基于改进SIP协议的SIP网络安全通信模型

doi:1000-436X(2007)12-0039-09

摘要/Abstract

摘要：

通过对SIP协议安全性的深入研究，结合PKI技术、数字时间认证技术、数字证书及SIP网络的特点提出了基于改进SIP协议的SIP网络安全通信模型。借鉴原有的协议流程制定了新的呼叫建立子协议，重新制定了注册子协议和漫游注册子协议，增加了时间同步子协议和密钥协商子协议，并在实际环境下对该模型进行时间延迟测试。实验结果表明该模型在有效提高SIP网络机密性、完整性、可用性、抗否认性和新鲜性的同时所带来毫秒级的时间延迟是可接受的。

关键词: 网络安全, SIP, 安全通信模型

Abstract:

Through analyzing the security of SIP,combining PKI technology,digital time authentication,digital certificate and the characteristic of SIP network,the safe communicated model of SIP network based on improved SIP protocol was put forward.New call established protocol was constituted used the primary flow for reference,new register protocol and roam register protocol were constituted,time synchronization protocol and negotiating key protocol was added for this model,and test the safe communicated model in real circumstance.The result of the experiment proved that this model improved the confidentiality,integrality,usability,non-repudiation and novelty of the SIP network with the millisecond delay which can be accepted.

Key words: network security, SIP, safe communicated model

张兆心,方滨兴,张宏莉,姜春祥. 基于改进SIP协议的SIP网络安全通信模型[J]. 通信学报, 2007, 28(12): 39-47.

Zhao-xin ZHANG,Bin-xing FANG,Hong-li ZHANG,Chun-xiang JIANG. Safe communicated model of SIP network based on improved SIP protocol[J]. Journal on Communications, 2007, 28(12): 39-47.

