Towards Public Key Infrastructure less authentication in Session Initiation Protocol

Abstract

The Session Initiation Protocol (SIP) has become the most predominant protocol for Voice over Internet Protocol (VoIP) signaling. Security of SIP is an important consideration for VoIP communication as the traffic is transmitted over the insecure IP network. And the authentication process in SIP ranges from pre-shared secret based solutions to Public Key Infrastructure (PKI) based solution. However, due to the limitations in PKI based solutions, some PKI less authentications mechanisms are proposed. This paper aims to present an overview of different authentication methods used in or together with SIP. We start by highlighting the security issues in SIP in the context of VoIP communication. Then we illustrate the current activities regarding the SIP authentication mechanisms including the recent developments in the research community and standardization efforts within the Internet Engineering Task Force (IETF). Finally we analyze the security aspects of these approaches.