網路語音傳輸技術(Voice over IP, VoIP)是近年來快速成長的應用，各種新技術不斷的被提出來，較廣為人知的有H.323與會談起始協定(Session Initiation Protocol, SIP)，但是因為H.323的協定過於繁雜、欠缺擴展性，相對於H.323，SIP則具有高度的彈性與擴充性，吸引各方的注意力，逐漸成為VoIP 的主流標準。
SIP是由IETF (Internet Engineering Task Force)所制定之公開標準協定，用於建立、控制和終止會話，屬於應用層級的控制協定，與底層的協定關聯性不強，容易實作於不同的網路媒體上，其承襲了其他網際網路標準協定的設計準則，具備簡易性、高度的彈性與擴充性，因為SIP建構於公開的網際網路上且與其底層的協定之間只是鬆散的藕合關係，任何一個層級均有可能成為安全上的漏洞，變成駭客下手攻擊的目標，因此常見於網際網路上的安全問題也必然會發生在SIP的應用環境裡，提供一個安全的SIP應用環境是SIP能否被廣為接受的重要因素，這些安全議題，包括防止竊聽、私密外洩、身分辨識以及防止其他不勝枚舉的惡意攻擊。
在RFC3261中，建議以TLS (Transport Layer Security)、IPSec (IP Security)或是S/MIME (Secure / Multipurpose Internet Mail Extensions)保護SIP的通訊安全，TLS與IPSec是屬於鏈結式的安全架構在實際應用中並不容易維持；S/MIME需要公開金鑰基礎建設(PKI)，成本太高。另外在RFC3261中所建議的訊息摘要挑戰認證機制 (HTTP Digest Authentication) 則是因為無法做到雙向認證，容易遭到惡意攻擊。此外，在RFC3261文件中，也欠缺對參與會談者授權機制的敘述，於是有研究提出使用SAML來提供更豐富的資訊，讓受話端能對發話端進行更複雜的授權處理。
在本論文中，主要在探討SIP的認證與授權機制，採用了以橢圓曲線金鑰交換演算法為基礎的方法達到了本地端雙向認證；將原本單向的SAML安全斷言擴展為雙向，能夠為將來的SIP擴展應用帶來更豐富的授權機制；以雙向的安全斷言為基礎，提供了原本沒有信任關係的會談雙方能夠認證對方，達到全域性的雙向認證；同樣以雙向的安全斷言為基礎，能在不需維持中間節點間鏈結式信賴關係的條件下，提供了即時的訊息簽章功能，克服回覆訊息容易遭到攻擊的缺點。

Voice over IP (VoIP) is a fast growing technique of recent years. Various new protocols have been proposed, in which H.323 and Session Initiation Protocol (SIP) are two well-known major standards. However, due to its complexity and lack of extensibility, H.323 is gradually replaced by SIP because SIP provides high flexibility and extensibility. Thus, SIP has drawn a lot of attentions and is gradually becoming the mainstream standard of IP telephony.
SIP, introduced by Internet Engineering Task Force (IETF), is a public standard protocol, used to establish, maintain, and terminate the communication session. SIP is an application layer protocol, less related to lower layer protocols. It is easy to implement SIP on different networks. Since SIP inherits the design principles of other Internet protocols, it possesses simplicity, flexibility, and extensibility. Because SIP is based on the public Internet and its lower layer protocols are loosely coupled, each of such protocols can be a vulnerability and becomes a target of hacker’s attacks. Hence, how to establish a secure SIP environment is an important factor whether SIP can be widely accepted. The security issues include resistance to eavesdropping, privacy protection, person identification, and withstanding other malicious attacks.
In RFC3261, it is recommended to use Transport Layer Security (TLS), IP security (IPSec) and Secure/Multipurpose Internet Mail Extensions (S/MIME) to protect SIP security. However, since TLS and IPSec are hop-by-hop mechanisms, it is not easy to maintain the chaining relationship maintained between nodes on the security path of TLS and IPSec in the real environment. On the other hand, S/MIME needs the PKI infrastructure. However, PKI and the longer message body created by S/MIME will lead higher cost. Besides, the HTTP digest authentication suggested by RFC3261 does not provide mutual authentication; it is vulnerable to malicious attacks. In addition, in RFC3261, there is a lack of the statement of authorization of communicating participants. Therefore, some research proposed to use SAML to provide more information (the trait-based authorization) such that the recipient can perform more complicated authorization procedure to the sender.
In this paper, we investigate the authentication and authorization of SIP. We use the Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm to provide the local mutual authentication. In addition, we extend the SAML one-way secure assertion to two-way to provide more flexible authorization mechanism. Based on ECDH and bi-lateral SAML assertions, the proposed method provides the global mutual authentication without pre-shared secrets. Thus, more authorization functionalities between parties can be achieved. Furthermore, the proposed method can also be used in signing request and response messages to cope with the threats which come from attacks on SIP responses.

