Secure Layered Architecture for Session Initiation Protocol Based on SIPSSO: Formally Proved by Scyther

摘要

Voice over Internet Protocol (VoIP) is one of the most popular technologies nowadays that facilitate the user by providing different features as instant messages, phone calls, video calls, and voicemails. Basic VoIP protocols were designed to be efficient instead of secure. After numerous attacks on these protocols several solutions were proposed to prevent against these threats. In this paper, we focus on the security of Session Initiation Protocol (SIP) that is used to initiate, modify, and terminate the VoIP sessions. The paper presents the design and implementation of secure layered architecture for SIP, which adds a new layer to the standard SIP layer model and entitled as Security layer. The Security layer provides authentication, authorization, adaptable feature, and secure key exchange, based on our newly designed protocol, named as Session Initiation Protocol using Single Sign-On (SIPSSO). In order to implement the secure layered architecture based on SIPSSO, we have developed an Android Secure Call application and extend the open source Asterisk accordingly. After the designing and implementation phases, we have verified the SIPSSO protocol formally by using an automated security verification tool, Scyther. Our analysis results reveal that by adding Security layer, we ensured protection against different SIP attacks such as Eavesdropping, Man In The Middle (MITM) attack, Message Tampering, Replay attack, Session Teardown, and Spam over Internet Telephony (SPIT).