Hi there, We are two french students in Computer Security and we plan a project for our end-term studies.
The general idea is to provide authentication in VoIP communication using X.509 certificates (already used in SSL & TLS protocols). To do that, we want to modify SIP server and client source code and integrate a first level authentication (for example, using a challenge and one certificate for each peer) before or during SIP commands. The objective is, in a first time, to avoid register hijacking. Next, we plan to use certificates to authenticate peers before the NTP communications. Two functionalities would be added : -the peer's name who establishes the call will appear in the receiver client software -a strong authentication of peers So, we can explain it with a little graphical mockup like this one : I)SIP registration authentication +------------------------------------------+ | SIP registrar | +------------------------------------------+ / | / (3) | .|SIP |request ||auth the |user .|register |x.509 ||two peers |successfully .|request |auth ||using |registered .|(1) |(2) ||challenge |(4) .| / / / +------------------------------------------+ | Bob | +------------------------------------------+ II)SIP peers authentication +----+ +----+ | |------1. Pre-Invite with Bob cert--->| A | | B |<------2. OK, send Alice cert -------| L | | O |<======3. authenticate peers========>| I | | B |<------4. Alice accept the call------| C | | |-------5. Bob ack, NTP call start--->| E | +----+ +----+ For the moment, we are just brain storming but an idea we like is the development of a patch for OpenWengo project. That's why we are requesting your opinions. Best regards, julien ---- Julien VEHENT gpg: 0x7A7B6F2C sur keyserver.net web: www.linuxwall.info
pgpC5sZ1sE4eA.pgp
Description: Signature numérique PGP
_______________________________________________ Wengophone-devel mailing list [email protected] http://dev.openwengo.com/mailman/listinfo/wengophone-devel