圖目錄 III
表目錄 IV

第一章 緒論 1
1.1 研究動機 1
1.2 研究目的 1
1.3 論文組織 2
第二章 SIP簡介 3
2.1 SIP組成元件	3
2.2 SIP基本功能	6
2.3 SIP訊息格式	7
2.4 SIP交易與會談起始範例 9
第三章 文獻探討與回顧 12
3.1 SIP安全風險 12
3.2 SIP安全構架	17
3.3 SIP安全機制	18
3.3.1 Basic/Digest Authentication 19
3.3.2 S/MIME 21
3.3.3 TLS 21
3.3.4 IPSec 22
3.3.5 SRTP 23
3.3.6 Enhancements for Authenticated Identity 23
3.3.7 Diffie-Hellman 28
3.3.8 ECDH 31
3.3.9 SAML 33
第四章 雙側向安全斷言 43
4.1 雙側向安全斷言之信令呼叫流程 44
4.1.1 全域性認證 50
4.1.2 訊息簽章 51
4.2 安全性評估 52
第五章 結論與未來研究方向 55
5.1 結論 55
5.2 未來研究方向 56
參考文獻 57

圖目錄
2.1 SIP網路與組成元件 4
2.2 SIP交易 10
2.3 SIP交易，加入代理伺服器 11
3.1 SIP安全風險 13
3.2 HTTP摘要挑戰流程圖 20
3.3 TLS、DTLS與IPSec協定堆疊 22
3.4 擁有認證服務功能之代理伺服器對SIP訊息作加密認證 24
3.5 使用Diffie-Hellman認證程序 29
3.6 使用ECDH認證程序 31
3.7 SAML系統簡圖 34
3.8 SAML組成元素關係圖 35
3.9 SAML應用於保護SIP通訊安全 37
3.10 SAML應用於保護SIP通訊安全之訊息交換順序圖 38
3.11 Asserting Party建立斷言示意圖 40
4.1 使用SAML保護SIP通訊安全之潛在風險 44
4.2 雙側向安全斷言示意圖 45
4.3 雙側向安全斷言順序圖 46

表目錄
2.1 以SIP為基礎的網路電話應用與OSI網路七層模型的對應關係表 3
2.2 常用的SIP請求方法 8
2.3 SIP回應訊息，狀態編碼類別與意義 9
3.1 允許被中繼節點修改的訊息表頭 15
3.2 RFC4474中，各欄位於簽章上的目的 28
5.1 雙側向安全斷言與其他安全方案比較表 55

