Browse > Article

A Session Key Exchange Scheme for Authentication and SDP Encryption to Protect P2P SPIT in SIP  

Jang, Yu-Jung (숭실대학교 정보통신전자공학부 통신망보안 연구실)
Choi, Jae-Sic (숭실대학교 정보통신전자공학부 통신망보안 연구실)
Choi, Jae-Duck (숭실대학교 정보통신전자공학부 통신망보안 연구실)
Won, Yoo-Jae (한국정보보호진흥원 응용 기술팀)
Cho, Young-Duk (한국정보보호진흥원 응용 기술팀)
Jung, Sou-Hwan (숭실대학교 정보통신전자공학부 통신망보안 연구실)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.32, no.12B, 2007 , pp. 750-757 More about this Journal
Abstract
This paper analyzes spam threats and proposes key exchange scheme for user authentication and SDP encryption to protect potential spam threats in SIP-based VoIP services. The existing HTTP digest authentication scheme exchanges many message because challenge is sent for every establishment of the session and doesn't provide a confidentiality of SDP. To protect SPIT, our scheme exchanges initial nonce and a session master key for authentication and SDP encryption during registration. In our scheme, the challenge and response procedure is not necessary and the communication overhead is much less than applying S/MIME or TLS.
Keywords
SPIT;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Ram Dantu and Prakash Kolan 'Detecting Spam in VoIP Networks,' SRUTI'05, pp. 31-37, July 2005
2 J. Fenton, 'Analysis of Threats Motivating DomainKeys Identified Mail (DKIM),' IETF RFC 4686, September 2006
3 J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler, 'SIP(Session Initiation Protocol),' IETF RFC 3261, June 2002
4 Souhwan Jung and Jaeduck Choi, 'Authentication between the Inbound Proxy and the UAS for Protecting SPIT in the Session Initiation Protocol (SIP),' IETF draftjung-sipping- authentication-spit-00, March 2007
5 B. Ramsdell, 'S/MIME Version 3 Message Specification,' IETF RFC 2633, June 1999
6 J. Rosenberg, C. Jennings, and J. Peterson, 'The Session Initiation Protocol (SIP) and Spam,' IETF draft-ietf-sipping-spam-05, July 2007
7 J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart, 'HTTP Authentication Basic and Digest Access Authentication,' IETF RFC 2617, June 1999
8 M. Wong and W. Schlitt, 'Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1,' IETF RFC 4408, April 2006
9 Yacine Rebahi, Dorgham Sisalem, and Thomas MageDanz, 'SIP SPAM Detection,' ICDT 2006, pp. 68-73, August 2006
10 T. Dierks and C. Allen 'The TLS Protocol Version 1.0,' IETF RFC 2246, January 1999
11 Chou-Chen Yang, Ren-Chiun Wang, and Wei-Tong Liu, 'Secure authentication scheme for Session Initiation Protocol,' Comput. Secur. Vol. 24(5), pp. 381-386. October 2004   DOI   ScienceOn