Authentication and Key Agreement Scheme for SIP
Transcription
Authentication and Key Agreement Scheme for SIP
Authentication and Key Agreement Scheme for SIP Yolguly Allaberdiyev, H.Hakan Kılınç, Tuğrul Yanık Abstract VoIP services have become a major competitor to the PSTN networks. Performance and security of the authentication and key agreement schemes are two critical factors that affect the VoIP applications with large number of users. The authentication mechanism of SIP protocol is based on the HTTP Digest Authentication. This mechanism is easy to implement and delivers high performance results. But the weaknesses of this mechanism are not acceptable from security side. We have proposed new an ID based protocol for the SIP authentication and key agreement protocol. This protocol minimizes the use of expensive pairing functions but still resist notable attacks. Introduction The term VoIP (Voice over Internet Protocol) is used for the transmission of voice, video and multimedia sessions over IP networks. Flexibility in implementation and low cost caused VoIP products to spread quickly into the enterprise and consumer markets. This trend is reinforced by the transition of PSTN networks into VoIP friendly IP networks. To sustain this quick growth and application versatility VoIP systems need efficient, flexible and secure transmitting and signaling protocols. The Session Initiation Protocol (SIP) [1] is a text based signaling protocol used in order to manage, establish, modify, and terminate communication sessions among participants. One of the most important advantages of SIP is the decentralized structure that leaves the control of handshaking to the clients. This gives the SIP protocol a great deal of flexibility and scalability. On the other hand, SIP inherits two main problems common to internet applications which can be summarized as performance and security. Although SIP offers significant advantages, it is exposed to a variety of security threats such as snooping, modification, server spoofing, off-line password guessing and denial of service attacks [2], [3], [4]. The standard authentication protocol of SIP is the HTTP Digest Authentication which is based on a shared secret key [5]. The HTTP Digest Authentication delivers high performance both on the user and the server side because it relies only on a digest algorithm. However, the HTTP Digest Authentication has vulnerabilities against brute force attacks. Using dictionaries, weak passwords can be detected by matching the result of the digest algorithm in use. The reason most implementations use the HTTP Digest Authentication is its easy implementation and high performance. Figure 1: Client-Server Authenticatoın The authentication mechanism deployed in SIP should be efficient and secure. The SIP proxy servers should be able to overcome the challenging task of concurrently handling tens of thousands of clients despite the network and application delays. On the other hand, the authentication mechanism should be robust and secure avoiding various types of attacks taking advantage of the weaknesses of IP networks. The existing cryptosystems present different tradeoffs between efficiency and security. Developing an authentication and key agreement protocol for SIP is a challenging task indeed. Figure 2: Performance Evaluation Conclusion ID based cryptography presents convenient features for authentication and key agreement protocols. In the literature, various ID based protocols are proposed but their computational overhead is not very suitable for SIP. In our study, new ID based scheme is proposed for the SIP authentication and key agreement protocols. This protocol minimizes the use of the expensive pairing functions but still resists notable attacks. References: