共查询到20条相似文献,搜索用时 296 毫秒
1.
Session Initiation Protocol (SIP) has been widely used in the current Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). However, the original SIP authentication scheme was insecure and many researchers tried to propose schemes to overcome the flaws. In the year 2011, Arshad et al. proposed a SIP authentication protocol using elliptic curve cryptography (ECC), but their scheme suffered from off-line password guessing attack along with password change pitfalls. To conquer the mentioned weakness, we proposed an ECC-based authentication scheme for SIP. Our scheme only needs to compute four elliptic curve scale multiplications and two hash-to-point operations, and maintains high efficiency. The analysis of security of the ECC-based protocol shows that our scheme is suitable for the applications with higher security requirement. 相似文献
2.
Yanrong Lu Lixiang Li Haipeng Peng Yixian Yang 《Peer-to-Peer Networking and Applications》2016,9(2):449-459
The Session Initiation Protocol (SIP) as the core signaling protocol for multimedia services is receiving much attention. Authentication is becoming increasingly crucial issue when a user asks to use SIP services. Many authentication schemes for the SIP have been proposed. Very recently, Zhang et al. has presented an authentication scheme for SIP and claimed their scheme could overcome various attacks while maintaining efficiency. In this research, we illustrate that their scheme is susceptible to the insider attack and does not provide proper mutual authentication. We then propose a modified secure mutual authentication scheme to conquer the security flaws in Zhang et al.’s scheme. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Zhang et al.’s scheme. In addition, the performance analysis shows that our scheme has better efficiency in comparison with other related ECC-based authentication schemes for SIP. 相似文献
3.
4.
The Session Initiation Protocol (SIP) is commonly used to establish Voice over IP (VoIP) calls. However, the original authentication scheme for SIP-based service typically uses HTTP Digest authentication protocol, which is s not providing security at an acceptable level. In this paper, we propose a secure and practical password-only authenticated key agreement scheme for SIP using elliptic curve cryptography(ECC). Our scheme is remarkable efficient and quite simple to use. And yet we can provide the rigorous proof of the security for it. Therefore, the end result is more suited to be a candidate for SIP authentication scheme. In addition, we also suggest an extended scheme capable of providing anonymity, privacy, and location privacy to protect the user’s personal information and his real identity. 相似文献
5.
Zezhong Zhang Qingqing Qi Neeraj Kumar Naveen Chilamkurti Hwa-Young Jeong 《Multimedia Tools and Applications》2015,74(10):3477-3488
As a signaling protocol for controlling communication on the internet, establishing, maintaining, and terminating the sessions, the Session Initiation Protocol (SIP) is widely used in the world of multimedia communication. To ensure communication security, many authentication schemes for the SIP have been proposed. However, those schemes cannot ensure user privacy since they cannot provide user anonymity. To overcome weaknesses in those authentication schemes with anonymity for SIP, we propose an authentication scheme with anonymity using elliptic curve cryptograph. By a sophisticated analysis of the security of the proposed protocol, we show that the proposed scheme not only overcomes weaknesses in previous schemes but also is very efficient. Therefore, it is suitable for applications with higher security requirements. 相似文献
6.
Mohammad Sabzinejad Farash Saru Kumari Majid Bakhtiari 《Multimedia Tools and Applications》2016,75(8):4485-4504
The session initiation protocol (SIP) has been receiving a lot of attention to provide security in the Voice over IP (VoIP) in Internet and mobility management. Recently, Yeh et al. proposed a smart card-based authentication scheme for SIP using elliptic curve cryptography (ECC). They claimed that their scheme is secure against known security attacks. However, in this paper, we indicate that Yeh et al.’s scheme is vulnerable to off-line password guessing attack, user impersonation attack and server impersonation attack, in the case that the smart card is stolen and the information stored in the smart card is disclosed. As a remedy, we also propose an improved smart card-based authentication scheme which not only conquers the security weaknesses of the related schemes but also provides a reduction in computational cost. The proposed scheme also provides the user anonymity and untraceability, and allows a user to change his/her password without informing the remote server. To show the security of our protocol, we prove its security the random oracle model. 相似文献
7.
随着VoIP(Voice over Internet Protocol)的迅速发展,作为VoIP的主流协议的SIP协议成为各大运营商和设备商所关注的热点,出现了许多用SIP协议来通信的软终端。为了可以引入更多的用户对呼叫中心的使用,提出了一种基于SIP协议和CSTA呼叫模型的实现方法,将SIP协议和CSTA呼叫模型结合起来,用SIP协议来实现终端和服务器的通信并实时对外汇报终端状态的变化,这样就可以实现第三方监控,并通过测试验证了其可行性。 相似文献
8.
IAX作为一种轻量级和低带宽消耗的VoIP通信协议日益得到关注。在实际部署过程中,必须解决IAX与SIP协议的互通问题。文中从注册和接入认证机制,呼叫流程与SIP协议的映射对照,以及语音帧(MINIFRAME)和RTP/RTCP的转换等方面,详细分析了IAX与SIP协议互通中的难点问题并给出了具体的解决方案。 相似文献
9.
10.
