检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:张兆心[1] 方滨兴[1] 胡铭曾[1] 张宏莉[1]
机构地区:[1]哈尔滨工业大学国家计算机网络与信息安全重点实验室,哈尔滨150001
出 处:《高技术通讯》2008年第3期231-237,共7页Chinese High Technology Letters
基 金:863计划(2006AA01Z451;2007AA010503);哈尔滨工业大学(威海)研究基金(HIT(WH)200712)资助项目
摘 要:针对 SIP 网络所面临的典型安全威胁,提出了 SIP 攻击方法的有限状态机描述模型。利用该模型深入研究了注册劫持攻击、INVITE 攻击、re-INVITE 攻击、会话终止攻击和拒绝服务攻击的原理和方式,并在实际环境下重现了这5种攻击方法。同时提出并实现了针对注册劫持的禁止第三方注册或注册权限级别划分的解决方案,以及针对 INVITE 攻击、re-INVITE 攻击和会话终止攻击提出了改进的 HTTP Digest 认证协议和 Proxy 间逐条加密的解决方案,提高了 SIP 网络的安全性和可用性。In consideration of the security threats in session initiation protocol (SIP) based networks, this paper put forward the deterministic finite automation (DFA) model for SIP attack methods. The attack theories and methods of five attacks of registration hijacking, INVITE, re-INVITE, tearing down sessions, and DoS were deeply analys based on the model, and all the attacks were recurred in real circumstances. At the same time the method to forbid the third part registration or registration rank carving in dealing with registration hijacking attacks, and the improved HTTP digest authentication protocol and the hop-by-hop encryption within proxy to deal with the attacks of INVITE, re-INVITE and BYE were put forward and implemented, which improved the security and usability of SIP networks.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术] TN915.04[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.30
