东北大学学报(自然科学版)

东北大学学报(自然科学版) ›› 2009, Vol. 30 ›› Issue (3): 365-368.DOI: -

• 论著 • 上一篇    下一篇

一种面向SIP通信的域间认证与密钥协商机制

罗铭;闻英友;赵宏;   

  1. 东北大学信息科学与工程学院;
  • 收稿日期:2013-06-22 修回日期:2013-06-22 出版日期:2009-03-15 发布日期:2013-06-22
  • 通讯作者: Luo, M.
  • 作者简介:-
  • 基金资助:
    国家自然科学基金资助项目(60602061);;

Transdomain authentication and key agreement mechanism for SIP communications

Luo, Ming (1); Wen, Ying-You (1); Zhao, Hong (1)   

  1. (1) School of Information Science and Engineering, Northeastern University, Shenyang 110004, China
  • Received:2013-06-22 Revised:2013-06-22 Online:2009-03-15 Published:2013-06-22
  • Contact: Luo, M.
  • About author:-
  • Supported by:
    -

RichHTML

1

PDF (PC)

700

摘要: 现有SIP安全机制在通信实体间的相互认证与密钥协商方面存在不足,针对此问题,设计了一种新的基于身份密码系统的域间密钥协商协议,然后基于该协议提出了一种面向SIP通信的认证与密钥协商机制.该机制解决了HTTP摘要认证下的单向认证以及预共享密钥问题,消除了S/MIME基于证书认证和不提供密钥协商的不足,且不同域的通信实体具有不同的系统参数.安全性分析及其实现表明,该机制在实现跨域SIP通信实体间的双向认证以及为后续媒体流机密传输提供密钥协商功能的同时可以满足SIP通信的性能要求.

关键词: 网络安全, SIP, 基于身份密码系统, 认证, 密钥协商

Abstract: Nowadays the problem how to authenticate mutually and then agree on a session key has not efficiently been solved in SIP communications. An identity-based cryptosystem key agreement protocol between different domains is therefore designed and based on it, an authentication and key agreement mechanism are proposed for SIP communications. The mechanism proposed rises above the difficulties of unilateral authentication and pre-sharing key under conditions of HTTP digest authentication, thus eliminating the deficiencies due to S/MIME protocol that is a certificate-based authentication without key agreement function provided. Moreover, it enables the SIP entities in different domains to use different system parameters. The security analysis and its implementation reveal that this mechanism can implement the transdomain bilateral authentication between SIP entities and provide the key agreement function for confidential transmission of subsequent media streaming and, simultaneously, meet the performance requirements of SIP communications.

中图分类号: