Through analyzing the Session Initiation Protocol(SIP) authentication mechanism, this paper describes the vulnerability and possible attacks, such as off-line password guessing attacks and Denning-Sacco attacks. Aiming at such security problems, an improved SIP authentication scheme based on Elliptic Curve Cryptography(ECC) is proposed. Security analysis demonstrates that the improved scheme can provide mutual authentication, share the session key, guarantee the validity of authentication, effectively resist against off-line password guessing attacks and Denning-Sacco attacks.%通过分析会话初始协议相关认证机制,指出认证中可能存在的安全威胁,如离线密钥猜测攻击和Denning-Sacco攻击.针对安全漏洞提出一种结合椭圆曲线密码的改进认证机制.安全性分析表明,改进的认证机制在提供客户端和服务器间双向认证的同时,能够完成会话密钥传递,确保认证的时效性,有效抵御离线密钥猜测攻击和Denning-Sacco攻击.
展开▼
