淡江大學覺生紀念圖書館 (TKU Library)

系統識別號 U0002-2307200811054100
中文論文名稱 會談起始協定之安全模型探討與增強
英文論文名稱 Study and Enhancement of the Security Model of Session Initiation Protocol
校院名稱 淡江大學
系所名稱(中) 資訊工程學系碩士班
系所名稱(英) Department of Computer Science and Information Engineering
學年度 96
學期 2
出版年 97
研究生中文姓名 江仁秋
研究生英文姓名 Jen-Chiu Chiang
學號 695410315
學位類別 碩士
語文別 中文
第二語文別 英文
口試日期 2008-06-24
論文頁數 67頁
口試委員 指導教授-洪文斌
中文關鍵字 網路電話  會談起始協定  安全斷言標記語言  橢圓曲線密碼學  資訊安全  認證  授權 
英文關鍵字 Session Initiation Protocol  SIP  Voice over IP  VoIP  SAML  Identity  Access Control  Elliptic Curve Cryptography  ECC  ECDH  Security  Authentication  Authorization  Spoofing 
學科別分類 學科別應用科學資訊工程
中文摘要 網路語音傳輸技術(Voice over IP, VoIP)是近年來快速成長的應用,各種新技術不斷的被提出來,較廣為人知的有H.323與會談起始協定(Session Initiation Protocol, SIP),但是因為H.323的協定過於繁雜、欠缺擴展性,相對於H.323,SIP則具有高度的彈性與擴充性,吸引各方的注意力,逐漸成為VoIP 的主流標準。
SIP是由IETF (Internet Engineering Task Force)所制定之公開標準協定,用於建立、控制和終止會話,屬於應用層級的控制協定,與底層的協定關聯性不強,容易實作於不同的網路媒體上,其承襲了其他網際網路標準協定的設計準則,具備簡易性、高度的彈性與擴充性,因為SIP建構於公開的網際網路上且與其底層的協定之間只是鬆散的藕合關係,任何一個層級均有可能成為安全上的漏洞,變成駭客下手攻擊的目標,因此常見於網際網路上的安全問題也必然會發生在SIP的應用環境裡,提供一個安全的SIP應用環境是SIP能否被廣為接受的重要因素,這些安全議題,包括防止竊聽、私密外洩、身分辨識以及防止其他不勝枚舉的惡意攻擊。
在RFC3261中,建議以TLS (Transport Layer Security)、IPSec (IP Security)或是S/MIME (Secure / Multipurpose Internet Mail Extensions)保護SIP的通訊安全,TLS與IPSec是屬於鏈結式的安全架構在實際應用中並不容易維持;S/MIME需要公開金鑰基礎建設(PKI),成本太高。另外在RFC3261中所建議的訊息摘要挑戰認證機制 (HTTP Digest Authentication) 則是因為無法做到雙向認證,容易遭到惡意攻擊。此外,在RFC3261文件中,也欠缺對參與會談者授權機制的敘述,於是有研究提出使用SAML來提供更豐富的資訊,讓受話端能對發話端進行更複雜的授權處理。
英文摘要 Voice over IP (VoIP) is a fast growing technique of recent years. Various new protocols have been proposed, in which H.323 and Session Initiation Protocol (SIP) are two well-known major standards. However, due to its complexity and lack of extensibility, H.323 is gradually replaced by SIP because SIP provides high flexibility and extensibility. Thus, SIP has drawn a lot of attentions and is gradually becoming the mainstream standard of IP telephony.
SIP, introduced by Internet Engineering Task Force (IETF), is a public standard protocol, used to establish, maintain, and terminate the communication session. SIP is an application layer protocol, less related to lower layer protocols. It is easy to implement SIP on different networks. Since SIP inherits the design principles of other Internet protocols, it possesses simplicity, flexibility, and extensibility. Because SIP is based on the public Internet and its lower layer protocols are loosely coupled, each of such protocols can be a vulnerability and becomes a target of hacker’s attacks. Hence, how to establish a secure SIP environment is an important factor whether SIP can be widely accepted. The security issues include resistance to eavesdropping, privacy protection, person identification, and withstanding other malicious attacks.
In RFC3261, it is recommended to use Transport Layer Security (TLS), IP security (IPSec) and Secure/Multipurpose Internet Mail Extensions (S/MIME) to protect SIP security. However, since TLS and IPSec are hop-by-hop mechanisms, it is not easy to maintain the chaining relationship maintained between nodes on the security path of TLS and IPSec in the real environment. On the other hand, S/MIME needs the PKI infrastructure. However, PKI and the longer message body created by S/MIME will lead higher cost. Besides, the HTTP digest authentication suggested by RFC3261 does not provide mutual authentication; it is vulnerable to malicious attacks. In addition, in RFC3261, there is a lack of the statement of authorization of communicating participants. Therefore, some research proposed to use SAML to provide more information (the trait-based authorization) such that the recipient can perform more complicated authorization procedure to the sender.
In this paper, we investigate the authentication and authorization of SIP. We use the Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm to provide the local mutual authentication. In addition, we extend the SAML one-way secure assertion to two-way to provide more flexible authorization mechanism. Based on ECDH and bi-lateral SAML assertions, the proposed method provides the global mutual authentication without pre-shared secrets. Thus, more authorization functionalities between parties can be achieved. Furthermore, the proposed method can also be used in signing request and response messages to cope with the threats which come from attacks on SIP responses.
論文目次 圖目錄 III
表目錄 IV

第一章 緒論 1
1.1 研究動機 1
1.2 研究目的 1
1.3 論文組織 2
第二章 SIP簡介 3
2.1 SIP組成元件 3
2.2 SIP基本功能 6
2.3 SIP訊息格式 7
2.4 SIP交易與會談起始範例 9
第三章 文獻探討與回顧 12
3.1 SIP安全風險 12
3.2 SIP安全構架 17
3.3 SIP安全機制 18
3.3.1 Basic/Digest Authentication 19
3.3.2 S/MIME 21
3.3.3 TLS 21
3.3.4 IPSec 22
3.3.5 SRTP 23
3.3.6 Enhancements for Authenticated Identity 23
3.3.7 Diffie-Hellman 28
3.3.8 ECDH 31
3.3.9 SAML 33
第四章 雙側向安全斷言 43
4.1 雙側向安全斷言之信令呼叫流程 44
4.1.1 全域性認證 50
4.1.2 訊息簽章 51
4.2 安全性評估 52
第五章 結論與未來研究方向 55
5.1 結論 55
5.2 未來研究方向 56
參考文獻 57

2.1 SIP網路與組成元件 4
2.2 SIP交易 10
2.3 SIP交易,加入代理伺服器 11
3.1 SIP安全風險 13
3.2 HTTP摘要挑戰流程圖 20
3.3 TLS、DTLS與IPSec協定堆疊 22
3.4 擁有認證服務功能之代理伺服器對SIP訊息作加密認證 24
3.5 使用Diffie-Hellman認證程序 29
3.6 使用ECDH認證程序 31
3.7 SAML系統簡圖 34
3.8 SAML組成元素關係圖 35
3.9 SAML應用於保護SIP通訊安全 37
3.10 SAML應用於保護SIP通訊安全之訊息交換順序圖 38
3.11 Asserting Party建立斷言示意圖 40
4.1 使用SAML保護SIP通訊安全之潛在風險 44
4.2 雙側向安全斷言示意圖 45
4.3 雙側向安全斷言順序圖 46

2.1 以SIP為基礎的網路電話應用與OSI網路七層模型的對應關係表 3
2.2 常用的SIP請求方法 8
2.3 SIP回應訊息,狀態編碼類別與意義 9
3.1 允許被中繼節點修改的訊息表頭 15
3.2 RFC4474中,各欄位於簽章上的目的 28
5.1 雙側向安全斷言與其他安全方案比較表 55

