共查询到20条相似文献,搜索用时 125 毫秒
1.
本文先简要概述了SIP应用背景和重要概念,然后详细分析了SIP面临的安全威胁以及现有安全解决方案,主要为安全认证和加密,讨论了几种典型方案的原理和不足.随后仔细研究了一种先进的基于共享用户密码进行密钥协商的轻量级的SIP安全认证、加密机制,并加入一次口令机制加以改进.随后借鉴了一种基于能力的IP-DOS控制思想,结合S... 相似文献
2.
SIP安全模型研究及实现 总被引:10,自引:0,他引:10
SIP是由IETF提出的IP电话信令协议,是NGN中的重要协议。本文在简要介绍SIP协议后,着重介绍SIP协议面临的安全威胁模型,最后从三个方面给出了安全解决对策。 相似文献
3.
4.
5.
6.
7.
一种基于改进的HTTP摘要认证的SIP安全机制 总被引:1,自引:0,他引:1
SIP协议是当前IP电话中的主流协议,HTTP摘要认证机制被很多SIP系统作为安全机制,但存在客户端不能认证服务器端,且不支持密钥协商的缺陷。为解决这一不足,提出了一种基于改进的HTTP摘要认证的SIP安全机制,使得SIP安全解决方案更加完善,部署更加灵活。 相似文献
8.
9.
讨论了基于会话初始协议(SIP),通过IP网传输语音的网关的设计。首先,对IP电话技术及SIP协议在网关中的应用作了介绍;其次,详细阐述了语音网关的设计与实现,包括系统方案设计,硬件设计,软件设计;最后,讨论了SIP协议应用于该系统中的呼叫流程。该设计为企业拨打IP电话提供了解决方案。 相似文献
10.
11.
12.
文中指出了现有网络体系在当今应用背景下出现的弊端,分析了向下一代互联网络演进的必然性。介绍了下一代互联网体系的特点和面临的技术挑战,提出了软交换设备为下一代互联网的核心,进而引出了SIP会话初始化协议在下一代互联网的重要地位。文中从SIP协议本身分析了其常见的安全威胁和安全措施,结合下一代互联网开放、异构、互联的特殊应用环境对SIP现有安全机制提出挑战,提出了适用于下一代互联网体系的SIP安全解决方案。最后提出一种基于源端认证、过程跟踪、系统性监控的SIP安全模型。 相似文献
13.
6G网络的概念已经被提出并引起了学术界的广泛关注.整体而言,6G网络将对5G网络的性能进行优化,并拓展5G技术难以实现的业务场景.然而,这些新场景、新技术的引入势必带来新的安全隐患和威胁.首先,针对6G网络的关键技术、实现手段等展开研究,重点围绕国际上5G/6G的主要研究机构、公司和企业的研究进展进行详细调研.然后,汇... 相似文献
14.
15.
Dimitris Gritzalis Panagiotis Katsaros Stylianos Basagiannis Yannis Soupionis 《International Journal of Information Security》2012,11(2):121-135
Anti-SPIT policies counter the SPam over Internet Telephony (SPIT) by distinguishing bots launching unsolicited bulks of VoIP
calls from human beings. We propose an Anti-SPIT Policy Management mechanism (aSPM) that detects spam calls and prevents VoIP
session establishment by the Session Initiation Protocol (SIP). The SPIN model checker is used to formally model and analyze
the robustness of the aSPM mechanism in execution scenarios with parallel SIP sessions. In case of a possible design flaw,
the model checker provides a trace of the caught unexpected behavior (counterexample), that can be used for the revision of
the mechanism’s design. Our SPIN model is parameterized, based on measurements from experiments with VoIP users. Non-determinism
plays a key role in representing all possible anti-SPIT policy decisions, in terms of the SIP messages that may be exchanged.
The model checking results provide evidence for the timeliness of the parallel SIP sessions, the absence of deadlocks or livelocks,
and the fairness for the VoIP service users. These findings ensure robust anti-SPIT protection, meaning that the aSPM mechanism
operates as expected, despite the occurrence of random SPIT calls and communication error messages. To the best of our knowledge,
this is the first analysis for exhaustively searching security policy flaws, due to complex interactions between anti-SPIT
measures and the SIP protocol services. 相似文献
16.
基于SIP协议的网络安全性分析 总被引:9,自引:5,他引:9
SIP协议是NGN(Next Generation Network)中的重要协议之一。在SIP网络中,由于设备的差异性和网络环境的复杂性,即不同的设备支持不同的安全协议,不同的网络环境要求采用不同的安全协议,单一地指定某种安全协议使系统缺乏应有的灵活性,也降低了系统的可靠性。提出了一种新的安全协商机制用于在SIP实体之间进行安全协议的选择,并给出了相应的安全性分析。 相似文献
17.
Giorgos KaropoulosAuthor Vitae Georgios Kambourakis Author VitaeStefanos Gritzalis Author Vitae 《Computer Standards & Interfaces》2011,33(3):301-314
In modern and future networks that belong to different providers, multimedia protocols will have to operate through multiple domains. In such an environment security is considered a crucial parameter; this is true especially for privacy since not all domains can be considered trusted beforehand in terms of personal data protection. Probably the most promising protocol for multimedia session management is SIP. While SIP is popular and a lot of research has been conducted, it still has some security issues, one of which is related to privacy and more particularly the protection of user identities (IDs). In the general case everybody can reveal the communicating parties IDs by simply eavesdropping on the exchanged SIP messages. In this paper we analyze the lack of user ID protection in SIP and propose two solutions; in the first the ID of the caller is protected while in the second both IDs of the caller and the callee are protected. Our work also includes performance results and extensive comparison with similar methods. The most significant advantage of our method is that it can assure user ID protection even when SIP messages are transmitted through untrusted SIP domains before reaching the Home Domain of the user or another trusted domain. Moreover, it does not require from the SIP Proxy server to maintain state information for exchanged SIP requests and respective responses. 相似文献
18.
19.
提出一种SIP信令协议的入侵检测方法,用以加强VoIP业务环境的安全。重点对基于SIP的VoIP业务环境的安全威胁和业务流量分析,利用数据挖掘算法和改进的贝叶斯算法构建针对SIP下的入侵检测模型。实验结果表明,该方法可以对VoIP业务环境下的网络攻击进行有效检测。 相似文献