图/表 7

图1

图2

图3

图4

图5

图6

图7

参考文献 29

[1]	司端锋, 韩心慧, 龙勤 ,等. SIP标准中的核心技术与研究发展[J]. 软件学报 2005,16(2): 239-250. SI D F , HAN X H , ONG Q ,et al. A survey on the core technique and research development in SIP standard[J]. Journal of Software, 2005,16(2): 239-250.
[2]	ROSENBERG J , SCHULZRINNE H , CAMANILO G . SIP:Session Initiation Protocol[S]. Internet RFC 3261, 2002.
[3]	FIELDING R , GETTYS J . HTTP:Hypertext Transfer Protocol[S]. Internet RFC 2616, 1999.
[4]	POSTEL J B . SMTP:Simple Mail Transfer Protocol[S]. Internet RFC 821, 1982.
[5]	索望, 方勇, 王昆 . SIP协议中的安全机制[J]. 网络信息安全, 2004,10: 32-35. SUO W , FANG Y , WANG K . Security mechanism for SIP protocol[J]. Netinfo Security, 2004,10: 32-35.
[6]	储泰山, 潘雪增 . SIP 安全模型研究及实现[J]. 计算机应用与软件, 2004,21(12): 101-104. CHU T S , PAN X Z . SIP security model and its implementation[J]. Computer Applications and Software, 2004,21(12): 101-104.
[7]	郭力, 王时龙, 张腾 . 基于 SIP 通信的安全性研究[J]. 信息安全与通信保密, 2005,11: 55-58. GUO L , WANG S L , ZHANG T . The research about the security of com-munication based on SIP[J]. China Information Security, 2005,11: 55-58.
[8]	JOHAN B , ERIK E , JOACHIM O . Secure VoIP:Call Establishment and Media Protection[R]. KTH,Royal Institute of Technology,Stockholm, 2005.
[9]	ONO K , TACHIMOTO S . SIP signaling security for end-to-end communication[A]. Proc of 9th Asia-Pacific Conference on Communications,APCC 2003[C]. 2003. 1402-1406.
[10]	FRANKS J , HALLAM B P , HOSTETLER J . HTTP Authentication:Basic and Digest Access Authentication[S]. Internet RFC 2617, 1999.
[11]	BILIEN J , ELIASSON E , VATN J . Call establishment delay for secure VoIP[A]. WiOpt’04:Modeling and Optimization in Mobile,Ad Hoc and Wireless Networks[C]. University of Cambridge,UK, 2004. 24-26.
[12]	BAUGHER M , MCGREW D , NASLUND M ,et al. The Secure Real-time Transport Protocol (SRTP)[S]. RFC 3711, 2004.
[13]	FLEMMING A , MARK B , DAN W . Session Description Protocol Security Descriptions for Media Streams[S]. IETF Draft,Work in Progress, 2005.
[14]	FLEMMING A , DAN W . Security Preconditions for Session Description Protocol Media Streams[S]. IETF Draft, 2005.
[15]	RAMSDELL E.Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3 . 1 Message Speci_cation[S]. RFC 3851, 2004.
[16]	ARKKO J , CARRARA E , LINDHOLM F ,et al. MIKEY:Multimedia Internet KEYing[S]. RFC 3830, 2004.
[17]	RADIA P . An overview of PKI trust models[J]. IEEE Network, 1999,13(6): 38-43.
[18]	张瑜, 费文晓, 余波 . 基于 PKI 的数字证书[J]. 兵工自动化, 2006,25(4): 30-32. ZHANG Y , FEI W X , YU B . Digital certificate based on PKI[J]. Ord-nance Industry Automation, 2006,25(4): 30-32.
[19]	刘知贵, 杨立春, 蒲洁 ,等. 基于PKI技术的数字签名身份认证系统[J]. 计算机应用研究, 2004,9: 158-160. LIU Z G , YANG L C , PU J ,et al. The system of digital signature au-thentication based on PKI[J]. Application Research of Computers, 2004,9: 158-160.
[20]	韩玮, 冯飞, 陈晓峰 ,等. 基于PKI体系的数字时间认证方案[J]. 计算机学报, 2003,26(10): 1355-1360. HAN W , FENG F , CHEN X F ,et al. A time authentication scheme based on PKI framework[J]. Chinese Journal of Computers, 2003,26(10): 1355-1360.
[21]	HABER S , STORNETTA W S . How to time-stamp a digital document[J]. Journal of Cryptology, 1991,3(2): 99-111.
[22]	BAYER D , HABER S , STORNETTA W S . Improving the efficiency and reliability of digital time-stamping[A]. Proceedings of Sequences’91:Methods in Communication,Security,and Computer Science[C]. Berlin,NewYork,Tokyo: Springer,Verlag, 1992. 329-334.
[23]	黄振杰, 牛志华, 王育民 . Camenisch群签名方案的改进和成员废除[J]. 计算机学报, 2004,27(8): 1115-1120. HUANG Z J , NIU Z H , WANG Y M . Improvement and member dele-tion of camenisch's group signature scheme[J]. Chinese Journal of Computers, 2004,27(8): 1115-1120.
[24]	RALF A , MARKUS S , UTZ R ,et al. Vulnerabilities and security limitations of current IP telephony,systems[A]. Proceedings of the Conference on Communications and Multimedia Security (CMS 2001)[C]. Darmstadt,Germany, 2001. 53-56.
[25]	OFIR A . Security risk factors with IP telephony based networks[EB/OL]. , 2002.
[26]	陈志贤, 王绍隶 . SIP 协议中认证注册机制研究[J]. 南京邮电学院学报, 2003,23(3): 82-85. CHEN Z X , WANG S L . Research on mechanism of register and au-thentication in SIP[J]. Journal of Nanjing Institute of Posts and Tele-communications. 2003,23(3): 82-85.
[27]	娄颖 . SIP协议安全机制研究[J]. 广东通信技术, 2004,24(4): 5-8. LOU Y . Research on SIP security mechanism[J]. Guangdong Com-munication Technology, 2004,24(4): 5-8.
[28]	ADAMS C , CAIN P , PINKAS D ,et al. InternetX.509:Public Key Infrastructure Time Stamp Protocol (TSP)[S]. RFC3161, 2001.
[29]	SALSANO S , VELTRI L , PAPALILO D . SIP security issues:the SIP authentication procedure and its processing load[J]. IEEE Network, 2002,16(6): 38-44.