論文使用權限 Thesis access permission:校內校外均不公開 not available
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available
博碩士論文 etd-0729108-165808 詳細資訊
Title page for etd-0729108-165808
論文名稱 Title |
設計與實作一個智慧型SIP終端設備以防"Invite/Bye”攻擊 Design and Implementation of an Intelligent SIP User Agent to Avoid “Invite/Bye” Attack |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
58 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2008-07-08 |
繳交日期 Date of Submission |
2008-07-29 |
關鍵字 Keywords |
安全、網路電話、認證 VoIP, Authentication, Security |
||
統計 Statistics |
本論文已被瀏覽 5643 次,被下載 0 次 The thesis/dissertation has been browsed 5643 times, has been downloaded 0 times. |
中文摘要 |
隨著Voice-over-IP (VoIP)技術發展成熟,VoIP以低費率優勢逐漸取代傳統市話。不像一般市話使用傳統公眾交換網路(public switched telephone network),VoIP透過Internet交換語音資料。因此,VoIP服務必須面對原本IP網路的缺陷,而VoIP設備將會比傳統電話更容易受到網路攻擊。 在這篇論文中,我們分析了SIP協議(Session Initiation Protocol)所提供的認證機制,指出目前認證機制中的缺陷與SIP所面臨的安全威脅。我們利用有限的資源,實作出一套認證安全機制於嵌入式SIP終端設備,並進行”Invite/Bye”攻擊實驗。實驗的結果證實,我們的認證機制在Direct Call架構與Proxy Call架構皆能防禦網路惡意的Invite/Bye攻擊。 |
Abstract |
As Voice-over-IP (VoIP) technology developed, VoIP services alternate the traditional PSTN gradually with their advantage of low rates. Instead of using the public switched telephone network, VoIP services exchange voice information over Internet. As the result, VoIP services have to suffer from the weaknesses of the IP network infrastructure and VoIP devices are easier to be attacked than traditional phones. In our research, we analyze authentication mechanisms of Session Initiation Protocol, and address the weakness of current authentication mechanisms and the security threats to SIP. We use limited resources to implement an authentication mechanism in our embedded SIP user agent. The results of the Invite/Bye attack experiments confirm that our authentication mechanism in Direct Call and Proxy Call can both avoid malicious Invite/Bye attack. |
目次 Table of Contents |
目次 中文摘要 I ABSTRACT II 目次 III 圖目錄 VI 表目錄 VIII 1. 序論 1 1.1. 研究動機與目的 1 1.2. 論文架構 1 2. SIP概論與介紹 2 2.1. SIP組成元件 2 2.2. 客戶端 2 2.3. 伺服器端 3 2.3.1. 代理伺服器(Proxy Server) 3 2.3.2. 重定向伺服器(Redirect Server) 4 2.3.3. 註冊伺服器(Registrar Server) 4 2.4. SIP請求訊息 5 2.5. SIP回應訊息 6 2.6. SIP 相關攻擊 7 2.6.1. Register 攻擊 7 2.6.2. Invite flood攻擊 7 2.6.3. Bye 攻擊 7 2.7. SIP運作流程 8 3. 系統架構 10 3.1. 硬體架構 10 3.2. 軟體架構 14 3.3. SIP UA軟體運作流程 17 4. 架構與實做 19 4.1. 伺服器端 19 4.1.1. Digest Authentication 19 4.1.2. 註冊認證(Registration Authentication) 20 4.1.3. 邀請認證(INVITE Authentication) 20 4.1.4. 通話結束認證(BYE Authentication) 21 4.2. 客戶端 23 4.2.1. UAS端認證設計 23 4.2.2. 492回應訊息設計 24 4.2.3. UAS端流程 25 4.2.4. UAC端流程 26 4.2.5. INVITE Request結合492認證 27 4.2.6. BYE Request結合492認證 29 4.2.7. 重複性攻擊 30 4.2.8. 網頁設定 32 4.2.9. Group ID 33 4.3. 實驗分析 33 4.3.1. CASE 1 : Proxy call without 407 35 4.3.2. CASE 2 : Proxy Call with 407 37 4.3.3. CASE 3 : Proxy Call with 492 39 4.3.4. CASE 4 : Direct Call without 492 40 4.3.5. CASE 5 : Direct Call with 492 43 5. 結論 45 參考文獻 46 |
參考文獻 References |
[1] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [2] S. Donovan, “The SIP INFO Method”, RFC 2976, October 2000 [3] J. Rosenberg, H. Schulzrinne, “Reliability of Provisional Responses in the Session Initiation Protocol (SIP)”, RFC 3262, June 2002 [4] B. Roach, “Session Initiation Protocol (SIP)-Specific Event Notification”, RFC 3265, June 2002 [5] J. Rosenberg, “The Session Initiation Protocol (SIP) UPDATE Method”, RFC 3311, September 2002 [6] B. Campbell, J. Rosenberg, H. Schulzrinne, C. Huitema, D. Gurle, “Session Initiation Protocol (SIP) Extension for Instant Messaging”, RFC 3428, December 2002 [7] R. Sparks, “The Session Initiation Protocol (SIP) Refer Method”, RFC 3515, April 2003 [8] Niemi, ” Session Initiation Protocol (SIP) Extension for Event State Publication”, RFC 3903, October 2004 [9] AMDtek Inc., ”ADM 5120 HOME GATEWAY CONTROLLER Datasheet” , 2003. [10] J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart, “HTTP Authentication: Basic and Digest Access Authentication”,RFC-2617, June 1999 [11] Y.K Mou, “Design and Implementation of an Intelligent SIP User Agent to Improve Efficiency of SIP Signaling Delivery”, July 2008 [12] D. Endler, M. Collier, “Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions” [13] 國立中山大學資工所 林承諺, 嵌入式網路電話使用者端系統設計與實作, July 2007 [14] Stefano Salsano, Luca Veltri, Donald Papalilo, “SIP Security Issues: The SIP Authentication Procedure and its Processing Load”, December 2002 [15] Samer EL SAWDA, Pascal URIEN ,“SIP Security Attacks and Solutions: A state-of-the-art review”, 2006 [16] Anat Bremler-Barr , Ronit Halachmi-Bekel , Jussi Kangasharju , “Unregister Attacks in SIP”, 2006 [17] Q. Qiu, “Study of Digest Authentication for Session Initiation Protocol (SIP)”, December 2003 [18] D. Sisalem, J. Kuthan ,“DENIAL OF SERVICE ATTACKS AND SIP INFRASTRUCTUR-Attack Scenarios and Prevention Mechanisms”, IEEE [19] Z. Zhang , B. Fang, M. Hu, H. Zhang “SECURITY ANALYSIS OF SESSION INITIATION PROTOCAL”, April 2007 [20] D. Geneiatakis, G. Kambourakis, T. Dagiuklas,C. Lambrinoudakis and S. Gritzalis, “SIP Security Mechanisms: A state-of-the-art review”, 2005 [21] M.S. HWANG, C.C LEE, Y.L.G TANG, ”A Simple Remote User Authentication Scheme”, January 2002 [22] The GNU oSIP library, http://www.gnu.org/software/osip/ [23] The eXtended oSIP library, http://savannah.nongnu.org/projects/exosip [24] 賈文康, Session Initiation Protocol (SIP) Methodology Handbook, 2006 |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 您的 IP(校外) 位址是 3.144.84.155 論文開放下載的時間是 校外不公開 Your IP address is 3.144.84.155 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS