研究生: |
曾秩暉 Jhih-Huei Zeng |
---|---|
論文名稱: |
適用於SIP網路電話之通行密碼鑑別式金鑰協議協定 A Novel Password Based Authenticated Key Agreement Protocol for SIP |
指導教授: |
吳宗成
Tzong-Chen Wu |
口試委員: |
何煒華
Wei-Hua He 查士朝 Shi-Cho Cha |
學位類別: |
碩士 Master |
系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
論文出版年: | 2009 |
畢業學年度: | 97 |
語文別: | 中文 |
論文頁數: | 55 |
中文關鍵詞: | 網路電話 、會談啟始協議 、離線通行密碼猜測攻擊 、伺服器偽裝攻擊 、重送攻擊 、金鑰安全 、金鑰確認 、前推安全 |
外文關鍵詞: | Internet Telephony, Session Initiation Protocol, Off-line Password Guessing Attacks, Server Spoofing Attacks, Replay Attacks, Key Security, Key Confirmation, Forward Secrecy |
相關次數: | 點閱:243 下載:3 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
近年來,網路電話(Internet Telephony)已成為企業的重要科技投資方案之一。目前常用的網路電話技術為會談啟始協議(SIP,Session Initiation Protocol),然而SIP所採用的HTTP摘要鑑別機制(HTTP Digest Authentication)會遭受中間人攻擊(Man-in-the-middle Attacks),因此無法抵抗離線通行密碼猜測攻擊(Off-line Password Guessing Attacks)與伺服器偽裝(Server Spoofing)等攻擊。有鑑於此,本論文以單向雜湊函數與互斥或(XOR)為基礎,設計一個適用於SIP網路電話環境的通行密碼鑑別式金鑰協議機制,除可抵抗上述攻擊外,並可建立共享會議金鑰(Session Key),以達到通訊的機密性(Confidentiality),且我們所提出的金鑰協議機制滿足金鑰安全(Key Security)、金鑰確認(Key Confirmation)及前推安全(Forward Secrecy)等安全需求。
Internet telephony has become an important IT investment in the enterprises and governments in recent years. Session Initiation Protocol (SIP) is the common technique of Internet telephony. However, the SIP utilizes the HTTP Digest Authentication Protocol suffering man-in-the-middle attacks, off-line password guessing attacks, and server spoofing attacks. This paper proposes a novel password-based authenticated key agreement protocol for SIP using one-way hash function and XOR operations to resist above attacks. Also, it achieves mutual authentication, key security, key confirmation, and forward secrecy.
[1] RFC-2617, “HTTP Authentication: Basic and Digest Access Authentication” June (1999)
[2] RFC-3261, “SIP: Session Initiation Protocol” June (2002)
[3] Yang, C. C., Wang, R. C. and Liu, W. T., “Secure authentication scheme for session initiation protocol”, Computers & Security, Vol. 24, Issue 5, pp. 381-386 (2005)
[4] Diffie, W. and Hellman, M.E., “New Directions in Cryptography” IEEE Transactions on Information Theory, IT-22, pp. 644-654 (1976)
[5] Durlanik, A. and Sogukpinar, I., “SIP Authentication Scheme using ECDH”, Proceedings of World Academy of Science, Engineering and Technology. (2005)
[6] Guillet, T., Serhrouchni, A. and Badra, M., “Mutual Authentication for SIP: A Semantic Meaning for the SIP Opaque Values”, New Technologies, Mobility and Security, NTMS '08. (2008)
[7] Tsai, J.-L., “Efficient Nonce-based Authentication Scheme for Session Initiation Protocol” , International Journal of Network Security, Vol. 9, No. 1, pp. 12-16 (2009)
[8] 賈文康,SIP會談啟始協議操典,文魁資訊股份有限公司 (2005)
[9] Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C. and Gritzalis, S., “Survey of security vulnerabilities in session initiation protocol” , Communications Surveys & Tutorials, IEEE, Vol. 8, Issue 3, pp. 68-81 (2006)
[10] Miyaguchi, S. Ohta, K. and Iwata, M., “128-bit hash function (n-hash)” , Proceedings of SECURICOM'90. (1990)
[11] National Institute of Standards and Technology, NIST FIPS PUB 180, “Secure hash standard” , U. S. Department of Commerence, (1993)
[12] Salsano, S., Veltri, L. and Papalilo, D., “SIP security issues: The SIP authentication procedure and its processing load” , IEEE Network, Vol. 16, Issue. 6, pp. 38-44 (2002)
[13] Geneiatakis, D., Kambourakis, G., Dagiuklas, T., Lambrinoudakis, C. and Gritzalis, S., “SIP Security Mechanisms: A state-of-the-art review” , International Network Conference, INC’05, pp. 147-156. (2005)