摘要
会话初始化协议(SIP)基于Client/Server结构,由于受到SIP自身特点及应用环境的影响,目前SIP常用的安全机制大都只提供Server对Client的认证,且大都没有提供会话密钥协商的机制,容易受到服务器伪装攻击。在分析了SIP面临的安全威胁以及SIP安全机制的现状后,通过对SIP协议的扩展,设计和实现了一种基于HT-TP摘要认证的SIP安全机制。该机制能实现双向身份认证和密钥协商功能,使SIP认证和加密更为灵活。
SIP is based on the Client/Server structure. Most current security muehanisms used in SIP only provide the authentication to client from the server because of the SIP's characteristic and application environment, and most of them do not provide the key negotiation mechanism. There fore the affaek of impersonating usually happens. This paper analyzes the security threats faced with by SIP and the actuality of SIP security mechanism. And authors design and implement a SIP security mechanism based on HTTP Digest Authentication by extending the SIP. This mechanism provides the functions of bidirectional identity authentication and key negotiation, and makes SIP authentication and Eneryption more flexible.
出处
《重庆邮电学院学报(自然科学版)》
2005年第6期749-751,共3页
Journal of Chongqing University of Posts and Telecommunications(Natural Sciences Edition)
