A single sign-on system based on Kerberos for both SIP servers and clients

• Main Authors: Shiou-Jing Lin, 林秀靜
• Other Authors: Jung-Shian Li
• Format: Others
• Language: en_US
• Published: 2008
• Online Access: http://ndltd.ncl.edu.tw/handle/23791188872701888010

碩士 === 國立成功大學 === 電腦與通信工程研究所 === 96 === In the recent years, VoIP is gaining more and more attention since the VoIP related techniques have become mature.Meanwhile, the requirement of mobile management capability for VoIP is paid much attention as well. SIP is one of the protocols in VoIP and supports mobile management well. In our research, we focus on terminal mobility, which is the capability of moving to another domain while in session or before session but maintains the session unaffected. However, SIP itself is not very suitable for terminal mobility since its authentication method HTTP digest requires that the user’s information should be stored in its home network’s SIP server in advance. The requirement causes the moving SIP client can’t utilize the local SIP server in the visited network to transmit the SIP messages. To solve the problem, we add the Kerberos authentication architecture in the SIP environment. We use tickets instead of username and password to prove a user’s identity, and the method can bring other benefits like single sign-on, mutual authentication between SIP server and client, etc. In addition, we want to select a Kerberos server, which is called a KDC, to provide service according to its performance and path security. We design the application-layer anycasting mechanism to choose the best KDC by measuring the round-trip time and path security between the KDCs and the user. The “best” in our system means that to meet performance and path security as possible. Experiments show that our proposed single sign-on system could achieve efficient authentication for both SIP servers and clients in a secured manner.