计算机工程 ›› 2011, Vol. 37 ›› Issue (20): 114-116.doi: 10.3969/j.issn.1000-3428.2011.20.040

• 安全技术 • 上一篇    下一篇

会话初始协议安全认证机制的分析与改进

赵跃华,刘申君   

  1. (江苏大学计算机科学与通信工程学院,江苏 镇江 212013)
  • 收稿日期:2011-03-10 出版日期:2011-10-20 发布日期:2011-10-20
  • 作者简介:赵跃华(1958-),男,教授、博士,主研方向:协议安全认证,信息安全;刘申君,硕士研究生

Analysis and Improvement of Secure Authentication Mechanism for Session Initiation Protocol

ZHAO Yue-hua, LIU Shen-jun   

  1. (School of Computer Science & Telecommunications Engineering, Jiangsu University, Zhenjiang 212013, China)
  • Received:2011-03-10 Online:2011-10-20 Published:2011-10-20

摘要: 通过分析会话初始协议相关认证机制,指出认证中可能存在的安全威胁,如离线密钥猜测攻击和Denning-Sacco攻击。针对安全漏洞提出一种结合椭圆曲线密码的改进认证机制。安全性分析表明,改进的认证机制在提供客户端和服务器间双向认证的同时,能够完成会话密钥传递,确保认证的时效性,有效抵御离线密钥猜测攻击和Denning-Sacco攻击。

关键词: 会话初始协议, 认证, 安全性, 椭圆曲线密码, 椭圆曲线离散对数问题

Abstract: Through analyzing the Session Initiation Protocol(SIP) authentication mechanism, this paper describes the vulnerability and possible attacks, such as off-line password guessing attacks and Denning-Sacco attacks. Aiming at such security problems, an improved SIP authentication scheme based on Elliptic Curve Cryptography(ECC) is proposed. Security analysis demonstrates that the improved scheme can provide mutual authentication, share the session key, guarantee the validity of authentication, effectively resist against off-line password guessing attacks and Denning-Sacco attacks.

Key words: Session Initiation Protocol(SIP), authentication, security, Elliptic Curve Cryptography(ECC), Elliptic Curve Discrete Logarithm Problem(ECDLP)

中图分类号: