The traditional circuit switched infrastructure for telephony services are being replaced by voice over IP (VoIP) for many forthcoming benefits. At the same time, there are some new security issues due to the introduction of new packet switched infrastructure and new VoIP protocols. One of crucial security issues faced by the current VoIP protocols is about the end-to-end user identity and how to authenticate it. This is especially important for guaranteeing integrity and privacy of the response information, because the current proposal solutions fail in many real-world scenarios. In this study, we demonstrate one new mechanism for providing and authenticating response identify, based on Session Initiation Protocol (SIP). In order to prevent several kinds of malicious attacks through response and protect the integrity of response message, another new per-hop authentication mechanism was proposed to handle SIP response. With the combination of these proposed mechanisms, response identity can be securely provided, and spam IP telephony (SPIT) or other malicious attacks can be identified and prevented from attacking the VoIP service.
[1]
Mark Handley,et al.
SIP: Session Initiation Protocol
,
1999,
RFC.
[2]
Thomas J. Walsh,et al.
Security Considerations for Voice Over IP Systems
,
2005
.
[3]
Feng Cao,et al.
Security analysis and solutions for deploying IP telephony in the critical infrastructure
,
2005,
Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..
[4]
Jon Peterson,et al.
Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)
,
2006,
RFC.
[5]
Jon Peterson,et al.
Session Initiation Protocol (SIP) Authenticated Identity Body (AIB) Format
,
2004,
RFC.
[6]
D. Richard Kuhn,et al.
SP 800-58. Security Considerations for Voice Over IP Systems
,
2005
.