參考文獻 [1] Internet Communications Using SIP: Delivering VoIP and Multimedia
Services with Session Initiation Protocol. Wiley Publishing, Inc, 2nd ed.,
July 2006.
[2] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson,
R. Sparks, M. Handley, and E. Schooler, “SIP: Session Initiation
Protocol.” RFC 3261 (Proposed Standard), June 2002. Updated by RFCs
3265, 3853, 4320, 4916.
[3] C.-C. Yanga, R.-C. Wangb, and W.-T. Liu, “Secure Authentication
Scheme for Session Initiation Protocol,” in Computers & Security,
vol. 24, pp. 381–386, ELSEIVER, 2005.
[4] D. Geneiatakis, G. Kambourakis, T. Dagiuklas, C. Lambrinoudakis, and
S. Gritzalis, “SIP Security Mechanisms: A state-of-the-art review,” in the
Proceedings of the Fifth International Network Conference (INC 2005),
(Samos, Greece), pp. 147–155, July 2005.
[5] J. Posegga and J. Seedorf, “Voice Over IP: Unsafe at any Bandwidth?,”
in Ubiquitous Services and Applications, (Heidelberg), pp. 305–314,
VDE Verlag, April 27-29 2005.
[6] A. Bremler-Barr, R. Halachmi-Bekel, and J. Kangasharju, “Unregister
Attacks in SIP,” in Secure Network Protocols, pp. 32–37, IEEE, Nov
[7] F. Cao, “SeCReT: A Security Framework for Enhancing Chain of
Response Trust in Session Initiation Protocol,” in Internet Surveillance
and Protection, pp. 29–29, IEEE, 2006.
[8] C. Bassil, A. Serhrouchni, and N. Rouhana, “Towards New Security
Framework for Voice over IP,” in Internet Surveillance and Protection,
IEEE, 2006.
[9] P. Gupta and V. Shmatikov, “Security Analysis of Voice-over-IP Proto-
cols,” in Computer Security Foundations Symposium, no. 20, IEEE, July
[10] J. Peterson and C. Jennings, “Enhancements for Authenticated Identity
Management in the Session Initiation Protocol (SIP).” RFC 4474 (Pro-
posed Standard), Aug. 2006.
[11] A. Dulanik and I. Sogukpinar, “SIP Authentication Scheme using
ECDH,” in Proceedings of World Academy of Science, Engineering and
Technology, vol. 8, pp. 350–353, WASET.ORG, Oct 2005.
[12] “Technical Overview of the OASIS Security Assertion Markup
Language (SAML) V2.0,” October 2006. http://www.oasis-
[13] H. Tschofenig, R. Falk, J. Peterson, J. Hodges, and D. Sicker, “Using
SAML to Protect the Session Initiation Protocol (SIP),” IEEE Network,
vol. 20, pp. 14–17, Sept.-Oct 2006.
[14] J. Peterson, J. Polk, D. Sicker, and H. Tschofenig, “Trait-Based Autho-
rization Requirements for the Session Initiation Protocol (SIP).” RFC
4484 (Informational), Aug. 2006.
[15] “Assertions and Protocols for the OASIS Security Assertion
Markup Language (SAML) V2.0,” March 2005. http://docs.oasis-
[16] “Bindings for the OASIS Security Assertion Markup Language (SAML)
V2.0,” March 2005. http://docs.oasis-open.org/security/saml/v2.0/saml-
[17] “Profiles for the OASIS Security Assertion Markup Language (SAML)
V2.0,” March 2005. http://docs.oasis-open.org/security/saml/v2.0/saml-
[18] J. Arkko, V. Torvinen, G. Camarillo, A. Niemi, and T. Haukka, “Security
Mechanism Agreement for the Session Initiation Protocol (SIP).” RFC
3329 (Proposed Standard), Jan. 2003.
[19] J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luo-
tonen, and L. Stewart, “HTTP Authentication: Basic and Digest Access
Authentication.” RFC 2617 (Draft Standard), June 1999.
[20] H. Tschofenig, J. Hodges, J. Peterson, J. Polk, and D. C.
Sicker, “SIP SAML Profile and Binding.” Draft, November 2007.
  • 同意紙本無償授權給館內讀者為學術之目的重製使用,於2013-07-24公開。
  • 同意授權瀏覽/列印電子全文服務,於2013-07-24起公開。

  • 若您有任何疑問,請與我們聯絡!
    圖書館: 請來電 (02)2621-5656 轉 2281 或 來信