he Session Initiation Protocol (SIP) is a signaling protocol that controls communication sessions such as conferencing, telephony, and instant messaging in the Internet community (RFC2543). Before a user gets to use an SIP service provided by a server, an authentication process must be finished. However, there are some security problems with SIP authentication yet to be solved, such as server spoofing, off-line password guessing attacks, and the use of the password table. In this article, we shall propose a new authentication scheme for SIP that does not need the password table.
Journal of Digital Information Management 7(3):133-136