摘要： ZRTP本身的认证机制在一些特殊的情况下无法抵抗中间人攻击。为此，基于简单密钥协商协议(SAKA)提出一种NSAKA算法，改进ZRTP的认证机制，使用RFC4474中的SIP身份认证模型来安全传输用户预共享的秘密口令。通过分析表明，该方案可以提高ZRTP抵抗中间人攻击的能力，并弥补SAKA算法原有的安全缺陷。

关键词: SRTP协议, ZRTP协议, 中间人攻击, SIP身份认证, 简单认证密钥协商协议

Abstract: The original authentication mechanism of Zimmermann RTP(ZRTP) is vulnerable to the Man In The Middle(MITM) attack in certain conditions, although it is a light-weighted and efficient key agreement protocol. This paper introduces a new algorithm named NSAKA to enhance the original mechanism, which is based on the basic concept of Simple Authentication Key Agreement(SAKA). The Session Initiation Protocol(SIP) identity authentication model of RFC4474 is also employed to securely transmit the users’ pre-shared secret password. The scheme can effectively enhance the ability to resist against the MITM attack of ZRTP and remedy the primary vulnerabilities of SAKA.

Key words: Secure RTP(SRTP), Zimmermann RTP(ZRTP), Man In The Middle(MITM) attack, Session Initiation Protocol(SIP) identity authentication, Simple Authentication Key Agreement(SAKA) protocol

中图分类号: 

• TP393.08