Advantages of identity certificate segregation in P2PSIP systems

The security of RELOAD, a protocol developed by the IETF for session initiation protocol (SIP) communications over peer-to-peer (P2P) networks, is based on each user´s possession of a public key certificate that links her identity (username) with the identity of her device (nodeID) and a public key. In this study, the authors will analyse a flaw in its design related to the joint certification of devices and users, and present a new proposal based on its separation. The authors´ proposal and RELOAD are evaluated under several scenarios that show how their approach of certificate separation for devices and users provides a more secure and flexible access control scheme while improving its efficiency and preserving its simple infrastructure.