简单身份验证SIP请求管理的改进

2010 IEEE/ACIS 9th International Conference on Computer and Information Science Pub Date : 2010-08-18 DOI:10.1109/ICIS.2010.113

Hisashi Takahara, Motonori Nakamura

{"title":"简单身份验证SIP请求管理的改进","authors":"Hisashi Takahara, Motonori Nakamura","doi":"10.1109/ICIS.2010.113","DOIUrl":null,"url":null,"abstract":"SIP is a popular signaling protocol. In SIP, RFC4474 (SIP Identity) [3] is used to verify integrity of a flow from a Proxy to a terminal of a callee while RFC3261 (Proxy Authenticate) [1] is used to ensure authenticity of a flow from a terminal of a caller to a Proxy. However Proxy Authenticate only ensures authenticity and cannot verify the integrity of a flow. Thus, the flow from a terminal of caller to a proxy is inherently vulnerable to man-in-the-middle (MITM) attacks. In this paper, a new method is proposed that makes it possible to verify integrity of a SIP flow from a terminal of a callee to a proxy without such a significant effort as PKI requires. By combining this method and SIP Identity, it is realized to verify integrity of SIP signaling flow over the while end-to-end path more easily than using only SIP Identity.","PeriodicalId":338038,"journal":{"name":"2010 IEEE/ACIS 9th International Conference on Computer and Information Science","volume":"152 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Exhancements for a Simple Authenticated SIP Request Management\",\"authors\":\"Hisashi Takahara, Motonori Nakamura\",\"doi\":\"10.1109/ICIS.2010.113\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SIP is a popular signaling protocol. In SIP, RFC4474 (SIP Identity) [3] is used to verify integrity of a flow from a Proxy to a terminal of a callee while RFC3261 (Proxy Authenticate) [1] is used to ensure authenticity of a flow from a terminal of a caller to a Proxy. However Proxy Authenticate only ensures authenticity and cannot verify the integrity of a flow. Thus, the flow from a terminal of caller to a proxy is inherently vulnerable to man-in-the-middle (MITM) attacks. In this paper, a new method is proposed that makes it possible to verify integrity of a SIP flow from a terminal of a callee to a proxy without such a significant effort as PKI requires. By combining this method and SIP Identity, it is realized to verify integrity of SIP signaling flow over the while end-to-end path more easily than using only SIP Identity.\",\"PeriodicalId\":338038,\"journal\":{\"name\":\"2010 IEEE/ACIS 9th International Conference on Computer and Information Science\",\"volume\":\"152 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-08-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE/ACIS 9th International Conference on Computer and Information Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIS.2010.113\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE/ACIS 9th International Conference on Computer and Information Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIS.2010.113","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

SIP是一种流行的信令协议。在SIP协议中，RFC4474 (SIP Identity)[3]用于验证从代理到被调用方终端的流的完整性，RFC3261 (Proxy Authenticate)[1]用于确保从调用方终端到代理的流的真实性。但是，代理身份验证仅确保真实性，不能验证流的完整性。因此，从调用者终端到代理的流本质上容易受到中间人(MITM)攻击。在本文中，提出了一种新的方法，使验证SIP流的完整性成为可能，而无需像PKI那样需要大量的工作。通过将该方法与SIP Identity相结合，实现了比仅使用SIP Identity更容易地在端到端路径上验证SIP信令流的完整性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Exhancements for a Simple Authenticated SIP Request Management

SIP is a popular signaling protocol. In SIP, RFC4474 (SIP Identity) [3] is used to verify integrity of a flow from a Proxy to a terminal of a callee while RFC3261 (Proxy Authenticate) [1] is used to ensure authenticity of a flow from a terminal of a caller to a Proxy. However Proxy Authenticate only ensures authenticity and cannot verify the integrity of a flow. Thus, the flow from a terminal of caller to a proxy is inherently vulnerable to man-in-the-middle (MITM) attacks. In this paper, a new method is proposed that makes it possible to verify integrity of a SIP flow from a terminal of a callee to a proxy without such a significant effort as PKI requires. By combining this method and SIP Identity, it is realized to verify integrity of SIP signaling flow over the while end-to-end path more easily than using only SIP Identity.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 IEEE/ACIS 9th International Conference on Computer and Information Science

自引率

0.00%

发文量