[1] Internet Communications Using SIP: Delivering VoIP and Multimedia
Services with Session Initiation Protocol. Wiley Publishing, Inc, 2nd ed.,
July 2006.
[2] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson,
R.  Sparks,  M.  Handley,  and  E.  Schooler,  “SIP:  Session  Initiation
Protocol.” RFC 3261 (Proposed Standard), June 2002. Updated by RFCs
3265, 3853, 4320, 4916.
[3] C.-C.  Yanga,  R.-C.  Wangb,  and  W.-T.  Liu,  “Secure  Authentication
Scheme  for  Session  Initiation  Protocol,”  in  Computers  &  Security,
vol. 24, pp. 381–386, ELSEIVER, 2005.
[4] D. Geneiatakis, G. Kambourakis, T. Dagiuklas, C. Lambrinoudakis, and
S. Gritzalis, “SIP Security Mechanisms: A state-of-the-art review,” in the
Proceedings of the Fifth International Network Conference (INC 2005),
(Samos, Greece), pp. 147–155, July 2005.
[5] J. Posegga and J. Seedorf, “Voice Over IP: Unsafe at any Bandwidth?,”
in  Ubiquitous  Services  and  Applications,  (Heidelberg),  pp.  305–314,
VDE Verlag, April 27-29 2005.
[6] A. Bremler-Barr, R. Halachmi-Bekel, and J. Kangasharju, “Unregister
Attacks in SIP,” in Secure Network Protocols, pp. 32–37, IEEE, Nov
2006.
[7] F.  Cao,  “SeCReT:  A  Security  Framework  for  Enhancing  Chain  of
Response Trust in Session Initiation Protocol,” in Internet Surveillance
and Protection, pp. 29–29, IEEE, 2006.
[8] C. Bassil, A. Serhrouchni, and N. Rouhana, “Towards New Security
Framework for Voice over IP,” in Internet Surveillance and Protection,
IEEE, 2006.
[9] P. Gupta and V. Shmatikov, “Security Analysis of Voice-over-IP Proto-
cols,” in Computer Security Foundations Symposium, no. 20, IEEE, July
2007.
[10] J. Peterson and C. Jennings, “Enhancements for Authenticated Identity
Management in the Session Initiation Protocol (SIP).” RFC 4474 (Pro-
posed Standard), Aug. 2006.
[11] A.  Dulanik  and  I.  Sogukpinar,  “SIP  Authentication  Scheme  using
ECDH,” in Proceedings of World Academy of Science, Engineering and
Technology, vol. 8, pp. 350–353, WASET.ORG, Oct 2005.
[12] “Technical   Overview   of   the   OASIS   Security   Assertion   Markup
Language   (SAML)   V2.0,”   October   2006.         http://www.oasis-
open.org/committees/download.php/20645/sstc-saml-tech-overview-
20-draft-10.pdf.
[13] H. Tschofenig, R. Falk, J. Peterson, J. Hodges, and D. Sicker, “Using
SAML to Protect the Session Initiation Protocol (SIP),” IEEE Network,
vol. 20, pp. 14–17, Sept.-Oct 2006.
[14] J. Peterson, J. Polk, D. Sicker, and H. Tschofenig, “Trait-Based Autho-
rization Requirements for the Session Initiation Protocol (SIP).” RFC
4484 (Informational), Aug. 2006.
[15] “Assertions   and   Protocols   for   the   OASIS   Security   Assertion
Markup  Language  (SAML)  V2.0,”  March  2005.    http://docs.oasis-
open.org/security/saml/v2.0/saml-core-2.0-os.pdf.
[16] “Bindings for the OASIS Security Assertion Markup Language (SAML)
V2.0,” March 2005.  http://docs.oasis-open.org/security/saml/v2.0/saml-
bindings-2.0-os.pdf.
[17] “Profiles for the OASIS Security Assertion Markup Language (SAML)
V2.0,” March 2005.  http://docs.oasis-open.org/security/saml/v2.0/saml-
profiles-2.0-os.pdf.
[18] J. Arkko, V. Torvinen, G. Camarillo, A. Niemi, and T. Haukka, “Security
Mechanism Agreement for the Session Initiation Protocol (SIP).” RFC
3329 (Proposed Standard), Jan. 2003.
[19] J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luo-
tonen, and L. Stewart, “HTTP Authentication: Basic and Digest Access
Authentication.” RFC 2617 (Draft Standard), June 1999.
[20] H.   Tschofenig,   J.   Hodges,   J.   Peterson,   J.   Polk,   and   D.   C.
Sicker,  “SIP  SAML  Profile  and  Binding.”  Draft,  November  2007.
http://tools.ietf.org/id/draft-ietf-sip-saml-03.txt.