|
Principal Investigator: Feng Cao Project Description: Analysis of mechanisms to remove weaknesses in SIP response mechanism through introduction of identity and authentication paradigms Project Details: This project focuses on developing enhancements for addressing security concerns regarding response messages in Session Initiation Protocol. There are limitations with the current handling of SIP response conducted without identity verification and authentication, which leaves holes for malicious attacks through SIP response. The identity of SIP response is more complicated than that of SIP request. First, SIP response may be originated by any intermediate SIP proxies instead of the desired SIP UAS. Because SIP UAC may send requests to SIP UAS without any previous association, these intermediate SIP proxies may not be known or verified by SIP UAC beforehand. Second, the presence of the exact responder for SIP response is not clearly defined, which is different from the "From" header field for SIP request. In general, it is obvious that the "To" header field cannot be used as described above. "Contact" and "Reply-to" have their own meanings and cannot be relied on for backward compatibility. The work done in this project aims to demonstrate a mechanism that can enable a sender to verify the identity of a corresponding SIP response. Please see IETF I-D for more details: http://www.faqs.org/ftp/internet-drafts/draft-cao-sip-response-auth-00.txt Project Deliverables: Integration into IETF Standards Status: In Progress |
Guest
