Authors: Xianghan Zheng, Vladimir Oleshchuk
Addresses: Faculty of Engineering and Science, University of Agder, Jon Lilletuns vei 9, 4879 Grimstad, Norway. ' Faculty of Engineering and Science, University of Agder, Jon Lilletuns vei 9, 4879 Grimstad, Norway
Abstract: Today, peer-to-peer (P2P) session initiation protocol (SIP)-based communication systems have attracted much attention from both academia and industry. The decentralised nature of P2P might provide the distributed P2P communication system without help of the traditional SIP server. However, it comes to the cost of reduced trustworthiness and may cause security problems, e.g., privacy leaks, unpredictable availability, etc. In this paper, we investigate P2PSIP security issues and propose a subjective logic-based trust model that offers trust-based security services during P2PSIP session establishment. The main issues considered in this model include opinion calculation, opinion maintenance, data confidentiality and integrity, message routing, and NAT traversal. After that we implement a typical use scenario to show how our model is utilised to offer the trusted session initiation service and protection from malicious or faulty intermediate peers. In the example presented in the paper we use chord as the P2PSIP overlay. However, the system is independent of the chord overlay and is extendable to the other distributed hash table (DHT) technologies.
Keywords: peer-to-peer; P2P communications; session initiation protocol; SIP; P2PSIP security; chord; distributed hash table; DHT; subjective logic; trust models; opinion calculation; opinion maintenance; data confidentiality; data integrity; message routing; NAT traversal.
International Journal of Internet Technology and Secured Transactions, 2011 Vol.3 No.2, pp.121 - 133
Available online: 19 Apr 2011 *Full-text access for editors Access for subscribers Purchase this article Comment on this article