Two Step Mutual Authentication Scheme for SIP

Abstract

Voice over Internet Protocol (VoIP) uses Internet Protocol (IP) to transmit voice as packets over an IP network. It achieves desired functionality of Internet telephony using a signaling protocol known as Session Initiation Protocol (SIP). When users need to use SIP service, first server authenticates the user in order to provide the service. In this paper, a new and secure authentication scheme for SIP is proposed. Its major merits are 1) Provides mutual authentication. 2) Generates session key agreed between user and server in two steps. 3) Secure against various possible attacks induced by IP networks. Session Initiation Protocol (SIP) is a signaling protocol operating at application layer to initiate, maintain and terminates multimedia sessions across packet networks. Internet Engineering Task Force (IETF) proposed SIP as a signaling protocol for Internet Protocol (IP) based telephony. SIP is designed to be independent of underlying transport layer. It can operate on Transmission Control Protocol (TCP) as well as User Datagram Protocol (UDP) to handles all signaling requirements of Voice over Internet Protocol (VoIP) sessions. Today it is widely used to transmit voice and video over IP. Issue of security has become extremely important in today's computer networks environment. Two fundamental security services required by SIP are confidentiality and authentication. Whenever user wants to access SIP service from server, mutual authentication is required between two parties. An attacker can obtain user's secret information by forging the identity of server if mutual authentication is not performed. Confidentiality is usually provided by means of encryption. Only intended recipient can decrypt a message and obtain a tangible meaning out of it. Encryption/Decryption uses shared secrets agreed among the communicating entities. If it is different from session to each session, it is known as session key. Identifying caller and callee is an utmost important issue in SIP based application. To guarantee and enhance security features, several authentication schemes have been proposed (1)-(8). Rest of the paper is organized as follows. Section II presents an overview of previous work. Section III describes the proposed SIP authentication scheme. Section IV discusses security analysis of proposed scheme. Section V presents a comparative analysis of security features and