现代电子技术
現代電子技術
현대전자기술
MODERN ELECTRONICS TECHNIQUE
2015年
5期
93-96,100
,共5页
SIP%eXosip2%SIP应用系统%注册安全%安全扩展
SIP%eXosip2%SIP應用繫統%註冊安全%安全擴展
SIP%eXosip2%SIP응용계통%주책안전%안전확전
SIP%eXosip2%SIP application system%register security%security extension
SIP协议作为IP电话业务和其他各类媒体业务的核心协议,其安全性一直备受关注。包括Osip2和eXosip2等在内的主流SIP协议栈目前只支持基于MD5加解密的摘要认证机制。针对目前大部分协议栈摘要认证过程中加密机制单一的问题,结合eXosip2协议栈,设计了一种简单的基于客户端加密能力的加密协商机制,扩展了SIP协议的摘要认证机制对其他加密方法的灵活支持。通过对改进方案的评估,认为该方案通过修改协议栈内部函数对SIP协议栈进行安全扩展,降低了工作量,避免了对协议栈中其他环节的影响。
SIP協議作為IP電話業務和其他各類媒體業務的覈心協議,其安全性一直備受關註。包括Osip2和eXosip2等在內的主流SIP協議棧目前隻支持基于MD5加解密的摘要認證機製。針對目前大部分協議棧摘要認證過程中加密機製單一的問題,結閤eXosip2協議棧,設計瞭一種簡單的基于客戶耑加密能力的加密協商機製,擴展瞭SIP協議的摘要認證機製對其他加密方法的靈活支持。通過對改進方案的評估,認為該方案通過脩改協議棧內部函數對SIP協議棧進行安全擴展,降低瞭工作量,避免瞭對協議棧中其他環節的影響。
SIP협의작위IP전화업무화기타각류매체업무적핵심협의,기안전성일직비수관주。포괄Osip2화eXosip2등재내적주류SIP협의잔목전지지지기우MD5가해밀적적요인증궤제。침대목전대부분협의잔적요인증과정중가밀궤제단일적문제,결합eXosip2협의잔,설계료일충간단적기우객호단가밀능력적가밀협상궤제,확전료SIP협의적적요인증궤제대기타가밀방법적령활지지。통과대개진방안적평고,인위해방안통과수개협의잔내부함수대SIP협의잔진행안전확전,강저료공작량,피면료대협의잔중기타배절적영향。
SIP(session initiation protocol)is the core protocol of IP telephone business and other media service business. Its security has been fully concerned. The mainstream SIP stack including Osip2 and eXosip2 only supports the digest authoriza?tion mechanism based on MD5 encryption and decryption. Aiming at single encryption mechanism in the process of digest autho?rization of most protocol stacks,a simple encryption negotiation mechanism based on client?side encryption ability was designed in combination with an open source SIP stack named eXosip2. The flexible support for other encryption methods was extended in the SIP digest authorization mechanism. According to the estimation of the improved scheme,the security extension of the SIP stack was carried out by modifying inner function of the protocol stack,which decreased the workload and avoided the influence on other parts of the SIP stack.
