摘要
介绍了会话初始协议的一种扩展,实现了会话描述协议(SDP)和穿越NAT/防火墙的端到端网络安全机制。该解决方案基于安全多用途网际邮件扩充协议(S/M IME)和中间体通信(M IDCOM)协议实现。用户授权代理服务器代替自己加密会话描述信息,该代理选定接收方并为接收域中的SIP代理服务器加密SDP。当每个终端用户能经由一条安全链接联系到它可信赖的SIP代理并授权该代理加密信号数据时,会话信息就得到了端到端的安全保护。
This paper describes an extension for the session initiation protocol ( SIP), which enables end - to - end security of the session description protocol (SDP) together with firewall/network address translation (NAT) traversal. This solution bases on secure multipurpose interuet mail extension (S/MIME) and the middlebox communications (MIDCOM) protocol. The user authorizes a proxy server to encrypt the session description on behalf of the user. The proxy determines the capabilities of the receiving party and encrypts the SDP for a SIP proxy server in the receiving domain. As long as each end - user may contact its trustworthy SIP proxy via a secure connection and authorize this proxy to encrypt the signaling data, the session information is secured end - to - end.
出处
《计算机与数字工程》
2006年第11期86-89,共4页
Computer & Digital Engineering
