SIP (Session Initiation Protocol), using HTML based
call control messaging which is quite simple and efficient, is being
replaced for VoIP networks recently. As for authentication and
authorization purposes there are many approaches and considerations
for securing SIP to eliminate forgery on the integrity of SIP
messages. On the other hand Elliptic Curve Cryptography has
significant advantages like smaller key sizes, faster computations on
behalf of other Public Key Cryptography (PKC) systems that obtain
data transmission more secure and efficient. In this work a new
approach is proposed for secure SIP authentication by using a public
key exchange mechanism using ECC. Total execution times and
memory requirements of proposed scheme have been improved in
comparison with non-elliptic approaches by adopting elliptic-based
key exchange mechanism.
[1] RFC 3261 - SIP: Session Initiation Protocol, June 2002.
[2] PROTOS - Security Testing of Protocol Implementations". University of
Oulu, http://www.ee.oulu.fi/research/ouspg/protos/] ,Jan 2005.
[3] Goh, E.-J., and Jarecki, S. A signature scheme as secure as the Diffie-
Hellman problem. In Advances in Cryptology. Proceedings of
EUROCRYPT 2003 (2003), vol. 2656 of Lecture Notes in Computer
Science, Springer-Verlag, pp. 401-415
[4] Yang C-C., Wang R-C., Liu W-T., Secure Authentication Scheme for
Session Initiation Protocol, http://www.sciencedirect.com/science/
journal/01674048, Computers&Security (2004).
[5] Johnston, Alan B., SIP: Understanding the Session Initiation Protocol,
Second Edition, Artech House, 2004.
[6] RFC 2617 - HTTP Authentication: Basic and Digest Access
Authentication, June 1999.
[7] Glass, E., The NTLM Authentication Protocol,
http://sourceforge.net/ntlm, 2003.
[8] RFC 3310 - Hypertext Transfer Protocol (HTTP) Digest Authentication
and Key Agreement (AKA), September 2002.
[9] NIST, Recommended Elliptic Curves for Federal Government Use, July
1999.
[10] Branovic, I., Giorgi, R., Martinelli, E., A workload Characterization of
Elliptic Curve Cryptography Methods in Embedded Environments,
ACM SIGARCH Computer Architecture News, Vol.32, No.3, June
2004.
[1] RFC 3261 - SIP: Session Initiation Protocol, June 2002.
[2] PROTOS - Security Testing of Protocol Implementations". University of
Oulu, http://www.ee.oulu.fi/research/ouspg/protos/] ,Jan 2005.
[3] Goh, E.-J., and Jarecki, S. A signature scheme as secure as the Diffie-
Hellman problem. In Advances in Cryptology. Proceedings of
EUROCRYPT 2003 (2003), vol. 2656 of Lecture Notes in Computer
Science, Springer-Verlag, pp. 401-415
[4] Yang C-C., Wang R-C., Liu W-T., Secure Authentication Scheme for
Session Initiation Protocol, http://www.sciencedirect.com/science/
journal/01674048, Computers&Security (2004).
[5] Johnston, Alan B., SIP: Understanding the Session Initiation Protocol,
Second Edition, Artech House, 2004.
[6] RFC 2617 - HTTP Authentication: Basic and Digest Access
Authentication, June 1999.
[7] Glass, E., The NTLM Authentication Protocol,
http://sourceforge.net/ntlm, 2003.
[8] RFC 3310 - Hypertext Transfer Protocol (HTTP) Digest Authentication
and Key Agreement (AKA), September 2002.
[9] NIST, Recommended Elliptic Curves for Federal Government Use, July
1999.
[10] Branovic, I., Giorgi, R., Martinelli, E., A workload Characterization of
Elliptic Curve Cryptography Methods in Embedded Environments,
ACM SIGARCH Computer Architecture News, Vol.32, No.3, June
2004.
@article{"International Journal of Information, Control and Computer Sciences:60807", author = "Aytunc Durlanik and Ibrahim Sogukpinar", title = "SIP Authentication Scheme using ECDH", abstract = "SIP (Session Initiation Protocol), using HTML based
call control messaging which is quite simple and efficient, is being
replaced for VoIP networks recently. As for authentication and
authorization purposes there are many approaches and considerations
for securing SIP to eliminate forgery on the integrity of SIP
messages. On the other hand Elliptic Curve Cryptography has
significant advantages like smaller key sizes, faster computations on
behalf of other Public Key Cryptography (PKC) systems that obtain
data transmission more secure and efficient. In this work a new
approach is proposed for secure SIP authentication by using a public
key exchange mechanism using ECC. Total execution times and
memory requirements of proposed scheme have been improved in
comparison with non-elliptic approaches by adopting elliptic-based
key exchange mechanism.", keywords = "SIP, Elliptic Curve Cryptography, voice over IP.", volume = "1", number = "8", pages = "2570-4", }