Security

Extending SIP Authentication to Exploit User Credentials Stored in Existing Authentication Databases

Download Now Free registration required

Executive Summary

The SIP protocol provides authentication and authorization of SIP requests through a challenge-response authentication scheme inherited by the HTTP protocol and named HTTP Digest Authentication. The current specification defines a particular algorithm for calculating the challenge response that uses the MD5 hash of a combination of user name, realm, and password. Unfortunately, a lot of authentication systems maintain the user credentials protected with a one-way function (usually a hash) in a way that is incompatible with the information required by the current HTTP Digest Authentication. Some examples are given by the mechanisms used for storing passwords by the Unix OS, LDAP servers, or other applications.

  • Format: PDF
  • Size: 213.45 KB