Download
1 / 14
140 likes | 263 Vues
PKI Authentication of VoIP Subscribers in the Telecommunicating Networks . Shaul Mansour Eldar Zilberman Gilad Keinan Ohad Behore. Yuri Granovsky Yuval Elovici. Background.
E N D
PKIAuthentication of VoIP Subscribers in the Telecommunicating Networks ShaulMansour EldarZilberman GiladKeinan OhadBehore YuriGranovsky YuvalElovici
Background Today we are witnessing a great change in telecommunication technology when more and more phone companies are changing their technology and choosing to use VoIP as the new standard for Telecommunication. This change is the cause for major security problems which must be taken into consideration.
Project Goal The goal of our project is to solve one of those security problems, supplying a way for VoIP users to authenticate each other and make authenticated calls. Our solution is based on public key infrastructure and will use public key certificates issued by a central certificate authority (CA).
Proposed Solution Every VoIP client will be based on a different remote computer and will be able of making calls to all known clients (omitting the need for SIP server). The receiving side will decide whether a certain call will be authenticated or not, for authenticated calls certificates will be swapped and challenges will be sent to authenticate certificate holder's identity. At the first authenticated call, the client will communicate the CA, sending a certificate signing request (CSR) and receiving a signed certificate to present to other clients.
System Architecture VoIP Client CA Server SIP Agent Communication Service Storage module Storage module Authentication module CA Tools Enabler CRL
System Components The Certificate Authority will consist of: CA tools – Certification creation and management. CRL - Holding a list of revoked certificates, and will respond to queries. Communication service – Service for client connections. Storage module – Will save all issued certificates and client information. The VoIP Client will consist of: SIP agent - In charge of actual communication. Authentication module – Exchanging certificates with other clients. Enabler – Creation and management of public key certificates. Storage module – Local database for each client.
Non-Func. Requirements Processing a certificate signing request with the CA server should take less than 5 seconds. Exchanging certificates with another client and waiting for certificate authentication from the CA server should not take more than 2 second. The CA Server should handle as many as 150 requests simultaneously. In 100% of cases, when a client with a false certificate or revoked one is authenticated with another client, the call attempt fails. The VoIP agent and the CA Server will be developed for Linux platform, communication will be developed in C++ and module logics in Java. The client should be apparent when the agent is running and when there are errors but not overwhelm the user with redundant messages.
Detailed Use Case – ID7 Primary actors: The user Description: The user initiates a call to another user on the network. Trigger: The user enters a number to dial, and presses "send" button. Pre-conditions: The VoIP client is installed on the device and is currently running. Post-conditions: The user is communicating with another user
