A trust communication with SIP protocol

摘要

Session Initiation Protocol (SIP) is an application-layer signaling and control protocol for creating, modifying and terminating sessions including Internet telephone calls, multimedia distribution and multimedia conferences. Flexible, extensible and open, SIP has a complete security mechanism that allows security of both media and signaling. SIP RFC recommends the use of TLS or DTLS to provide an adequate level of protection against attacks. However, missing from these protocols is a way to perform non-repudiation service when used in SIP networks to provide a high level of trust between User Agents. In this paper we propose to modify and sign some header fields in the SIP request messages in order to achieve non-repudiation service over TLS/DTLS. To facilitate the implementation, the portability and the test of our proposal, called SIP SIGN, the new messages will be created and treated by a redirect server named “Proxy Signatory” setting between the User Agents and their local proxy servers. This “Proxy Signatory” provides the caller the ability to sign its SIP messages using certificates such as X.509 and the callee to verify and validate the signature and the caller identity.