《基于http摘要认证与密文隐写sip安全认证实现》由会员分享,可在线阅读,更多相关《基于http摘要认证与密文隐写sip安全认证实现(50页珍藏版)》请在金锄头文库上搜索。
1、中南民族大学硕士学位论文摘要SIP 协议是下一代网络中的关键协议之一,SIP 协议的安全问题一直是人们研究的热点,至今还未得到很好的解决。论文将 HTTP 摘要认证和密文隐写技术相结合,根据 SIP 消息的文本特性,利用 SIP 协议的 Authentication-Info、Encryption 等扩展头域,在 HTTP 摘要认证机制的基础上加入了 auth-param 和 algorithm 参数,把这种改进后的认证方法称为改进的 HTTP 摘要认证方法。然后分析了 SIP 消息的 ABNF 语法规则,把 Tomita 解析算法应用于 SIP 消息解析过程中。本文设计了 SIP 消息解析-
2、检测模块,构建了一个 SIP 消息的通用检测规则,设定了具体检测的内容,对接收到的 SIP 消息进行解析的同时,进行了一定程度和范围的检测,筛选掉可能存在的非法 SIP 消息。设计了改进的 HTTP 摘要认证模块,用于身份认证的 response 值经过 TripleDES 加密后具有较高的加密比特强度,密文隐写技术将消息摘要的密文转换为与自然语言具有相同统计特性的文本,减少被破译的机会;在 Windows XP 上实现了安全认证框架的软件部分,分别完成加密子模块和隐写子模块的软件编程。最后,对仿真结果进行了分析,在一定程度上验证了该方法的有效性。本论文重点研究了基于 SIP 协议的安全认证方
3、法,并将其应用于分布式多媒体会议系统的信令控制。全文共分五章,主要内容如下:第一章为概述,阐述了课题的提出、目的和意义,综述国内外的 SIP 协议安全发展现状,介绍了本文所作的工作。第二章对 SIP 协议消息作了详细描述,总结出 SIP 消息的网络元素和主要操作。第三章提出了一个 SIP 安全框架,讨论了 SIP 安全认证模块的层次结构和设计思想。第四章对总体方案作了详细的描述,讨论了各个模块设计实现的过程。第五章为双向身份认证仿真及其结果分析。关键词:SIP 安全;HTTP 摘要认证;消息检测;密文隐写I基于 HTTP 摘要认证和密文隐写的 SIP 安全认证的实现AbstractSIP (s
4、ession initiation protocol) is one of the key protocols for Next GenerationNetwork (NGN), and its security problem is gotten more attention in the research fieldsof communication and network. However, a good solution to this problem has not beenproposed up till now.According to the text characterist
5、ic of the SIP message, the technology of HTTPdigest authentication and the ciphertext steganography is combined in this thesis, theexpansion message headers of Authentication-Info and Encryption in the SIP is usedand the parameters of auth-param and algorithm is added to HTTP digest authenticationme
6、chanism. And this improved authentication method is called a HTTP one. Followedis its analysis of the ABNF grammatical rule of the SIP message, to whose parsingprocess the Tomita algorithm is applied. The thesis has three steps. First, this thesisdesigns an analysis-detection module of SIP message,
7、in which a common detection ruleis constructed and the concrete detection content is set. By using this module, the SIPmessage is analyzed, in the meantime, the possibly existent and illegal SIP message isscreened out to a certain degree and range. Second, the improved HTTP digestauthentication modu
8、le is designed. According to it, the response value, used in identityauthentication, is possessed with the higher encryption byte intensity after theTripleDES encryption; next, the ciphertext of message digest is changed into the textwith the same statistical property as the natural language by mean
9、s of the ciphertextsteganography technology. As such, the chance of being decoded is reduced. Third, thesoftware part of the security certification frame is realized on Windows XP. To say it indetail, the software programming of the sub-modules of encryption and steganographyare fulfilled separately
10、. Finally, the test results are analyzed and the validity of thismethod is verified to a certain extent.The SIP-protocol-based authentication method and its application to the signalcontrol of the distributed multimedia conference systems are mainly discussed in thisdissertation, which consists of t
11、he following five chapters:Chapter one is the introduction. First, it gives an overview of the SIP security in thecurrent situation both at home and abroad. Second, based on the problems in the presentresearches, it put forwards a feasible method and presents the framework of the wholethesis.Chapter
12、 two illustrates the SIP message in detail, and summarizes its importantnetwork factors and key operation.II中南民族大学硕士学位论文Chapter three introduces the frame of the SIP security authentication, and discussesthe hierarchy of the SIP security authentication module and the design idea.Chapter four illustr
13、ates the scheme in detail, and discusses the design process ofeach module.Chapter five is some tests of bidirectional identity authentication, and the analysisof the test results.Key Words:SIP Security; HTTP digest authentication; message detection; ciphertextsteganographyIII中南民族大学学位论文原创性声明本人郑重声明:所呈
14、交的论文是本人在导师的指导下独立进行研究所取得的研究成果。除了文中特别加以标注引用的内容外,本论文不包含任何其他个人或集体已经发表或撰写的成果作品。对本文的研究做出重要贡献的个人和集体,均已在文中以明确方式标明。本人完全意识到本声明的法律后果由本人承担。作者签名:日期:年月日学位论文版权使用授权书本学位论文作者完全了解学校有关保留、使用学位论文的规定,同意学校保留并向国家有关部门或机构送交论文的复印件和电子版,允许论文被查阅和借阅。本人授权中南民族大学可以将本学位论文的全部或部分内容编入有关数据库进行检索,可以采用影印、缩印或扫描等复制手段保存和汇编本学位论文。本学位论文属于1、保密,在_年解密后适用本授权书。2、不保密。(请在以上相应方框内打“”)作者签名:导师签名:日期:日期:年年月月日日中南民族大学硕士学位论文第 1 章 综述1.1 课题背景在下一代网络(Next Generation Network,简称 NGN)1的多网络融合环境下实现业务的集成,即不同网络提供的业务通过 SIP 协议的信令和控制机制汇聚在一起,成为一种新的多媒体业务,并以一种无缝的平滑的方式传输到用户端。SIP(S
