金康双,王泽兵,冯雁,陈海燕

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.08.034

2004-01-01

Abstract:Session Initiation Protocol(SIP) is the Internet Engineering Task Force (IETF) standard for IP telephony,and it has a promising applied prospect.In this work,the security authentication mechanism used by SIP is described.Moreover an experimental performance analysis of the SIP security mechanisms is provided,which based on the open source Java implementation of a SIP proxy server.

高俊娜,于继万,朱华飞,潘雪增

2004-01-01

Abstract:In current SIP protocol,to interact with other domain services,a node need multi-authentication processes. This paper integrates SAML into SIP protocol which well extends SIP authentication mechanism between multi-domains. It makes full use of SAML capability based on XML to bring an easy method to implement single sign-on(SSO).

Jin-long Hu,Ling Zhang,Yong Xu,Zhao Ye

DOI: https://doi.org/10.3969/j.issn.1000-565X.2012.04.001

2012-01-01

Abstract:As the traditional software-based SIP security schemes are vulnerable to embezzlement, deception and invasion, a dual authentication framework combined with the trusted computing technology is proposed for endpoint system and user identity. Then, a new SIP security scheme for Internet multimedia communication is presented, which takes advantage of the trusted platform module and the direct anonymous attestation algorithm to design a new registration sub-protocol for improving the security of multimedia communication systems. Moreover, the security of the registration sub-protocol is verified by using the provable security model, and the characteristics of the whole scheme are finally analyzed.

邓秀锋,赵明生

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.10.040

2004-01-01

Abstract:The paper analyses the security threats and requirements of video conference. It also designs and implements a security mechanism of video conference by extending the session initiation protocol. Participants use their certificates to authenticate themselves to MCU, and negotiate keys with MCU. The keys are used for the encryption/decryption and authentication of media streams transferred by multicast in the conference. Some signaling messages are also encrypted and signed by this mechanism. This security mechanism supplies authentication for participants, integrity and confidentiality of communication data.

Si Duanfeng,Long Qin,Han Xinhui,Zou Wei

DOI: https://doi.org/10.1109/ICCCAS.2004.1346199

2004-01-01

Abstract:We have proposed a generic SIP-based application topology model called secure multimedia communication infrastructure (SMCI) and constructed a real multimedia communication application based on it. We now emphasize the security issues in the SMCI and give the entire secure framework in detail. We also analyze the processing load of our security mechanism in order to explain the practicability of our secure framework. Hop by hop and end to end security are introduced to defend the attacks of registration hijacking, impersonating a server, tampering with message bodies, tearing down sessions, denial of service and amplification. We also considered the privacy problem that will be the most important consideration in the future. Finally, a security analysis is presented to demonstrate that the proposed security mechanisms are robust and efficient to secure the SMCI.

Zang Li,Wenyuan Xu,Robert D. Miller,Wade Trappe

DOI: https://doi.org/10.1145/1161289.1161297

2006-01-01

Abstract:Although conventional cryptographic security mechanisms are essential to the overall problem of securing wireless networks, these techniques do not directly leverage the unique properties of the wireless domain to address security threats. The properties of the wireless medium are a powerful source of domain-specific information that can complement and enhance traditional security mechanisms. In this paper, we propose to utilize the fact that the radio channel decorre-lates rapidly in space, time and frequency in order to to establish new forms of authentication and confidentiality that operate at the physical layer and can be used to facilitate cross-layer security paradigms. Specifically, for authentication services, we illustrate two channel probing techniques that can be used to verify the authenticity of a transmitter. Similarly, for confidentiality, we examine several strategies for establishing shared secrets/keys between two communicators using the wireless medium. These strategies range from extracting keys from channel state information, to utilizing the channel variability to secretly disseminate keys. We then validate the feasibility of using physical layer techniques for securing wireless systems by presenting results from experiments involving the USRP/GNURadio software defined radio platform.

DENG Yong,QU Yu-gui,ZHAO Bao-hua,LIU Gui-ying

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.05.001

2007-01-01

Abstract:The NATs caused the SIP end-to-end application to become extremely difficult. In this paper we analyzed several kinds of method of NAT traversal for SIP and their pitfalls, proposed a solution for NAT traversal based on STUN and TURN methods. Its basic idea is that for SIP signaling, it takes different methodology to traverse the NAT by the NAT type, and for the associated media it traverses the NAT by the connectivity checks to all the media addresses available. This solution can traverse all NATs in the application layer not changing the existing NAT, and avoids the pitfalls of using any of the other methods alone.

Yun Zhao,Jianxin Wang,Xingjun Wang

DOI: https://doi.org/10.1109/ISCID.2013.35

2013-01-01

Abstract:With the development of Internet, people can use their computer to make calls instead of telephone. Many Internet calls take place without any protection. TLS and SRTP could keep the callee and caller from third party's malicious action. However, both methods could do little when the reliability of VoIP server is under suspicion. In this paper, we present a server irrelevant security mechanism for VoIP system based on SIP and RTP. This mechanism implements safety handshake in media channel. User gets certificate from third party CA. Caller and callee exchange PKI or IBE information during the call. As long as the server keeps media data unchanged, this mechanism could ensure the safety of the call against server eavesdropping. It is flexible because the user could utilize different CA to obtain suitable safety demand with the same VoIP server. Cooperating with other protective methods, it can provide a more reliable environment for Internet telephone.

Chen Changpeng,Jin Lei,Chen Kai,Bai Yingcai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.08.064

2007-01-01

Abstract:Session Initiaton Protocol(SIP) is currently replacing H.323 step by step to be the promising signaling protocol for the IP telephony services.The SIP security issues are illustrated by several examples.And the security mechanism problem and the End-to-middle security problem are put forward.

Qing Lü

2007-01-01

Abstract:Session Initiation Protocol (SIP) is an important protocol adopted by the 3rd Generation Partnership Project (3GPP) for the IP Multimedia Subsystem (IMS). Facing the complex and open Internet environment, the security of SIP is poor. After the analysis of the security threats to SIP aiming at cleartext transmission of SIP message and lack of authentication methods, the scheme of data encryption and authentication are researched. And then, we discuss how using the existent techniques for improving the security of SIP and propose the ideas of the security solution to SIP.

Qiong Pu,Jian Wang,Shuhua Wu

DOI: https://doi.org/10.1002/sec.568

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:ABSTRACTThe session initiation protocol (SIP) is the most widely used signaling protocol for creating, modifying, and terminating multimedia sessions in an Internet Protocol‐based telephony environment. Recently, Arshad et al. proposed an authentication scheme based on elliptic curve cryptosystems for SIP. In this paper, we first show that their scheme is vulnerable to the password‐guessing attack. Thereafter, we propose a new authentication and key agreement scheme for SIP, which is immune to the presented attacks. Our scheme achieves provable security and, yet, is efficient. Moreover, we also provide an extended scheme capable of protecting media stream's privacy even against SIP servers while supporting lawful interception, which is inevitably required for protecting the national security or for detecting the criminal evidence. Copyright © 2012 John Wiley & Sons, Ltd.

Wenxia Zhu,Jianhua Chen,Debiao He

DOI: https://doi.org/10.1504/ijesdf.2015.072176

2015-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Providing a security and efficiently key agreement for session initiation protocol SIP is so important to protect communication sessions on the internet. An authentication should be finished before a user utilises the SIP service provided by a server. However, there are some security problems with SIP authentication. Recently, Tu et al. improved Zhang et al.'s authenticated key agreement protocol. They also claimed that their protocol could be resistant to kinds of attacks. In our paper, we show that their protocol is susceptible to the server spoofing attack, user impersonation attack. We also proposed an enhanced protocol which can be more secure and flexible here.

Zhang Zhaoxin,Fang Binxing,Hu Mingzeng,Zhang Hongli

DOI: https://doi.org/10.3772/j.issn.1002-0470.2008.03.003

2008-01-01

Abstract:In consideration of the security threats in session initiation protocol (SIP) based networks,this paper put forward the deterministic finite automation (DFA) model for SIP attack methods.The attack theories and methods of five attacks of registration hijacking,INVITE,re-INVITE,tearing down sessions,and DoS were deeply analys based on the model,and all the attacks were recurred in real circumstances.At the same time the method to forbid the third part registration or registration rank carving in dealing with registration hijacking attacks,and the improved HTTP digest authentication pro- tocol and the hop-by-hop encryption within proxy to deal with the attacks of INVITE,re-INVITE and BYE were put for- ward and implemented,which improved the security and usability of SIP networks.

Bin Hou,Yu Q. Lu,De X. Ye,Gang Liu

2006-01-01

Abstract:This paper introduced the confidentiality and integrality of multimedia data in the SIP-based VoIP system, explained the essentiality and actuality of the problem, and analysed the key technology. Based on the theory of separating application and carrying layer, the encryption was designed on application layer, transparent to the transport layer and end-to-end, media stream security solution in VoIP.

Haoran Chen,Jianhua Chen,Han Shen

DOI: https://doi.org/10.1504/ijesdf.2017.10004413

2017-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:As a lightweight and flexible signalling protocol, session initiation protocol (SIP) has been widely used for establishing, modifying and terminating the sessions in the multimedia environment. The increasing concerns about the security of communication sessions that run over the public Internet has made authentication protocols for SIP more desired. Recently, Lu et al. proposed an authentication scheme for SIP and claimed that their scheme is secure against various known attacks while maintaining efficiency. However, in this paper we will indicate that their protocol suffers from server spoofing attacks and failed to provide mutual authentication as they claimed. Further, we have presented an improved authentication protocol for SIP and proved its security using BAN logic. Though the security and performance analysis, we illustrate that the proposed scheme is more secure and flexible.

Zahid Mehmood,Gongliang Chen,Jianhua Li,Linsen Li,Bander Alzahrani

DOI: https://doi.org/10.1371/journal.pone.0186044

IF: 3.7

2017-01-01

PLoS ONE

Abstract:Over the past few years, Session Initiation Protocol ( SIP) is found as a substantial application-layer protocol for the multimedia services. It is extensively used for managing, altering, terminating and distributing the multimedia sessions. Authentication plays a pivotal role in SIP environment. Currently, Lu et al. presented an authentication protocol for SIP and profess that newly proposed protocol is protected against all the familiar attacks. However, the detailed analysis describes that the Lu et al.'s protocol is exposed against server masquerading attack and user's masquerading attack. Moreover, it also fails to protect the user's identity as well as it possesses incorrect login and authentication phase. In order to establish a suitable and efficient protocol, having ability to overcome all these discrepancies, a robust ECC-based novel mutual authentication mechanism with anonymity for SIP is presented in this manuscript. The improved protocol contains an explicit parameter for user to cope the issues of security and correctness and is found to be more secure and relatively effective to protect the user's privacy, user's masquerading and server masquerading as it is verified through the comprehensive formal and informal security analysis.

Mingfei Zhou

2014-01-01

Abstract:Soft switch is the core technology of next generation network. SIP protocol as one of the most important protocols in the next generation network,has been widely used in VoIP systems. SIP protocol can't support SIP signaling and media stream through NAT,which limits its application and development in the WAN. Although there are many NAT traversal solutions,every solution has limitations. In this paper,explain the impact of NAT on the SIP communication in detail,introduce the basic principle of UDP hole punching technology,the process of using UDP hole punching through the cone NAT and using the Http proxy gateway through various NAT.Compared the advantages and disadvantages of various NAT traversal solutions,present a NAT traversal solution which integrates UDP hole punching and Http proxy gateway technology. After the argument and experiment,it proves the scheme is feasibile.

SHAN Linwei,SHAN Xiuming,REN Yong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.14.047

2006-01-01

Abstract:Multimedia network conference is an important network application.The security support of implementing the network conference is necessary.Tiffs article firstly introduces the session initiation protocol and the inter-domain network conference model;then,it analyzes the security framework principles and presents the full design;finally,it combines the security framework with the network conference management functions and presents an example of signaling flow.

Debiao He,Jianhua Chen,Yitao Chen

DOI: https://doi.org/10.1002/sec.506

2011-01-01

Abstract:The session initiation protocol (SIP) is a powerful signaling protocol that controls communication on the Internet, establishing, maintaining, and terminating the sessions. The services that are enabled by SIP are equally applicable in the world of mobile and ubiquitous computing. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Very recently, Arshad et al. demonstrated that Tsai's scheme was vulnerable to offline password guessing attack and stolen-verifier attack. They also pointed that Tsai's scheme did not provide known-key secrecy and perfect forward secrecy. In order to overcome the weaknesses, Arshad et al. also proposed an improved mutual authentication scheme based on elliptic curve discrete logarithm problem for SIP and claimed that their scheme can withstand various attacks. In this paper, we do a cryptanalysis of Arshad et al.'s scheme and show that Arshad et al.'s scheme is vulnerable to the password guessing attack.

Saru Kumari,Shehzad Ashraf Chaudhry,Fan Wu,Xiong Li,Mohammad Sabzinejad Farash,Muhammad Khurram Khan

DOI: https://doi.org/10.1007/s12083-015-0409-0

IF: 3.488

2015-01-01

Peer-to-Peer Networking and Applications

Abstract:Sessioninitiation protocol (SIP) reformed the controlling routine of voice over Internet Protocol based communication over public channels. SIP is inherently insecure because of underlying open text architecture. A number of solutions are proposed to boost SIP security. Very recently Farash (Peer to Peer Netw. Appl. 1–10, 2014 ) proposed an enhanced protocol to improve the security of Tu et al.’s protocol (Peer to Peer Netw. Appl. 1–8, 2014 ). Further, Farash claimed his protocol to be secure against all known attacks. However, in this paper we show that Farash’s protocol is insecure against impersonation attack, password guessing attack, lacks user anonymity and is vulnerable to session-specific temporary information attack. Further, we have proposed an upgraded protocol to enhance the security. The security and performance analysis shows that the proposed protocol reduced one point multiplication as compared with Farash’s protocol, while resisting all known attacks. We have proved the security of proposed protocol using automated tool ProVerif.