An improved Authentication Protocol for SIP-based VoIP
نویسندگان
چکیده
The SIP being an application layer protocol for signaling has been considered as the most appropriate one for multimedia applications. In order to detect some collisions and replay attacks, the SIP offers built-in authentication mechanism as per its specification, designated as HTTP digest based authentication, but study reveals that it is vulnerably susceptible to heterogeneous security issues such as impersonation attacks, man-in-the-middle attacks (MITM), server spoofing and password guessing attacks. Very recently Zhang et al. proposed symmetric key based anonymous authentication scheme for SIP. They claimed the scheme to provide privacy and anonymity, but the analysis in this paper expose that Zhang et al.’s scheme does not provide dynamic identity hence it is not anonymous. Furthermore, we proposed an improved anonymous authentication scheme for SIP. The scheme is more secure as compared with Zhang et al.’s scheme.
منابع مشابه
ملزومات امنیتی پیادهسازی IMS SIP سرور امن
IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...
متن کاملSecurity testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملA New Authentication Mechanism and Key Agreement Protocol for SIP Using Identity-based Cryptography
The Session Initiation Protocol (SIP) protocol is commonly used to establish Voice over IP (VoIP) calls. IETF SIP standards do not specify a secure authentication process thus allowing malicious parties to impersonate other parties or to charge calls to other parties. This paper proposes an extension to the SIP protocol that uses an identity-based authentication mechanism and key agreement prot...
متن کاملAnalysis and Modeling of VoIP Servers: A Linear Programming Approach
The SIP protocol was standardized by the IETF at the application layer for initiating, managing, and terminating multimedia sessions and has been widely used as the main signaling protocol on both the Internet and VoIP networks. Most challenges in this protocol are overload and lack of proper state distribution. These challenges cause a wide range of next-generation network users to face a shar...
متن کاملDesign of Secure VoIP using ID-Based Cryptosystem
SIP message authentication and SRTP key agreement are the important issue in the SIP-based VoIP service. Several secure solutions such as HTTP Digest Authentication, SSL/TLS, and S/MIME, are used for the SIP message authentication and key agreement. When the VoIP is used in the wireless environments, the efficiency of security service is one of the important matters in question. Therefore, we w...
متن کامل