Abstract: Most Session Initial Protocol(SIP) authentication schemes only provids client-to-server authentication, and HTTP Digest authentication is one of them. This paper analyzes the procedure and security of HTTP Digest authentication, and describes the vulnerability and possible attacks to the protocol. According to the vulnerability and possible attacks, it presents an improved scheme, which achieves secure transfer of message, and analyzes its security.

Key words: Session Initial Protocol(SIP), authentication, HTTP Digest, security

摘要： 会话初始协议大部分认证机制只提供服务器到客户端的单向认证，HTTP摘要认证就是其中的一种。该文通过分析其过程，找出认证协议中的安全缺陷，给出攻击者可能进行的攻击。针对协议的安全漏洞，提出一种改进的安全机制，在提供服务器和客户端之间相互认证的基础上加入加密保护和完整性保护，以保证消息传输的安全性。

关键词: 会话初始协议, 认证, HTTP摘要, 安全

CLC Number: 

• TP393