Abstract
Recent years the Session Initiation Protocol (SIP) is commonly used in establishing Voice over IP (VoIP) calls and has become the centerpiece for most VoIP architecture. As wireless and mobile all-IP networks become prosperous, free VoIP applications are utilized in all places. Consequently, the security VoIP is a crucial requirements for its adoption. Many authentication and key agreement schemes are proposed to protect the SIP messages, however, lacking concrete implementations. The performance of VoIP is critical for users’ impressions. In view of this, this paper studies the performance impact of using key agreements, elliptic curve Diffie–Hellman and elliptic curve Menezes–Qu–Vanstone, for making a SIP-based VoIP call. We evaluate the key agreement cost using spongycastle.jce.provider package in Java running on android-based mobile phones, the effect of using different elliptic curves and analyze the security of both key agreements. Furthermore, we design a practical and efficient authentication mechanism to deploy our VoIP architecture and show that a VoIP call can be established in an acceptable interval. As a result, this paper provides a concrete and feasible architecture to secure a VoIP call.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., et al. (2002). SIP: Session initiation protocol. Internet Engineering Task Force, RFC 3261.
Schulzrinne, H., Casmer, S., Frederick, R., & Jacobson, V. (2003). RTP: A transport protocol for real-time applications. Internet Engineering Task Force, RFC 3550.
Geneiatakis, D., Lambrinoudakis, C., & Kambourakis, G. (2008). An ontology based-policy for deploying secure sip-based VoIP services. Computer and Security, 27(7–8), 285–297.
Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., et al. (2006). Survey of security vulnerabilities in session initiation protocol. IEEE Communications Surveys & Tutorials, 8(3), 68–81.
Salsano, S., Veltri, L., & Papalilo, D. (2002). SIP security issues: The SIP authentication procedure and its processing load. IEEE Network, 16(6), 38–44.
Rafique, M. Z., Akbar, M. A., & Farooq, M. (2009). Evaluating DoS attacks against SIP-based VoIP systems. In Proceedings of IEEe global telecommunications conference GLOBECOM’09, Nov 30 2009–Dec 4 (pp. 1–6).
Geneiatakis, D., Kambourakis, G., Lambrinoudakis, C., Dagiouklas, A., & Gritzalis, S. (2007). A framework for protecting SIP-based infrastructure against malformed message attacks. Computer Networks, 51, 2580–2593.
Abdelnur, H., Avanesov, T., Rusinowitch, M., & State, R. (2008). Abusing SIP authentication. In Proceedings of the international conference on information assurance and security (pp. 237–242).
Xie, Q. (2012). A new authenticated key agreement for session initiation protocol. International Journal of Communication Systems, 25, 47–54.
Shen, C., Nahum, E., Schulzrinne, H., & Wright, C. P. (2012). The impact of TLS on SIP server performance: Measurement and modeling. IEEE/ACM Transactions on Networking, 20(4), 1217–1230.
Ashok, S., Arjun, A., & Subashri, T., Dynamic ECDH mechanism for enhancing privacy of voice calls on mobile phones over VoIP server. In 2014 international conference on advanced communication control and computing technologies (ICACCCT) (pp. 1179–1184), 8–10 May, 2014.
Asterisk. Asterisk (2012). http://www.asterisk.org.
Cryptography and SSL/TLS Toolkit. OpenSSL (2015). https://www.openssl.org.
McGrew, D., Naslund, M., Norman, K., Blom, R., Carrara, E., & Oran, D. (2004). The secure real time transport protocol (SRTP), RFC 3711, March 2004.
Boulton, C., Rosenberg, J., Camarillo, G., & Audet, F. (2011). NAT traversal practices for client–server SIP, RFC 6314, July 2011.
National Institute of Standards and Technology. Recommended elliptic curves for Federal Government Use, July 1999.
Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of Computation, 48(177), 203–209.
