There are two forms of authentication in SIP – authentication of a user agent (UA) by a proxy, redirect, or registration server and authentication of one UA by another. With Transport Layer Security (TLS), mutual authentication of proxies or a proxy and UA is accomplished using certificates. Authentication is used to allow only authorized access to a service or feature and prevent malicious or unauthorized use by other applications.

• SIP and WebRTC
• Voip Design
• VoIP Software

Digest Authentication

Digest authentication is a simple challenge/response method based on HTTP. For RFC 2069, it employs a MD5 hash algorithm to encode the username, realm, password, digest URI, and server generated nonce as follows:

• H1 = MD5(username : realm : password)
• H2 = MD5(method : digestURI)
• Response = MD5(H1 : nonce : H2)

RFC 2617 added a client generated nonce and quality of protection (QoP) to improve security as follows:

• Response = MD5(H1 : nonce : nonceCount : nonceClient : QoP : H2)

SIP Proxy and User Authentication

As depicted in the figure, the message flow for both proxy and user agent authentication is illustrated. The initial INVITE is challenged with a 407 Proxy authorization required. The UA responds with an ACK and then reissues the INVITE containing the authentication credentials. The next proxy server or end UA responds with a 401 Unauthorized message back to the source UA to again reissue the INVITE with the proper authentication credentials and complete the authentication process.

Via: SIP/2.0/UDP 192.168.23.113:;branch=z9hG4bK.rxkOqoU6K;rport

From: "sabresd" <sip:@192.168.23.100>;tag=i-ljgBYGN

To: sip:@192.168.23.100

CSeq:  INVITE

Call-ID: c2kQFPZtPJ

Max-Forwards:

Supported: replaces, outbound

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO, UPDATE

Content-Type: application/sdp

Content-Length:

Contact: <sip:@192.168.23.113;transport=udp>;+sip.instance="<urn:uuid:b13bc5f4-aefc-412f-b586-7a409b46e058>"

User-Agent: LinphoneAndroid/ (belle-sip/1.5.)

Authorization:  Digest realm="asterisk", nonce="1007a06b", algorithm=MD5, username="",  uri="sip:2007@192.168.23.100", response="45316d80ffca2b4094333af2631d0c9f"

v=

o=   IN IP4 192.168.23.113

s=Talk

c=IN IP4 192.168.23.113

b=AS:

t=

a=rtcp-xr:rcvr-rtt=all: stat-summary=loss,dup,jitt,TTL voip-metrics

m=audio  RTP/AVP

a=rtpmap: opus//

a=fmtp: useinbandfec=

a=rtpmap: SILK/

a=rtpmap: speex/

a=fmtp: vbr=on

a=rtpmap: speex/

a=fmtp: vbr=on

a=rtpmap: telephone-event/

a=rtpmap: telephone-event/

a=rtpmap: telephone-event/

m=video  RTP/AVP

a=rtpmap: H264/

a=fmtp: profile-level-id=42801F

a=rtcp-fb: nack pli

a=rtcp-fb: ccm fir