Authentication and Key Agreement Scheme for SIP

Transcription

Authentication and Key Agreement Scheme for SIP
Authentication and Key Agreement Scheme for SIP
Yolguly Allaberdiyev, H.Hakan Kılınç, Tuğrul Yanık
Abstract
VoIP services have become a major competitor to the PSTN networks.
Performance and security of the authentication and key agreement
schemes are two critical factors that affect the VoIP applications with
large number of users. The authentication mechanism of SIP protocol
is based on the HTTP Digest Authentication. This mechanism is easy
to implement and delivers high performance results. But the
weaknesses of this mechanism are not acceptable from security side.
We have proposed new an ID based protocol for the SIP authentication
and key agreement protocol. This protocol minimizes the use of
expensive pairing functions but still resist notable attacks.
Introduction
The term VoIP (Voice over Internet Protocol) is used for the
transmission of voice, video and multimedia sessions over IP
networks. Flexibility in implementation and low cost caused VoIP
products to spread quickly into the enterprise and consumer markets.
This trend is reinforced by the transition of PSTN networks into VoIP
friendly IP networks. To sustain this quick growth and application
versatility VoIP systems need efficient, flexible and secure
transmitting and signaling protocols. The Session Initiation Protocol
(SIP) [1] is a text based signaling protocol used in order to manage,
establish, modify, and terminate communication sessions among
participants.
One of the most important advantages of SIP is the decentralized
structure that leaves the control of handshaking to the clients. This
gives the SIP protocol a great deal of flexibility and scalability. On the
other hand, SIP inherits two main problems common to internet
applications which can be summarized as performance and security.
Although SIP offers significant advantages, it is exposed to a variety
of security threats such as snooping, modification, server spoofing,
off-line password guessing and denial of service attacks [2], [3], [4].
The standard authentication protocol of SIP is the HTTP Digest
Authentication which is based on a shared secret key [5]. The HTTP
Digest Authentication delivers high performance both on the user and
the server side because it relies only on a digest algorithm. However,
the HTTP Digest Authentication has vulnerabilities against brute force
attacks. Using dictionaries, weak passwords can be detected by
matching the result of the digest algorithm in use. The reason most
implementations use the HTTP Digest Authentication is its easy
implementation and high performance.
Figure 1: Client-Server Authenticatoın
The authentication mechanism deployed in SIP should be efficient and
secure. The SIP proxy servers should be able to overcome the
challenging task of concurrently handling tens of thousands of clients
despite the network and application delays. On the other hand, the
authentication mechanism should be robust and secure avoiding
various types of attacks taking advantage of the weaknesses of IP
networks. The existing cryptosystems present different tradeoffs
between efficiency and security. Developing an authentication and
key agreement protocol for SIP is a challenging task indeed.
Figure 2: Performance Evaluation
Conclusion
ID based cryptography presents convenient features for authentication
and key agreement protocols. In the literature, various ID based protocols
are proposed but their computational overhead is not very suitable for
SIP. In our study, new ID based scheme is proposed for the SIP
authentication and key agreement protocols. This protocol minimizes the
use of the expensive pairing functions but still resists notable attacks.
References: