Abstract

The Session Initiation Protocol (SIP) protocol is commonly used to establish Voice over IP (VoIP) calls. IETF SIP standards do not specify a secure authentication process thus allowing malicious parties to impersonate other parties or to charge calls to other parties. This paper proposes an extension to the SIP protocol that uses an identity-based authentication mechanism and key agreement protocol. These extensions provide stronger cryptographic assurances for VoIP authentication and enable provably secure key agreement between users. The use of ID based cryptography means that a large Public Key Infrastructure (PKI) is not required thus making this protocol viable for large scale implementation. 1