Design And Implementation Of A New Authentication Mechanism Based On SIP

With Internet commercial revolution and Network crisis development, The Public Switched Telephone Network (PSTN) whose character is circuit switching is giving way to the Next-Generation Network (NGN) whose character is packet switching. The Softswitch is the most important element of the NGN, it can integrate voice, data and video, and it can execute protocol translations between separate networks. Session Initiation Protocol (SIP) is scalable, easy to implement, and requires less setup time than its predecessor protocols. Being text based, it is easy to program. Because of these advantages, it has became the most important protocol in Softswitch system. However, the same as many Internet protocols, SIP was designed with simplicity, not security. When the developers use the protocol to develop products, there are some vulnerabilities. For this reason, at present, a very hot topic in the SIP standardization track is security mechanism.The main purpose of this paper is to study authentication mechanism before communication between users, in order to provide reliability to SIP communications. At first, this paper analyzes network infrastructure of SIP system, SIP message, registration process. With oSIP stack, we implemented User Agent in windows platform and Registrar Server in linux.Then we present the register attack, a new kind of a denial of service attack on SIP servers. The document of RFC3261 recommends we use the challenge/response mechanism to prevent the attack. But the mechanism will reduce the throughput of the server and bring new possibilities for attacking the server. We present a new authentication mechanism, motivated by the one-password mechanism.Finally, we focus on performance issues. By means of a real tested implementation, we provide an experimental performance analysis of the SIP security mechanisms. According to the result, the server with my authentication mechanism can prevent the unregister attack and the throughput also improved. So the mechanism has some comparative superiority and appliance foreground.