Exhancements for a Simple Authenticated SIP Request Management

Abstract

SIP is a popular signaling protocol. In SIP, RFC4474 (SIP Identity) [3] is used to verify integrity of a flow from a Proxy to a terminal of a callee while RFC3261 (Proxy Authenticate) [1] is used to ensure authenticity of a flow from a terminal of a caller to a Proxy. However Proxy Authenticate only ensures authenticity and cannot verify the integrity of a flow. Thus, the flow from a terminal of caller to a proxy is inherently vulnerable to man-in-the-middle (MITM) attacks. In this paper, a new method is proposed that makes it possible to verify integrity of a SIP flow from a terminal of a callee to a proxy without such a significant effort as PKI requires. By combining this method and SIP Identity, it is realized to verify integrity of SIP signaling flow over the while end-to-end path more easily than using only SIP Identity.