| With the development and innovation of the interconnection technology, the PublicSwitched Telephone Network based on circuit switching is giving way to the Next-GenerationNetwork based on packet switching. As a core signaling control protocol in NGN, SIP hasprominent advantages of simple, flexible, good extensibility and easy programming. Tooversimplify, the IETF created SIP, but they did not assign any special security protocol forSIP, hence existing many holes using in network environments, so it is obviously important tosolve the security problems of SIP. This research in this paper focuses on identityauthentication mechanisms of SIP systems based on HTTP Digest, to improve the reliabilityof data communication. Our main work includes three aspects as follows:Firstly, the network infrastructure of SIP, network element, the form of SIP request andreply message is discussed. We made analysis on the main operations by using specificmessage handing flow, including user registration, session establishment and termination.Secondly, in view of the security problems of SIP in the existing systems and the type ofattacks, chapter3analyzes some existing security authentication mechanism used by SIP isdescribed, including HTTP Digest identity authentication, mutual authentication based onHTTP Digest authentication, TLS, IPSec and S/MIME. We focuses the analysis of the mutualauthentication, public key technique is introduced in the identity authentication mechanism ofSIP, a improved authentication mechanism based on public key technique is proposed, whichcan resist replay attacks, impersonating a server, session monitoring and off-line passwordguessing attacks effectively.At last, on basis of theory researching, we use eXosip and oSIP develop the user agentand registration server and its relevant properties have been tested. The experimental resultsindicate that the improved scheme offers an additional level of safety and assures the highefficiency at the same time. |
PDF Full Text Request