改进的HTTP摘要认证方案的设计与实现

Design and realization of an improved HTTP digest authentication scheme

由于现有的认证机制不能有效解决会话初始协议(SIP)消息传送时网络侦听的问题,因此SIP网络传输时存在易遭受异常消息攻击、数据包被侦听、密文被分析等诸多安全威胁。文章经比较分析、研究改进,应用一个并行多进程的SIP非法消息检测流程,扩展了SIP认证头域,引进了密文隐写系统,能有效保证应用层的安全。实验结果验证了该方案的有效性。

In the existing authentication schemes, SIP messages are liable to multiple security hazards, such as attacks by abnormal messages, network data interceptions and analysis of ciphertexts. After comparisons, analysis and improvement, an improved authentication scheme is designed, in which a parallel multi-process Tomita algorithm is used, SIP authentication header fields extended and ciphertext steganography system introduced, thus effectively ensuring the security of the application layer. Its effectiveness is verified by experimental results.