A framework for identity privacy in SIP

Authors:
Giorgos Karopoulos;Georgios Kambourakis;Stefanos Gritzalis;Elisavet Konstantinou
Affiliations:
Info-Sec-Lab: Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Samos GR-83200, Greece;Info-Sec-Lab: Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Samos GR-83200, Greece;Info-Sec-Lab: Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Samos GR-83200, Greece;Info-Sec-Lab: Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Samos GR-83200, Greece
Venue:
Journal of Network and Computer Applications
Year:
2010

Citing 4
Cited 5

A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Application-layer mobility using SIP

ACM SIGMOBILE Mobile Computing and Communications Review
The Design of Rijndael

The Design of Rijndael
A framework for protecting a SIP-based infrastructure against malformed message attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking

Empirical tests of anonymous voice over IP

Journal of Network and Computer Applications
PrivaSIP: Ad-hoc identity privacy in SIP

Computer Standards & Interfaces
Hidden VoIP calling records from networking intermediaries

Principles, Systems and Applications of IP Telecommunications
Review: A survey on solutions and main free tools for privacy enhancing Web communications

Journal of Network and Computer Applications
SIPA: generic and secure accounting for SIP

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Secure multimedia delivery in modern and future networks is one of the most challenging problems towards the system integration of fourth generation (4G) networks. This integration means that different service and network providers will have to interoperate in order to offer their services to end users. This multidomain environment poses serious threats to the end user who has contract with, and trusts only a limited number of operators and service providers. One such threat is end users' privacy on which we will focus in this paper. Probably the most promising protocol for multimedia session management is the Session Initiation Protocol (SIP), which is an application layer protocol and thus can operate on top of different lower layer technologies. SIP is quite popular and a lot of research has been conducted; however, it still has some security issues, one of which is related to privacy and more particularly the protection of user identities (IDs). In this paper we comment on the ID privacy issue of SIP and propose a framework called PrivaSIP that can protect either the caller's ID or both the caller's and the callee's IDs in multidomain environments. We present different implementations of our framework based on asymmetric and symmetric cryptography analyzing the pros and cons of each one of them. Furthermore, we provide performance measurements in order to estimate the performance penalty of our framework over standard SIP. The most significant advantage of our method is that it can assure user ID protection even when SIP messages are transmitted through untrusted SIP domains, while our results show that this can be achieved with no perceived delay by the end user.