Understanding of the SIP digest authentication Solution

I. common password authentication mechanisms

Password-based authentication systems generally have the following password verification methods:

1. The client sends the user name and password to the server in plain text. The server and the user name and password that have been saved on the server are compared. If they are consistent, the server passes verification;

The basic HTTP authentication scheme adopts this method. It does not protect the objects transmitted in the physical network in plaintext mode. Obviously, this is not a safe user authentication method.

2. The client encrypts the user name and password, and the server decrypts the password before verification;

This method has certain security, but it is not safe enough whether it adopts symmetric encryption (such as des) or asymmetric encryption (such as MD5.

Symmetric encryption is easy to crack. Although asymmetric encryption is difficult to crack, it still suffers dictionary attacks and counterfeit server attacks.

3. Password + dynamic password mechanism

The HTTP digest authentication scheme adopts this method. Although it is not as secure as Kerberos or any client's private key Scheme, it is better than telnet or FTP. Of course, it is also safer than the basic authentication solution.

The Protocol also uses the digest authentication scheme. rfc2543 allows the SIP implementers to use the basic and digest authentication mechanisms of HTTP to provide preliminary security mechanisms.

However, rfc3261 requires the server to be unable to receive trust books of the "Basic" type, and the server must reject the "Basic" type ".

In addition, the Digest authentication solution does not provide security practices for the initial establishment of passwords between users and servers.

Ii. SIP protocol digest authentication mechanism

As mentioned above, the Digest authentication scheme adopted by the SIP protocol is a mechanism similar to password + dynamic password. Its key points are:

1. When the server receives, an to request to be protected from unto secure, it is best not to repeat this value;

2. When the client tries to send a request again, It also generates a dynamic cnonce value to avoid text-only attacks, provide joint authentication, and provide integrity protection for some messages;

3. The client calculates and generates the response value (that is, the abstract) to verify whether the user knows the password.

4. After receiving the resend request, the server must check the validity of the username and password. In this case, the server

The same digest computing operation as the client (for example, MD5), and compare the result with the given request-Abstract (response value.The key points here are: because of the response value and user name,

The password, nonce, cnonce, algorithm (Agreed algorithm) and other parameters are related. Therefore, if the results are consistent, both the server and the client can think that the other party is not forged.

Iii. Response Calculation Method

(See rfc2617 ):

1. Response = "response" "=" request-Digest

2. Request-Digest)

A. If the "qop" value is "auth" or "Auth-int ":

Request-digest = <"> <KD (H (A1), unq (nonce-value)
":" Nc-Value
":" Unq (cnonce-value)
":" Unq (qop-value)
":" H (A2)
) <">

B. If the "qop" indication is not provided (compatibility with rfc2069 ):

Request-digest = <"> <KD (H (A1), unq (nonce-value)
":" H (A2)
) <">

Description: KD (secret, data) indicates to call the Digest algorithm to obtain strings for Data "data" and "secret", and use H (data) indicates to call the checksum algorithm to obtain the string for the data "data;

Unq (x) removes the quotation marks of the string with quotation marks.

For "MD5" and "MD5-sess" algorithms: H (data) = MD5 (data)

And KD (secret, data) = H (Concat (secret, ":", data) that is, Digest (Digest) the MD5 operation is performed on the result of secret and data connected by a colon.

The "MD5-sess" algorithm allows other third-party servers to participate in the authentication.

A1 and A2 are defined below.

3. A1

If the algorithm ("algorithm") value is "MD5" or is not specified, A1 is:

A1 = unq (username-value) ":" unq (realm-value) ":" passwd

Passwd = <user's password>

If the "algorithm" value is "MD5-sess", A1 only needs to be calculated once, that is, when the client sends the first request and receives the WWW-authenticate question (Challenge) from the server) time calculation. It uses this question

The nonce of the server in, the nonce value of the first client used to build A1 should be:

A1 = H (unq (username-value) ":" unq (realm-value)

":" Passwd)

":" Unq (nonce-value) ":" unq (cnonce-value)

A session key is generated for the authentication of concurrent requests and responses. The key is different for each authentication session, it restricts the use of any key for hash processing.

The number of times.
4. A2

If the "qop" value is "auth" or is not given, then A2:

A2 = method ":" digest-Uri-Value

If the "qop" value is "Auth-int", then A2:

A2 = method ":" digest-Uri-value ":" H (entity-Body)

5. The item value and the string with quotation marks (Directive values and quoted-string)

Note that the values of many items, such as "username-value", are defined as quoted-string ). In fact, the "unq" comment indicates that the external quotation marks are removed when the string A1 is generated. Therefore, when the Authorization Header Packet

Including the domain, such:

Username = "Mufasa", [email protected]

The password of Mufasa is "Circle of Life", so that H (A1) can be expressed

H (Mufasa: [email protected]: Circle of Life). Note that there are no quotation marks in the abstract string.

Note: spaces are not allowed in the string in Digest function H () Unless spaces appear in a string with quotation marks or are used to mark the entity of the string digest. For example, the preceding string A1 must be

Mufasa: [email protected]: Circle of Life

No space is allowed on both sides of the colon, but space (circle + SP + of + SP + life) is allowed between the words of the password ). Similarly, other strings digest by H () cannot be separated by spaces on either side of the colon, unless spaces are enclosed in quotation marks.

Or in the Entity entity to be summarized.

Likewise, if Integrity Protection (qop = Auth-int) is applied, H (entity-entity) is the hash value of the entity, instead of the hash value of the message body, the value is transmitted by the sender

Calculated Before encoding, and deleted by the receiver.

Understanding of the SIP digest authentication Solution