SIP(session initiation protocol)is the core protocol of IP telephone business and other media service business. Its security has been fully concerned. The mainstream SIP stack including Osip2 and eXosip2 only supports the digest authoriza⁃tion mechanism based on MD5 encryption and decryption. Aiming at single encryption mechanism in the process of digest autho⁃rization of most protocol stacks,a simple encryption negotiation mechanism based on client⁃side encryption ability was designed in combination with an open source SIP stack named eXosip2. The flexible support for other encryption methods was extended in the SIP digest authorization mechanism. According to the estimation of the improved scheme,the security extension of the SIP stack was carried out by modifying inner function of the protocol stack,which decreased the workload and avoided the influence on other parts of the SIP stack.%SIP协议作为IP电话业务和其他各类媒体业务的核心协议,其安全性一直备受关注。包括Osip2和eXosip2等在内的主流SIP协议栈目前只支持基于MD5加解密的摘要认证机制。针对目前大部分协议栈摘要认证过程中加密机制单一的问题,结合eXosip2协议栈,设计了一种简单的基于客户端加密能力的加密协商机制,扩展了SIP协议的摘要认证机制对其他加密方法的灵活支持。通过对改进方案的评估,认为该方案通过修改协议栈内部函数对SIP协议栈进行安全扩展,降低了工作量,避免了对协议栈中其他环节的影响。
展开▼
