SIP Authentication Scheme using ECDH

Aytunc Durlanik; Ibrahim Sogukpinar

Commenced in January 2007

Frequency: Monthly

Edition: International

Paper Count: 32797

SIP Authentication Scheme using ECDH

Authors: Aytunc Durlanik, Ibrahim Sogukpinar

Abstract:

SIP (Session Initiation Protocol), using HTML based call control messaging which is quite simple and efficient, is being replaced for VoIP networks recently. As for authentication and authorization purposes there are many approaches and considerations for securing SIP to eliminate forgery on the integrity of SIP messages. On the other hand Elliptic Curve Cryptography has significant advantages like smaller key sizes, faster computations on behalf of other Public Key Cryptography (PKC) systems that obtain data transmission more secure and efficient. In this work a new approach is proposed for secure SIP authentication by using a public key exchange mechanism using ECC. Total execution times and memory requirements of proposed scheme have been improved in comparison with non-elliptic approaches by adopting elliptic-based key exchange mechanism.

Keywords: SIP, Elliptic Curve Cryptography, voice over IP.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1077912

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2466

References:

[1] RFC 3261 - SIP: Session Initiation Protocol, June 2002.
[2] PROTOS - Security Testing of Protocol Implementations". University of Oulu, http://www.ee.oulu.fi/research/ouspg/protos/] ,Jan 2005.
[3] Goh, E.-J., and Jarecki, S. A signature scheme as secure as the Diffie- Hellman problem. In Advances in Cryptology. Proceedings of EUROCRYPT 2003 (2003), vol. 2656 of Lecture Notes in Computer Science, Springer-Verlag, pp. 401-415
[4] Yang C-C., Wang R-C., Liu W-T., Secure Authentication Scheme for Session Initiation Protocol, http://www.sciencedirect.com/science/ journal/01674048, Computers&Security (2004).
[5] Johnston, Alan B., SIP: Understanding the Session Initiation Protocol, Second Edition, Artech House, 2004.
[6] RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication, June 1999.
[7] Glass, E., The NTLM Authentication Protocol, http://sourceforge.net/ntlm, 2003.
[8] RFC 3310 - Hypertext Transfer Protocol (HTTP) Digest Authentication and Key Agreement (AKA), September 2002.
[9] NIST, Recommended Elliptic Curves for Federal Government Use, July 1999.
[10] Branovic, I., Giorgi, R., Martinelli, E., A workload Characterization of Elliptic Curve Cryptography Methods in Embedded Environments, ACM SIGARCH Computer Architecture News, Vol.32, No.3, June 2004.