriving shared secret keys from private/public keys. This key exchange scheme was proposed to safeguard VOIP communication within WLANs, which rely on the SIP for messaging and multimedia communication. For ensuring an efficient implementation of SIP, the system was rigorously analyzed using the M/M/1 and M/M/c queuing models. We analyze the behavior of SIP servers with queuing models with and without end-to-end security and increase users’ trust in SIP security by providing a transparent sense of end-to-end security as they create and manage their private and public keys instead of relying on the underlying SIP technology. This research implements instant messaging, voice conversation, and secret key generation over DH while implementing and observing the role of multi-threading in multiqueue systems that serve incoming calls. By increasing the number of threads from one to two, the SIP response time improved from 20.23809 to 0.08070 min at an arrival rate of 4250 calls/day and a service rate of three calls/min. Similarly, by adding one to seven threads, the queue length was reduced by four calls/min. Implementing secure media streaming and reliable AES-based signaling for session confidentiality and integrity introduces a minor 8-ms tradeoff in SIP service performance. However, the advantages of implementing added security outweigh this limitation.

multidisciplinary sciences

Bin Hou,Yu Q. Lu,De X. Ye,Gang Liu

2006-01-01

Abstract:This paper introduced the confidentiality and integrality of multimedia data in the SIP-based VoIP system, explained the essentiality and actuality of the problem, and analysed the key technology. Based on the theory of separating application and carrying layer, the encryption was designed on application layer, transparent to the transport layer and end-to-end, media stream security solution in VoIP.

Piotr Krasnowski,Jerome Lebrun,Bruno Martin

DOI: https://doi.org/10.5281/zenodo.6791340

2022-11-14

Abstract:Motivated by an increasing need for privacy-preserving voice communications, we investigate here the original idea of sending encrypted data and speech in the form of pseudo-speech signals in the audio domain. Being less constrained than military ``Crypto Phones'' and allowing genuine public evaluation, this approach is quite promising for public unsecured voice communication infrastructures, such as 3G cellular network and VoIP.A cornerstone of secure voice communications is the authenticated exchange of cryptographic keys with sole resource the voice channel, and neither Public Key Infrastructure (PKI) nor Certificate Authority (CA). In this paper, we detail our new robust double authentication mechanism based on signatures and Short Authentication Strings (SAS) ensuring strong authentication between the users while mitigating errors caused by unreliable voice channels and also identity protection against passive eavesdroppers. As symbolic model, our protocol has been formally proof-checked for security and fully validated by Tamarin Prover.

Cryptography and Security,Signal Processing

Jia-Zhu Dai,Xiao-Hu Yang,Jinxiang Dong

DOI: https://doi.org/10.1145/986537.986584

2004-01-01

Abstract:ABSTRACTProxy signatures are signature schemes that a signer (called original signer) delegates his signing capability to other people (called proxy signer), and the proxy signer creates signatures on behalf of the original signer. In application such as electronic voting and electronic commerce, the privacy may be concerned by the original signer. The original signer may hope that the proxy signers can sign on behalf of him without knowing the content of the signed message. Few efforts have been put on privacy protection of original signer in existed proxy signature schemes. In this paper, a privacy-protecting proxy signature scheme is proposed. In this scheme, the messages the original signer entrust to the proxy signer to sign on behalf of him are secret from the proxy signer during the generation of the proxy signature and from other people except the receiver designated by the original signer. Therefore, the privacy of the original signer is protected. The security of the proposed signature scheme is analyzed and its application to electronic voting is described.

邓秀锋,赵明生

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.10.040

2004-01-01

Abstract:The paper analyses the security threats and requirements of video conference. It also designs and implements a security mechanism of video conference by extending the session initiation protocol. Participants use their certificates to authenticate themselves to MCU, and negotiate keys with MCU. The keys are used for the encryption/decryption and authentication of media streams transferred by multicast in the conference. Some signaling messages are also encrypted and signed by this mechanism. This security mechanism supplies authentication for participants, integrity and confidentiality of communication data.

