International Conference on Security and Cryptography, Oporto, Portekiz, 26 - 29 Temmuz 2008, ss.227-231
Session Initiation Protocol (SIP) is the leading protocol used in IP telephony today. By the increasing use of IP telephony and also SIP, features like QoS and security are becoming more and more important. Because of the its simple design, SIP does not have a highly secure authentication mechanism which needs to be enhanced in order to cope with today's security threats of IP. In this paper we propose a new authentication scheme for SIP based on the Secure Remote Password (SRP) Protocol. Our proposed authentication scheme modifies two existing SIP messages and adds a new SIP message. The result is a verifier based authentication scheme for SIP in which client passwords do not need to be sent to the registrar service in any form.