一种面向SIP通信的域间认证与密钥协商机制  被引量:1

A Transdomain Authentication and Key Agreement Mechanism for SIP Communications

在线阅读下载全文

作  者:罗铭[1] 闻英友[1] 赵宏 

机构地区:[1]东北大学信息科学与工程学院,辽宁沈阳110004

出  处:《东北大学学报(自然科学版)》2009年第3期365-368,共4页Journal of Northeastern University(Natural Science)

基  金:国家自然科学基金资助项目(60602061);国家高技术研究发展计划项目(2006AA01Z413)

摘  要:现有SIP安全机制在通信实体间的相互认证与密钥协商方面存在不足,针对此问题,设计了一种新的基于身份密码系统的域间密钥协商协议,然后基于该协议提出了一种面向SIP通信的认证与密钥协商机制.该机制解决了HTTP摘要认证下的单向认证以及预共享密钥问题,消除了S/MIME基于证书认证和不提供密钥协商的不足,且不同域的通信实体具有不同的系统参数.安全性分析及其实现表明,该机制在实现跨域SIP通信实体间的双向认证以及为后续媒体流机密传输提供密钥协商功能的同时可以满足SIP通信的性能要求.Nowadays the problem how to authenticate mutually and then agree on a session key has not efficiently been solved in SIP communications. An identity-based cryptosystem key agreement protocol between different domains is therefore designed and based on it, an authentication and key agreement mechanism are proposed for SIP communications. The mechanism proposed rises above the difficulties of unilateral authentication and pre-sharing key under conditions of HTTP digest authentication, thus eliminating the deficiencies due to S/ MIME protocol that is a certificate-based authentication without key agreement function provided. Moreover, it enables the SIP entities in different domains to use different system parameters. The security analysis and its implementation reveal that this mechanism can implement the transdomain bilateral authentication between SIP entities and provide the key agreement function for confidential transmission of subsequent media streaming and, simultaneously, meet the performance requirements of SIP communications.

关 键 词:网络安全 SIP 基于身份密码系统 认证 密钥协商 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象