共查询到16条相似文献,搜索用时 109 毫秒
1.
一种基于SIP安全认证机制的研究 总被引:3,自引:1,他引:3
目前,会话初始协议(SIP)大部分认证机制只提供了服务器到客户端的认证,HTTP摘要认证便是其中的一种。分析了这种机制容易遭受服务器伪装攻击和密码窃取攻击的缺陷,提出了一种弥补这些缺陷的安全认证机制。试验表明该算法具备较高的效率。 相似文献
2.
3.
4.
5.
针对会话初始协议(session initial protocol,SIP)简单、开放、易扩展的特点,对RFC3261中提出的几种安全机制进行了深入分析,指出了SIP网络面临的一些典型攻击和安全威胁.鉴于目前SIP网络面临的安全风险,对端到端和逐段转接的保护机制分别进行研究,探讨了HTTP认证、S/MIME、IPSec、TLS和SIPS URI等安全策略,并详细阐述了在SIP网络中实现这些安全服务所采用的各种安全框架模型. 相似文献
6.
7.
SIP安全认证机制研究 总被引:3,自引:1,他引:2
会话发起协议(SIP)简单灵活,便于业务扩展,是使用最广泛的信令协议之一。但是它缺乏有效的安全认证机制,容易受到攻击。分析了SIP可能受到的攻击,对已有安全认证机制进行比较,并提出一种基于公钥的安全认证机制,增强了SIP域内和端到端的安全性。 相似文献
8.
9.
10.
基于应用层的SIP安全机制设计 总被引:2,自引:0,他引:2
为了解决会话初始协议(SIP)应用中遇到的安全问题,结合SIP的特点分析了SIP可能遭遇的安全危机,提出一种在应用层上的安全机制.该安全机制采用认证和加密相结合的方法,在SIP消息传递时完成用户代理和服务器的双向认证和非对称加密算法的公钥交换,通过双向认证防止注册攻击和消息篡改等攻击手段,利用加密保证数据传输的安全,保证了SIP在各个阶段的安全性.实验结果表明,该安全机制可行并拥有很高的效率. 相似文献
11.
《Computer Standards & Interfaces》2014,36(2):397-402
Recently, Voice over Internet Protocol (VoIP) has been one of the more popular applications in Internet technology. For VoIP and other IP applications, issues surrounding Session Initiation Protocol (SIP) have received significant attention. SIP is a widely used signaling protocol and is capable of operating on Internet Telephony, typically using Hyper Text Transport Protocol (HTTP) digest authentication protocol. Authentication is becoming increasingly crucial because it accesses the server when a user asks to use SIP services. In this paper, we concentrate on the security flaws in the current SIP authentication procedure. We propose a secure ECC-based authentication mechanism to conquer many forms of attacks in previous schemes. By a sophisticated analysis of the security of the ECC-based protocol, we show that it is suitable for applications with higher security requirements. 相似文献
12.
SIP has been chosen as the protocol for multimedia application in 3G mobile networks. The authentication mechanism proposed in SIP specification is HTTP digest based authentication, which allows malicious parties to impersonate other parties or to charge calls to others, furthermore, other security problems, such as off-line password guessing attacks and server spoofing, are also needed to be solved. This paper proposes a new authenticated key exchange protocol NAKE, which can solve the existing problems in the original proposal. The NAKE protocol is probably secure in CK security model, thus it inherits the corresponding security attributes in CK security model. 相似文献
13.
The Session Initiation Protocol (SIP) is commonly used to establish Voice over IP (VoIP) calls. However, the original authentication scheme for SIP-based service typically uses HTTP Digest authentication protocol, which is s not providing security at an acceptable level. In this paper, we propose a secure and practical password-only authenticated key agreement scheme for SIP using elliptic curve cryptography(ECC). Our scheme is remarkable efficient and quite simple to use. And yet we can provide the rigorous proof of the security for it. Therefore, the end result is more suited to be a candidate for SIP authentication scheme. In addition, we also suggest an extended scheme capable of providing anonymity, privacy, and location privacy to protect the user’s personal information and his real identity. 相似文献
14.
Dheerendra Mishra Ashok Kumar Das Sourav Mukhopadhyay 《Peer-to-Peer Networking and Applications》2016,9(1):171-192
The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’s scheme. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes. 相似文献
15.
Session Initiation Protocol (SIP) has been widely used in the current Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). However, the original SIP authentication scheme was insecure and many researchers tried to propose schemes to overcome the flaws. In the year 2011, Arshad et al. proposed a SIP authentication protocol using elliptic curve cryptography (ECC), but their scheme suffered from off-line password guessing attack along with password change pitfalls. To conquer the mentioned weakness, we proposed an ECC-based authentication scheme for SIP. Our scheme only needs to compute four elliptic curve scale multiplications and two hash-to-point operations, and maintains high efficiency. The analysis of security of the ECC-based protocol shows that our scheme is suitable for the applications with higher security requirement. 相似文献
16.
基于SIP协议的3G网络安全认证机制 总被引:2,自引:0,他引:2
简要说明了SIP协议的消息格式和会话建立的实现过程,分析了3G网络中目前存在的攻击类型和潜在的安全威胁,同时提出了SIP关于隐私和机密保护的主要方法,即加密算法和安全认证机制的紧密结合。主要讨论在3G网络应用层中作为信令协议的SIP的安全认证机制,包括当前一些基本的认证算法和认证类型以及一些改进的认证机制。最后指出一些能够提高3G网络安全性的在认证方面的新领域。 相似文献