APPLYING SRP ON SIP AUTHENTICATION

Celalettin Kilinc, A. Gokhan Yavuz

Abstract

Session Initiation Protocol (SIP) is the leading protocol used in IP telephony today. By the increasing use of IP telephony and also SIP, features like QoS and security are becoming more and more important. Because of the its simple design, SIP does not have a highly secure authentication mechanism which needs to be enhanced in order to cope with today’s security threats of IP. In this paper we propose a new authentication scheme for SIP based on the Secure Remote Password (SRP) Protocol. Our proposed authentication scheme modifies two existing SIP messages and adds a new SIP message. The result is a verifier based authentication scheme for SIP in which client passwords do not need to be sent to the registrar service in any form.

References

  1. Bellovin, S.M. and Merritt, M., Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. Technical report, AT&T Bell Laboratories, 1994.
  2. Diffie W., Hellman M.E., New directions in cryptography. IEEE Transactions on Information Theory, IT22(6):644{654, November 1976.
  3. Franks J., Hallam-Baker P., Hostetler J., Lawrence S., Leach P., Luotonen A., Stewart L., HTTP Authentication: Basic and Digest Access Authentication, RFC 2617, June 1999
  4. Jablon D. Strong password-only authenticated key exchange. Computer Communication Review, 26(5):5{26, October 1996.
  5. Steiner M., Tsudik G., and Waidner M., Refinement and extension of encrypted key exchange. ACM Operating Systems Review, 29(3), July 1995.
  6. Wu T., "The Secure Remote Password Protocol", March 1998
  7. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002.
  8. Qi, Q., Study of Digest Authentication for Session Initiation Protocol, SITE, University of Ottowa, (2003)
  9. Srinivasan R., Vaidehi V., Harish K., LakshmiNarasimhan K., LokeshwerBabu S., Srikanth V. (2005) “Authentication of Signalling in VoIP Applications”, 2005 Asia-Pacific Conference on Communications, 3 - 5 October 2005, Perth, Western Australia.
  10. Holger S., Chi-Tai D., Franz J. H., “Proxy-based Security for the Session Initiation Protocol (SIP)”, Second International Conference on Systems and Networks Communications, IEEE, 2007
  11. Durlanik A., Sogukpinar I., SIP Authentication Scheme using Ecdh, Proceedings Of World Academy Of Science, Engineering And Technology, Volume 8, October 2005 ISSN 1307-6884
Download


Paper Citation


in Harvard Style

Kilinc C. and Gokhan Yavuz A. (2008). APPLYING SRP ON SIP AUTHENTICATION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 227-231. DOI: 10.5220/0001929702270231


in Bibtex Style

@conference{secrypt08,
author={Celalettin Kilinc and A. Gokhan Yavuz},
title={APPLYING SRP ON SIP AUTHENTICATION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={227-231},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001929702270231},
isbn={978-989-8111-59-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI - APPLYING SRP ON SIP AUTHENTICATION
SN - 978-989-8111-59-3
AU - Kilinc C.
AU - Gokhan Yavuz A.
PY - 2008
SP - 227
EP - 231
DO - 10.5220/0001929702270231