Proxy-based Security for the Session Initiation Protocol (SIP)

There is a trend towards voice-over-IP systems based on the session initiation protocol (SIP), which is a protocol for session management in general. However, as signalling data is transferred using the Internet, systems face security problems. Thus, at least authentication of the participants and confidentiality of signalling data have to be ensured as basic mechanism. In this work, we propose a mechanism for assuring the identity of a group of users fulfilling the same role (e.g., employees of a customer call centre). Using our concept enables using only one certificate for the whole group for signing and encrypting messages according to the SIP standard. Our mechanism works transparently for users as we provide a special proxy server for this purpose, which significantly reduces administration efforts and resource needs on the participating nodes. Furthermore, such a proxy server can be used for transparently validating and decrypting SIP messages as well. This reduces efforts on the terminals, resulting in an improved resource-usage, e.g., on a personal digital assistant. We provide an implementation of the concept based on the NIST SIP proxy server.