Enhancement of SIP Signaling for Integrity Verification
暂无分享,去创建一个
SIP has an authenticated identity management mechanism, named SIP Identity (in RFC4474), that has integrity verification as part of it. SIP Identity uses the public key infrastructure (PKI), which entails certificate management whereby parties get a certificate from the certificate authority (CA) and periodically update it. This presents problems when a user agent (UA) uses SIP Identity. In this paper, we propose a verification mechanism to ensure the integrity of a call flow that does not require lots of effort on the part of the UA. By using our mechanism and SIP Identity, we can ensure the end-to-end integrity of a call flow without a user-level PKI. We apply the verification mechanism to ZRTP, which is a key agreement protocol for SRTP, and validate it.
[1] I. Gojmerac,et al. Using SIP identity to prevent man-in-the-middle attacks on ZRTP , 2008, 2008 1st IFIP Wireless Days.
[2] Eric Rescorla,et al. Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP) , 2010, RFC.
[3] Jon Peterson,et al. Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) , 2006, RFC.
[4] Mark Handley,et al. SIP: Session Initiation Protocol , 1999, RFC.