计算机工程 ›› 2009, Vol. 35 ›› Issue (2): 162-163,.doi: 10.3969/j.issn.1000-3428.2009.02.057

• 安全技术 • 上一篇    下一篇

基于SIP的安全认证机制的研究及改进

李 婧,李 雪,胡 浩   

  1. (解放军信息工程大学信息工程学院,郑州 450002)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-01-20 发布日期:2009-01-20

Research and Improvement of Secure Authentication Scheme Based on Session Initial Protocol

LI Jing, LI Xue, HU Hao   

  1. (Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-01-20 Published:2009-01-20

摘要: 会话初始协议大部分认证机制只提供服务器到客户端的单向认证,HTTP摘要认证就是其中的一种。该文通过分析其过程,找出认证协议中的安全缺陷,给出攻击者可能进行的攻击。针对协议的安全漏洞,提出一种改进的安全机制,在提供服务器和客户端之间相互认证的基础上加入加密保护和完整性保护,以保证消息传输的安全性。

关键词: 会话初始协议, 认证, HTTP摘要, 安全

Abstract: Most Session Initial Protocol(SIP) authentication schemes only provids client-to-server authentication, and HTTP Digest authentication is one of them. This paper analyzes the procedure and security of HTTP Digest authentication, and describes the vulnerability and possible attacks to the protocol. According to the vulnerability and possible attacks, it presents an improved scheme, which achieves secure transfer of message, and analyzes its security.

Key words: Session Initial Protocol(SIP), authentication, HTTP Digest, security

中图分类号: