A framework for identity privacy in SIP

Secure multimedia delivery in modern and future networks is one of the most challenging problems towards the system integration of fourth generation (4G) networks. This integration means that different service and network providers will have to interoperate in order to offer their services to end users. This multidomain environment poses serious threats to the end user who has contract with, and trusts only a limited number of operators and service providers. One such threat is end users' privacy on which we will focus in this paper. Probably the most promising protocol for multimedia session management is the Session Initiation Protocol (SIP), which is an application layer protocol and thus can operate on top of different lower layer technologies. SIP is quite popular and a lot of research has been conducted; however, it still has some security issues, one of which is related to privacy and more particularly the protection of user identities (IDs). In this paper we comment on the ID privacy issue of SIP and propose a framework called PrivaSIP that can protect either the caller's ID or both the caller's and the callee's IDs in multidomain environments. We present different implementations of our framework based on asymmetric and symmetric cryptography analyzing the pros and cons of each one of them. Furthermore, we provide performance measurements in order to estimate the performance penalty of our framework over standard SIP. The most significant advantage of our method is that it can assure user ID protection even when SIP messages are transmitted through untrusted SIP domains, while our results show that this can be achieved with no perceived delay by the end user.

[1]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[2]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[3]  Michael Mealling Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS , 2002, RFC.

[4]  Cullen Jennings,et al.  The Session Initiation Protocol (SIP) and Spam , 2008, RFC.

[5]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[6]  Michael Mealling,et al.  Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database , 2002, RFC.

[7]  Blake Ramsdell,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification , 2004, RFC.

[8]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9]  Jon Peterson,et al.  Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks , 2002, RFC.

[10]  Michael Mealling Dynamic Delegation Discovery System (DDDS) Part Four: The Uniform Resource Identifiers (URI) , 2002, RFC.

[11]  Jon Peterson,et al.  A Privacy Mechanism for the Session Initiation Protocol (SIP) , 2002, RFC.

[12]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[13]  Georgios Kambourakis,et al.  Caller identity privacy in SIP heterogeneous realms: A practical solution , 2008, 2008 IEEE Symposium on Computers and Communications.

[14]  T. Dagiuklas,et al.  SIP Security Mechanisms : A state-ofthe-art review , 2005 .

[15]  Michael Mealling,et al.  Dynamic Delegation Discovery System (DDDS) Part Two: The Algorithm , 2002, RFC.

[16]  Stefanos Gritzalis,et al.  Enhancing Web privacy and anonymity in the digital era , 2004, Inf. Manag. Comput. Secur..

[17]  Costas Lambrinoudakis,et al.  A framework for protecting a SIP-based infrastructure against malformed message attacks , 2007, Comput. Networks.

[18]  Henning Schulzrinne,et al.  Application-layer mobility using SIP , 2000, MOCO.

[19]  Mihir Bellare,et al.  DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem , 1999, IACR Cryptol. ePrint Arch..