Browse > Article

A Session Key Exchange Scheme for Authentication and SDP Encryption to Protect P2P SPIT in SIP  

Jang, Yu-Jung (숭실대학교 정보통신전자공학부 통신망보안 연구실)
Choi, Jae-Sic (숭실대학교 정보통신전자공학부 통신망보안 연구실)
Choi, Jae-Duck (숭실대학교 정보통신전자공학부 통신망보안 연구실)
Won, Yoo-Jae (한국정보보호진흥원 응용 기술팀)
Cho, Young-Duk (한국정보보호진흥원 응용 기술팀)
Jung, Sou-Hwan (숭실대학교 정보통신전자공학부 통신망보안 연구실)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.32, no.12B, 2007 , pp. 750-757 More about this Journal
Abstract
This paper analyzes spam threats and proposes key exchange scheme for user authentication and SDP encryption to protect potential spam threats in SIP-based VoIP services. The existing HTTP digest authentication scheme exchanges many message because challenge is sent for every establishment of the session and doesn't provide a confidentiality of SDP. To protect SPIT, our scheme exchanges initial nonce and a session master key for authentication and SDP encryption during registration. In our scheme, the challenge and response procedure is not necessary and the communication overhead is much less than applying S/MIME or TLS.
Keywords
SPIT;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Ram Dantu and Prakash Kolan 'Detecting Spam in VoIP Networks,' SRUTI'05, pp. 31-37, July 2005
2 J. Fenton, 'Analysis of Threats Motivating DomainKeys Identified Mail (DKIM),' IETF RFC 4686, September 2006
3 J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler, 'SIP(Session Initiation Protocol),' IETF RFC 3261, June 2002
4 Souhwan Jung and Jaeduck Choi, 'Authentication between the Inbound Proxy and the UAS for Protecting SPIT in the Session Initiation Protocol (SIP),' IETF draftjung-sipping- authentication-spit-00, March 2007
5 B. Ramsdell, 'S/MIME Version 3 Message Specification,' IETF RFC 2633, June 1999
6 J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart, 'HTTP Authentication Basic and Digest Access Authentication,' IETF RFC 2617, June 1999
7 M. Wong and W. Schlitt, 'Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1,' IETF RFC 4408, April 2006
8 Yacine Rebahi, Dorgham Sisalem, and Thomas MageDanz, 'SIP SPAM Detection,' ICDT 2006, pp. 68-73, August 2006
9 T. Dierks and C. Allen 'The TLS Protocol Version 1.0,' IETF RFC 2246, January 1999
10 J. Rosenberg, C. Jennings, and J. Peterson, 'The Session Initiation Protocol (SIP) and Spam,' IETF draft-ietf-sipping-spam-05, July 2007
11 Chou-Chen Yang, Ren-Chiun Wang, and Wei-Tong Liu, 'Secure authentication scheme for Session Initiation Protocol,' Comput. Secur. Vol. 24(5), pp. 381-386. October 2004   DOI   ScienceOn