Shehzad Ashraf Chaudhry,Husnain Naqvi,Muhammad Sher,Mohammad Sabzinejad Farash,Mahmood Ul Hassan

DOI: https://doi.org/10.1007/s12083-015-0400-9

2015-09-07

Abstract:Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarantee secure SIP based communication, a number of authentication schemes are proposed, typically most of these are based on smart card due to its temper resistance property. Recently Zhang et al. presented an authenticated key agreement scheme for SIP based on elliptic curve cryptography. However Tu et al. (Peer to Peer Netw. Appl 1–8, 2014) finds their scheme to be insecure against user impersonation attack, furthermore they presented an improved scheme and claimed it to be secure against all known attacks. Very recently Farash (Peer to Peer Netw. Appl 1–10, 2014) points out that Tu et al.’s scheme is vulnerable to server impersonation attack, Farash also proposed an improvement on Tu et al.’s scheme. However, our analysis in this paper shows that Tu et al.’s scheme is insecure against server impersonation attack. Further both Tu et al.’s scheme and Farash’s improvement do not protect user’s privacy and are vulnerable to replay and denial of services attacks. In order to cope with these limitations, we have proposed a privacy preserving improved authentication scheme based on ECC. The proposed scheme provides mutual authentication as well as resists all known attacks as mentioned by Tu et al. and Farash.

computer science, information systems,telecommunications

Xiaowei Li,Hongxiang Sun,Qiaoyan Wen

DOI: https://doi.org/10.1109/ccis.2012.6664413

2012-01-01

Abstract:Numerous virtual machines have been designed to make full use of the adequate resources and facilitate people's lives. In turn, it results in the necessity of communication between the virtual machines. As we know, the data of communication between the virtual machines which located on the different hosts, could potentially be altered or intercepted during transport. To solve the problem, we design and operation of the transparent encryption-decryption communication mechanism (TEDCM) in the privilege virtual machine, the result suggests that the TEDCM in our paper is a good choice to solve the problem of information leakage.

Si Duanfeng,Long Qin,Han Xinhui,Zou Wei

DOI: https://doi.org/10.1109/ICCCAS.2004.1346199

2004-01-01

Abstract:We have proposed a generic SIP-based application topology model called secure multimedia communication infrastructure (SMCI) and constructed a real multimedia communication application based on it. We now emphasize the security issues in the SMCI and give the entire secure framework in detail. We also analyze the processing load of our security mechanism in order to explain the practicability of our secure framework. Hop by hop and end to end security are introduced to defend the attacks of registration hijacking, impersonating a server, tampering with message bodies, tearing down sessions, denial of service and amplification. We also considered the privacy problem that will be the most important consideration in the future. Finally, a security analysis is presented to demonstrate that the proposed security mechanisms are robust and efficient to secure the SMCI.

赵哲峰,张刚,谢克明,王一平

DOI: https://doi.org/10.16355/j.cnki.issn1007-9432tyut.2009.04.026

2009-01-01

Abstract:The Session Initiation Protocol(SIP) was used in signal control of video surveillance system.The system's two modules: video server and video client were proposed.With ARM+DSP dual core structure,the video server can implement sampling,coding,compressing and network transferring task.Based on the windows,the client part can implement video data receiving,managing,storing and user interface.The implementation of SIP in signal control in system was described in detail.

Shen Wang,Mahshid Delavar,Muhammad Ajmal Azad,Farshad Nabizadeh,Steve Smith,Feng Hao

