By Topic

SeCReT: A Security Framework for Enhancing Chain of Response Trust in Session Initiation Protocol

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Feng Cao ; Critical Infrastruct. Assurance Group, Cisco Syst. Inc., San Jose, CA

With the introduction of voice over IP (VoIP) for replacing the traditional circuit switched infrastructure for telephony services, many relevant security concerns have been raised for integrating IP telephony into the existent applications and system infrastructure. One of the critical concerns is how to enhance authentication and authorization among the propagation parties per call session for blocking identity spoofing and preventing various attacks in the convergent communication systems. In this study, we outline one security framework, SeCReT, with some new mechanisms for providing per-hop response authentication in session initiation protocol (SIP). SIP has been selected by the major standard committees as the premier protocol for VoIP and other value-added services. SeCReT is lightweight and efficient, which can fill the security gap when other secure schemes are absent or difficult in deployment. The weak hops can be greatly secured against some common attacks by using SeCRet. Furthermore, this new security framework is fully complementary with the existent schemes (such as TLS). With the combination of SeCReT and the other schemes, we demonstrate that secure chain of response trust can be built in various scenarios, which provides better defense against a set of threats, such as identity spoofing, man-in-the-middle attacks, SPIT, and denial-of-service (DoS) attacks

Published in:

Internet Surveillance and Protection, 2006. ICISP '06. International Conference on

Date of Conference:

26-28 Aug. 2006