| 摘要 |
Systems and methods for implementing security with RSIP are disclosed. In a first security system and method, authentication is provided with a combination of a userid and HMAC parameters. The userid parameter identifies the sender and the HMAC parameters are used with a shared key that only the sender and recipient know. Integrity is also provided by the HMAC parameters. Replay protection is provided by a replay counter, and reflection attacks are prevented by the fact that in the RSIP protocol, each entity plays the role of either a host or a gateway, and each RSIP control message can be sent by either a host or a gateway, but not both. Liveness is provided by a combination of the replay counters, userids, host and gateway cookies, and the shared key. The use of cookies allows the shared key to be used between two different sessions, even if the replay counter is reset. In a second security system and method, authentication is provided by a certificate exchange, with a combination of a userid and signed hash parameters. The userid parameter identifies the sender, and it is easy to verify that the signed hash has been signed by the proper sender. Integrity is also provided by the signed hash parameters.
|