DOI: https://doi.org/10.1145/3625546

IF: 2.717

2023-09-27

ACM Transactions on Privacy and Security

Abstract:Caller ID spoofing is a global industry problem and often acts as a critical enabler for telephone fraud. To address this problem, the Federal Communications Commission (FCC) has mandated telecom providers in the US to implement STIR/SHAKEN, an industry-driven solution based on digital signatures. STIR/SHAKEN relies on a public key infrastructure (PKI) to manage digital certificates, but scaling up this PKI for the global telecom industry is extremely difficult, if not impossible. Furthermore, it only works with IP-based systems (e.g., SIP), leaving the traditional non-IP systems (e.g., SS7) unprotected. So far the alternatives to the STIR/SHAKEN have not been sufficiently studied. In this paper, we propose a PKI-free solution, called Caller ID Verification (CIV). CIV authenticates the caller ID based on a challenge-response process instead of digital signatures, hence requiring no PKI. It supports both IP and non-IP systems. Perhaps counter-intuitively, we show that number spoofing can be leveraged, in conjunction with Dual-Tone Multi-Frequency (DTMF), to efficiently implement the challenge-response process, i.e., using spoofing to fight against spoofing. We implement CIV for VoIP, cellular, and landline phones across heterogeneous networks (SS7/SIP) by only updating the software on the user’s phone. This is the first caller ID authentication solution with working prototypes for all three types of telephone systems in the current telecom architecture. Finally, we show how the implementation of CIV can be optimized by integrating it into telecom clouds as a service, which users may subscribe to.

computer science, information systems

Huang Yongfeng,Xiao Bo,Xiao Honghua

DOI: https://doi.org/10.1109/iih-msp.2008.174

2008-01-01

Abstract:With the development of Internet and multimedia technology, the information exchanged through Internet not only must be real-time, but also requires security and integrity. In this paper, a SIP (Session Initiation Protocol) UA (User Agent) that can dynamically embed some secret message into the speech carrier with good efficiency is implemented. The principle of the secret communication based on steganography technology over VoIP is introduced, and a new architecture of the software used to transmit the hidden information is proposed. Especially, we adopt a relatively new steganography algorithm, which is referred to as LSB matching method. In addition, an approach for avoiding the loss of secret data based on Redundant Audio Data is presented. Finally, we analyzed the performance of the implemented software.

Zhao Wen-dao

2005-01-01

Abstract:In order to achieve a design and implementation of SIP Proxy Server, one of the important components of the SIP system,based on thorough analysis of SIP protocol and profound comprehension of operational mechanism of total SIP system,a design of SIP proxy server has to be implemented successfully.In the scheme, Multy-thread is introduced to deal with different type of messages,such as sending,translating, receiving,recording messages and so on.These is help and guideline for studying and developing SIP protocol.

Qifan Yang,Tiancheng Zhang

DOI: https://doi.org/10.1109/ICFCC.2010.5497469

2010-01-01

Abstract:The advent of conference mobile call demands the security communication between end users. However, currently there is no efficient secure end-to-end protocol exists for conference mobile call. This slows down the steps of conference communication. In this paper a secure end-to-end protocol for remote conference is designed base on previous experts work, which is one-to-one end-to-end protocol. In addition, security analysis from perspectives of confidentiality, authenticity, anonymity, freshness as well as preventing from denial of service (DoS) attack on the protocol is made. At the end, the efficiency of this protocol is discussed.

Charles Shen,Henning Schulzrinne

DOI: https://doi.org/10.48550/arXiv.0807.1169

2008-07-08

Abstract:Voice Service Providers (VSPs) participating in VoIP peering frequently want to withhold their identity and related privacy-sensitive information from other parties during the VoIP communication. A number of existing documents on VoIP privacy exist, but most of them focus on end user privacy. By summarizing and extending existing work, we present a unified privacy mechanism for both VoIP users and service providers. We also show a case study on how VSPs can use this mechanism for identity and topology hiding in VoIP peering.

Networking and Internet Architecture

Yixin Jiang,Chuang Lin,Minghui Shi,Xuemin Sherman Shen

DOI: https://doi.org/10.1504/IJSN.2006.011779

2006-01-01

Abstract:A novel authentication protocol for teleconference service is proposed. The main features of the proposed protocol include identity anonymity, one-time Pseudonym Identity (PID) renewal and location intracability. Identity anonymity is achieved by concealing the real identity of a mobile conferee in a prearranged PID. One-time PID Renewal mechanism, in which the mobile conferee's PID is frequently updated communicating with the network centre, is introduced to offer location untracability. It is shown that the security has been significantly enhanced, while the computation complexity is similar to the existing ones appeared in the literature.