An ECDH-based light-weight mutual authentication scheme on local SIP

The purpose of this paper is to propose a light-weight implementation of Transport Layer Security(TLS) handshake using Elliptic Curve Diffie-Hellman(ECDH) suitable for local Session Initiation Protocol(SIP) environment. TLS is a standard for the transport layer to ensure security in hop-by-hop communication of SIP and end-to-end communication over an insecure medium like the Internet. Since TLS is a protocol based on Public Key Infrastructure(PKI), it has advantages that it basically requires to deploy the infrastructure to issue certificates and it requires more time to encrypt and decrypt data. Basic idea of this paper is to improve TLS handshake authentication mechanism to make this mechanism light-weight. Currently, authentication is performed using certificates in TLS handshake procedure. In order to reduce the execution time taken by TLS handshake, ECDH based password authentication method will be applied as a replacement of the traditional certificate-based authentication scheme. Local SIP proxy server is constructed by one machine so that it can be easy to manage user ID and password. Thus this local network configuration is suitable for applying password authentication method as proposed in this paper. Additionally, the proposed implementation of the light-weight TLS handshake scheme can effectively improve overhead occurring at SIP call set-up time.