Yang, C.-C., Wang, R.-C., & Liu, W.-T. (2005). Secure authentication scheme for session initiation protocol. Computers & Security, 24, 381–386.
Jo, H., Lee, Y., Kim, M., Kim, S., & Won, D. (2009). Off-line password-guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. In Fifth international joint conference on INC, IMS and IDC, Los Alamitos, CA, USA (pp. 618–621).
Geneiatakis, D., & Lambrinoudakis, C. (2007). A lightweight protection mechanism against signaling attacks in a sip-based VoIP environment. Telecommunication Systems, 36(4), 153–159.
Tao, C., Qiang, G., & Baohong, H. (2008). A lightweight authentication scheme for session initiation protocol. In Proceedings of IEEE international conference on communications, circuits and systems (ICCCAS) (pp. 502–505).
Srinivasan, R., Vaidehi, V., Harish, K., LakshmiNarasimhan, K., LokeshwerBabu, S., & Srikanth, V. (2005). authentication of signaling in VoIP applications. In 11th Asia Pacific conference on communication (APCC), Perth, Australia, October 2005.
Kong, L., Balasubramaniyan, V. A., & Ahamad, M. (2006). A lightweight scheme for securely and reliably locating sip users. In IEEE/IFIP network operations and management symposium, Vancouver, Canada, April 2006.
Handley, M., & Jacobson, V. (1998). SDP: Session Description Protocol. RFC 2327, April 1998.
Rivest, R. (1992). The MD5 message digest algorithm. RFC 1321.
Dierks, T., & Rescorla, E. (2008). The Transport Layer Security (TLS) Protocol version 1.2. RFC 5246.
Rescorla, E. (2000). SSL and TLS: Designing and building secure systems. Reading, MA: Addison Wesley.
Schneier, B. (1996). Applied cryptography (2nd ed.). New York: Wiley.
Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. NIST, Tim Polk, Kerry McKay, Santosh Chokhani, 2014. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf.
Eastlake, D. E., & Jones, P. E. (2001). US Secure Hash Algorithm 1 (SHA1). RFC 3174.
Miller, V. (1986). Uses of elliptic curves in cryptography. In Advances in cryptology, CRYPTO’85. Lecture Notes in Computer Science (Vol. 218, pp. 417–426). Berlin: Springer.
NIST. Recommendation for key derivation throughextraction-then-expansion, 2011. Second Draft NIST Special Publication 800-56C.
Wenbin, H., & Jenqshiou, L. (2014). Anonymous authentication protocol based on elliptic curve Diffie–Hellman for wireless access networks. Wireless Communications and Mobile Computing, 14(10), 995–1006.
Pollard, J. M. (1978). Monte Carlo methods for index computation (mod p). Mathematics of Computation, 32(143), 918–924.
Pollard, J. M. (1993). Factoring with cubic integers. In The development of the number field sieve. Lecture notes in mathematics (Vol. 1554, pp. 4–10). Heidelberg: Springer.
Digital Signature Standard (DSS), FIPS PUB 186-3, 2009.
Standards for Efficient Cryptography Group (SECG),SEC 1: Elliptic curve cryptography, version 1.0, September 2000.
Blake, I., Seroussi, G., & Smart, N. (2005). Advances in elliptic curve cryptography. London Mathematical Society lecture note series (Vol. 317). Cambridge: Cambridge University Press.
Handley, M., & Jacobson, V. (1998). SDP: Session description protocol, RFC Editor.
Hwang, S.-H., & Yao, B.-C. (2014). SIP communication protocol. U.S. 8700785, April 15, 2014.
Hwang, S.-H., Chen, K.-L., Chang, S.-C., Huang, C.-J., Shen, L.-T., & Liu, B.-C. (2014). NAT traversal method in session initial protocol. U.S. 8676933, March 18, 2014.
ITU-T Recommendation P.862: Perceptual evaluation of speech quality (PESQ), an objective method for end-to-end speech quality assessment of narrow-band telephone networks and speech codecs, February 2001.