为了解决VoIP认证计费问题,介绍了RADIUS协议及SIP认证方式,提出了扩展RADIUS协议以支持SIP认证的方法,并详细说明了经由认证处理的呼叫建立过程,给出了基于RADIUS和SIP协议的VoIP认证的具体实现方式,最后通过在SIP代理服务器上部署相应的计费策略,并结合RADIUS服务器的计费功能,给出了VoIP计费的实现方法. 相似文献
11.
12.
Session mobility is one of new critical issues in the ubiquitous mobile networking environment. Session mobility provides a user changing its ongoing multimedia session, e.g., Voice-over-Internet Protocol (VoIP), from the currently using device to another by adapting user’s demand. In session Initial Protocol (SIP)-based multimedia services supporting session mobility, SIP serves as a signaling control protocol to negotiate session control, whereas media is transmitted using Real-time Transport Protocol (RTP). For securing multimedia sessions, Multimedia Internet Keying (MIKEY) is embedded in SIP signaling to negotiate security parameters for Secure RTP (SRTP), whereas SRTP is used to protect media stream. Since session mobility allows an ongoing multimedia session to be transferred from one device to another, a new security problem is raised, i.e., sensitive parameters may remain in the previous device when the ongoing multimedia session has been transferred to the current device. Unfortunately, current MIKEY cannot bear the aforementioned security problem in session mobility. Therefore, we propose Multimedia Internet Rekeying (MIRKEY) for session mobility in the ubiquitous mobile networking environment. Although MIKEY can be executed again to carry out the rekeying of the session key and Crypto Session bundle (CSB) update, the sensitive parameters still remain in previous devices. MIRKEY contains a SBK to bind the participated user and multimedia session. Besides, SBK can persist in rekeying based on the key chain whenever a multimedia session is transferred to other devices. As a result, SBK is operative only in the specific device. As a result, MIRKEY can solve the newly raised security problem in session mobility. Furthermore, we verify MIRKEY using Burrows–Abadi–Needham (BAN) logic and realize it in the implemented ubiquitous multimedia service platform (UMSP). 相似文献
13.
会话启动协议SIP作为推荐的Internet会议和VoIP信令控制协议,在RFC中没有严格地给出其行为的形式化模型。论文利用确定与随机Petri网(deterministicandstochasticPetrinets,DSPN)给出了SIP核心事务的形式化模型,为进一步的协议分析和实现奠定了基础。 相似文献
14.
Dimitris Gritzalis Panagiotis Katsaros Stylianos Basagiannis Yannis Soupionis 《International Journal of Information Security》2012,11(2):121-135
Anti-SPIT policies counter the SPam over Internet Telephony (SPIT) by distinguishing bots launching unsolicited bulks of VoIP
calls from human beings. We propose an Anti-SPIT Policy Management mechanism (aSPM) that detects spam calls and prevents VoIP
session establishment by the Session Initiation Protocol (SIP). The SPIN model checker is used to formally model and analyze
the robustness of the aSPM mechanism in execution scenarios with parallel SIP sessions. In case of a possible design flaw,
the model checker provides a trace of the caught unexpected behavior (counterexample), that can be used for the revision of
the mechanism’s design. Our SPIN model is parameterized, based on measurements from experiments with VoIP users. Non-determinism
plays a key role in representing all possible anti-SPIT policy decisions, in terms of the SIP messages that may be exchanged.
The model checking results provide evidence for the timeliness of the parallel SIP sessions, the absence of deadlocks or livelocks,
and the fairness for the VoIP service users. These findings ensure robust anti-SPIT protection, meaning that the aSPM mechanism
operates as expected, despite the occurrence of random SPIT calls and communication error messages. To the best of our knowledge,
this is the first analysis for exhaustively searching security policy flaws, due to complex interactions between anti-SPIT
measures and the SIP protocol services. 相似文献
15.
16.
17.
18.
Dheerendra Mishra Ashok Kumar Das Sourav Mukhopadhyay 《Peer-to-Peer Networking and Applications》2016,9(1):171-192
The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’s scheme. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes. 相似文献
19.
作为整个现代网络安全的基础,该文提出了验证的概念,它是会话初始化协议(SIP)网络中合并了可扩展认证协议(EAP)验证体系的一种机制。研究表明,SIP验证可以由EAP验证体系进行扩展而现有的AAA基础结构可以为SIP用户再次用于验证。实施验证的过程中使用了DIAMETER基础协议。这个基本协议工具使用低权目录访问协议(LDAP)而且必须使用接口,DIAMETER网络访问服务器请求(NASREQ)应用命令码的一个子集和AVP以在运行中实现扩展验证协议(EAP)传输。 相似文献
20.
如何将会话初始化协议(SIP)与现有的通信网络有机结合,提供安全可靠的数据及通信服务已成为当今的热点问题。VoIP应用也受到业界的持续关注。安全问题一直都是企业实施VoIP的一个阻碍。提出了一个基于SIP的VoWLAN通信平台,将各种语音服务构建于无线局域网之上。利用虚拟专用网(VPN)、数据加密技术、VLAN和防火墙等必要安全技术和策略,应对在系统中的安全威胁,实现了通话质量可靠、安全性高的企业级VoIP无线网络架构。描述了该系统的设计和实现过程,讨论了其中的关键技术。 相似文献