The SIP protocol provides authentication and authorization of SIP requests through a challenge-response authentication scheme inherited by the HTTP protocol and named HTTP Digest Authentication. The current specification defines a particular algorithm for calculating the challenge response that uses the MD5 hash of a combination of user name, realm, and password. Unfortunately, a lot of authentication systems maintain the user credentials protected with a one-way function (usually a hash) in a way that is incompatible with the information required by the current HTTP Digest Authentication. Some examples are given by the mechanisms used for storing passwords by the Unix OS, LDAP servers, or other applications. In this paper, we propose to extends the original HTTP Digest Authentication by adding a new and flexible scheme that uses an arbitrary hash function and an arbitrary combination of various information such as user name, realm, password, salt, and/or other data. The proposed authentication scheme has been implemented within two testbeds in which a SIP UA authenticates itself with a remote proxy server (acting as authenticator) that uses respectively a LDAP server or a users' password file of a Joomla Content Management System.

Extending SIP Authentication to exploit user credentials stored in existing authentication Databases / S., Salsano; A., Polidoro; Veltri, Luca. - (2008), pp. 375-379. (Intervento presentato al convegno 16th International Conference on Software, Telecommuncations and Computer Networks (SoftCom 2008) tenutosi a Split-Dubrovnik (Croatia) nel September 25-27, 2008) [10.1109/SOFTCOM.2008.4669513].

Extending SIP Authentication to exploit user credentials stored in existing authentication Databases

VELTRI, Luca
2008-01-01

Abstract

The SIP protocol provides authentication and authorization of SIP requests through a challenge-response authentication scheme inherited by the HTTP protocol and named HTTP Digest Authentication. The current specification defines a particular algorithm for calculating the challenge response that uses the MD5 hash of a combination of user name, realm, and password. Unfortunately, a lot of authentication systems maintain the user credentials protected with a one-way function (usually a hash) in a way that is incompatible with the information required by the current HTTP Digest Authentication. Some examples are given by the mechanisms used for storing passwords by the Unix OS, LDAP servers, or other applications. In this paper, we propose to extends the original HTTP Digest Authentication by adding a new and flexible scheme that uses an arbitrary hash function and an arbitrary combination of various information such as user name, realm, password, salt, and/or other data. The proposed authentication scheme has been implemented within two testbeds in which a SIP UA authenticates itself with a remote proxy server (acting as authenticator) that uses respectively a LDAP server or a users' password file of a Joomla Content Management System.
2008
9789536114979
Extending SIP Authentication to exploit user credentials stored in existing authentication Databases / S., Salsano; A., Polidoro; Veltri, Luca. - (2008), pp. 375-379. (Intervento presentato al convegno 16th International Conference on Software, Telecommuncations and Computer Networks (SoftCom 2008) tenutosi a Split-Dubrovnik (Croatia) nel September 25-27, 2008) [10.1109/SOFTCOM.2008.4669513].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11381/1842883
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact