|Abstract: ||網路語音傳輸技術(Voice over IP, VoIP)是近年來快速成長的應用，各種新技術不斷的被提出來，較廣為人知的有H.323與會談起始協定(Session Initiation Protocol, SIP)，但是因為H.323的協定過於繁雜、欠缺擴展性，相對於H.323，SIP則具有高度的彈性與擴充性，吸引各方的注意力，逐漸成為VoIP 的主流標準。|
SIP是由IETF (Internet Engineering Task Force)所制定之公開標準協定，用於建立、控制和終止會話，屬於應用層級的控制協定，與底層的協定關聯性不強，容易實作於不同的網路媒體上，其承襲了其他網際網路標準協定的設計準則，具備簡易性、高度的彈性與擴充性，因為SIP建構於公開的網際網路上且與其底層的協定之間只是鬆散的藕合關係，任何一個層級均有可能成為安全上的漏洞，變成駭客下手攻擊的目標，因此常見於網際網路上的安全問題也必然會發生在SIP的應用環境裡，提供一個安全的SIP應用環境是SIP能否被廣為接受的重要因素，這些安全議題，包括防止竊聽、私密外洩、身分辨識以及防止其他不勝枚舉的惡意攻擊。
在RFC3261中，建議以TLS (Transport Layer Security)、IPSec (IP Security)或是S/MIME (Secure / Multipurpose Internet Mail Extensions)保護SIP的通訊安全，TLS與IPSec是屬於鏈結式的安全架構在實際應用中並不容易維持；S/MIME需要公開金鑰基礎建設(PKI)，成本太高。另外在RFC3261中所建議的訊息摘要挑戰認證機制 (HTTP Digest Authentication) 則是因為無法做到雙向認證，容易遭到惡意攻擊。此外，在RFC3261文件中，也欠缺對參與會談者授權機制的敘述，於是有研究提出使用SAML來提供更豐富的資訊，讓受話端能對發話端進行更複雜的授權處理。
Voice over IP (VoIP) is a fast growing technique of recent years. Various new protocols have been proposed, in which H.323 and Session Initiation Protocol (SIP) are two well-known major standards. However, due to its complexity and lack of extensibility, H.323 is gradually replaced by SIP because SIP provides high flexibility and extensibility. Thus, SIP has drawn a lot of attentions and is gradually becoming the mainstream standard of IP telephony.
SIP, introduced by Internet Engineering Task Force (IETF), is a public standard protocol, used to establish, maintain, and terminate the communication session. SIP is an application layer protocol, less related to lower layer protocols. It is easy to implement SIP on different networks. Since SIP inherits the design principles of other Internet protocols, it possesses simplicity, flexibility, and extensibility. Because SIP is based on the public Internet and its lower layer protocols are loosely coupled, each of such protocols can be a vulnerability and becomes a target of hacker’s attacks. Hence, how to establish a secure SIP environment is an important factor whether SIP can be widely accepted. The security issues include resistance to eavesdropping, privacy protection, person identification, and withstanding other malicious attacks.
In RFC3261, it is recommended to use Transport Layer Security (TLS), IP security (IPSec) and Secure/Multipurpose Internet Mail Extensions (S/MIME) to protect SIP security. However, since TLS and IPSec are hop-by-hop mechanisms, it is not easy to maintain the chaining relationship maintained between nodes on the security path of TLS and IPSec in the real environment. On the other hand, S/MIME needs the PKI infrastructure. However, PKI and the longer message body created by S/MIME will lead higher cost. Besides, the HTTP digest authentication suggested by RFC3261 does not provide mutual authentication; it is vulnerable to malicious attacks. In addition, in RFC3261, there is a lack of the statement of authorization of communicating participants. Therefore, some research proposed to use SAML to provide more information (the trait-based authorization) such that the recipient can perform more complicated authorization procedure to the sender.
In this paper, we investigate the authentication and authorization of SIP. We use the Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm to provide the local mutual authentication. In addition, we extend the SAML one-way secure assertion to two-way to provide more flexible authorization mechanism. Based on ECDH and bi-lateral SAML assertions, the proposed method provides the global mutual authentication without pre-shared secrets. Thus, more authorization functionalities between parties can be achieved. Furthermore, the proposed method can also be used in signing request and response messages to cope with the threats which come from attacks on SIP responses.