{"title":"Exhancements for a Simple Authenticated SIP Request Management","authors":"Hisashi Takahara, Motonori Nakamura","doi":"10.1109/ICIS.2010.113","DOIUrl":null,"url":null,"abstract":"SIP is a popular signaling protocol. In SIP, RFC4474 (SIP Identity) [3] is used to verify integrity of a flow from a Proxy to a terminal of a callee while RFC3261 (Proxy Authenticate) [1] is used to ensure authenticity of a flow from a terminal of a caller to a Proxy. However Proxy Authenticate only ensures authenticity and cannot verify the integrity of a flow. Thus, the flow from a terminal of caller to a proxy is inherently vulnerable to man-in-the-middle (MITM) attacks. In this paper, a new method is proposed that makes it possible to verify integrity of a SIP flow from a terminal of a callee to a proxy without such a significant effort as PKI requires. By combining this method and SIP Identity, it is realized to verify integrity of SIP signaling flow over the while end-to-end path more easily than using only SIP Identity.","PeriodicalId":338038,"journal":{"name":"2010 IEEE/ACIS 9th International Conference on Computer and Information Science","volume":"152 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE/ACIS 9th International Conference on Computer and Information Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIS.2010.113","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
SIP is a popular signaling protocol. In SIP, RFC4474 (SIP Identity) [3] is used to verify integrity of a flow from a Proxy to a terminal of a callee while RFC3261 (Proxy Authenticate) [1] is used to ensure authenticity of a flow from a terminal of a caller to a Proxy. However Proxy Authenticate only ensures authenticity and cannot verify the integrity of a flow. Thus, the flow from a terminal of caller to a proxy is inherently vulnerable to man-in-the-middle (MITM) attacks. In this paper, a new method is proposed that makes it possible to verify integrity of a SIP flow from a terminal of a callee to a proxy without such a significant effort as PKI requires. By combining this method and SIP Identity, it is realized to verify integrity of SIP signaling flow over the while end-to-end path more easily than using only SIP Identity.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
