最近，由於SIP-based VoIP的盛行，有越來越多的裝置可以透過網際網路來使用VoIP的服務。雖然有這麼多的軟硬體客戶端支援VoIP的服務，但絕大多數並不支援建立安全加密的通話連線。雖然部份的軟體客戶端支援建立安全通話，但是並沒有辦法和其他家廠商所開發的相容。在硬體客戶端方面，SIP hard phone並不支援加密的通話。也因此通話的雙方，要建立安全的通話連線，得仰賴雙方都有支援才行，否則只能建立無加密的通話。

在本論文中，我們考量在大樓內部所屬的網路環境，並且提出了Building Security Gateway的概念，它可以幫助能力不足的裝置建立安全的通話連線，以及處理後續的語音封包加解密工作。

在環境實作的部份，我們挑選MIKEY pre-shared key充當通話金鑰交換演算法，並且將此功能實作到BSG上面，針對那些以此安全金錀交換演算法來建立安全通話的客戶端，即使被邀請端不支援，亦能夠成功地建立連線。我們亦考量在session mobility時，新角色BSG所造成的影響，以及此時BSG該如何運作。

由於BSG有掌管著通話加密金鑰的功能，我們也可以著手監聽經過加密的通話，配合上通聯紀錄(CDR)和監聽的語音通話，達到監聽的效果。

Recently, voice over IP becomes popular in today’s Internet. More and more devices could provide SIP-based VoIP, but most of them only support non-encrypted sessions. Some of the soft phones support the establishment of secure sessions, but they may not be compatible to other soft phones. Furthermore, most of the SIP hard phones do not support the setup of secured sessions. For setting up a secure session, both caller and callee should support the key exchange protocols, or the secure session could not be constructed.

In this thesis, a secure architecture is proposed in the home/office networking environment. A special appliance, called Building Security Gateway (BSG), is designed to help weak SIP devices to perform security functions, such as initialization of secure sessions and encrypting/decrypting media similar to PCs. Furthermore, a prototype BSG is built in a home/office network, and BSG-based session mobility cases between UAs are constructed and the related protocol primitives are discussed. BSG could monitor the passing-by encrypted sessions and recover them into decrypted ones. The BSG architecture could help devices set up secure sessions and provide the monitoring functionality at the same time. CDR (call detail record) and recorded data stream could be kept in the BSG database.

[1]Asterisk, Available: http://www.asterisk.org/
[2]C. Huitema, “Real Time Control Protocol (RTCP) attribute in Session Description Protocol (SDP)”, RFC3605, Internet Engineering Task Force (IETF) , October 2003
[3]Chia-Chen Chang, Yung-Feng Lu, Ai-Chun Pang, Tei-Wei Kuo, "Design and implementation of SIP security", ICOIN 2005, vol. 3391, pp. 669-678, Jan. 2005
[4]Cisco Unified Communications System. Retrieved September 18, 2008, from the World Wide Web: http://www.cisco.com/en/US/prod/collateral/voicesw/ps6882/ps6884/solution_overview_c22-484573.html
[5]Colin Perkins, "RTP :audio and video for the Internet", Boston, Addison-Wesley, c2003
[6]F. Andreasen, “Session Description Protocol (SDP) Security Descriptions for Media Streams”, RFC 4568, July 2006
[7]Fraunhofer FOKUS, SER (SIP Express Router). Available: http://www.iptel.org/ser/
[8]H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, “RTP: A Transport Protocol for Real-Time Applications”, RFC3550, Internet Engineering Task Force (IETF), July 2003
[9]H. Schulzrinne, S. Casner, “RTP Profile for Audio and Video Conferences with Minimal Control”, RFC 3551, Internet Engineering Task Force (IETF) , July 2003
[10]Henry Sinnreich, Alan B., Johnston, “Internet Communications Using SIP”, New York, John Wiley & Sons, inc.
[11]Hyo-Moon Jeong, Myung-Jin Lee, Dong-Kyu Lee, Soon-Ju Kang, ” Design of Home Network Gateway for Real-Time A/V Streaming between IEEE1394 and Ethernet”, IEEE Transactions on Consumer Electronics, May 2007
[12]J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman, “MIKEY: Multimedia Internet KEYing” , RFC3830, Internet Engineering Task Force (IETF), August 2004
[13]J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, E. Schooler. , “SIP: Session Initiation Protocol”, RFC 3261, June 2002
[14]Ji-Young Kwak, “Ubiquitous Services System Based on SIP”, IEEE Transactions on Consumer Electronics, volume 53, page(s): 938-944, Aug. 2007
[15]K. Takei, K. Okamura, K. Araki, “Design of gateway system between different signaling protocols of the multimedia session on the Internet”, 2001. Proceedings. 15th International Conference on Information Networking, 2001
[16]LAME, Available: http://lame.sourceforge.net
[17]M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, “The Secure Real-time Transport Protocol (SRTP)” , RFC3711, Internet Engineering Task Force (IETF), March 2004
[18]M. Handley, V. Jacobson, C. Perkins, "SDP: Session Description Protocol", RFC4566, July 2006
[19]M. Takizawa, T. Minato, T. Furukawa, K. Seki, H. Shimada, , “Future Service Platform and Home Gateway”, APSITT 2005 Proceedings, Nov. 2005
[20]Minisip, Available: http://www.minisip.org/
[21]P. Zimmermann, “ZRTP: Media Path Key Agreement for Secure RTP draft-zimmermann-avt-zrtp-06”, Internet-Draft, March 10, 2008
[22]P104SLD SIP phone, http://www.act-tel.com/chinese/p104sld.html
[23]RTP proxy, Available: http://www.rtpproxy.org/
[24]SIPp, Available : http://sipp.sourceforge.net
[25]Whai-En Chen,Li-Wen Hsu, Pin-Jen Lin, Chai-Hien Gan , “Design and Implementation of SIP VoIP Monitoring System”, NCS 2005
[26]Windows messenger 5.1, Available: http:// www.microsoft.com
[27]Wireshark, Available: http://www.wireshark.org/
[28]Yeon-Joo Oh, Eui-Hyun Paik, Kwang-Roh Park, “Design of a SIP-based real-time visitor conversation and door control architecture using a home gateway”, International Conference on Consumer Electronics 2006, Jan. 2006
[29]張慶龍, 彭耀民, 鄭玴吉, “SIP-based 網路電話監聽系統之設計與實現”, 2008數位生活科技研討會
[30]郭嘉明 (民96)。行動會議上網路電話安全之研究。國立成功大學電腦與通信工程研究所碩士論文。
[31]陳柏州, 吳坤熹, “數位化網路電信系統對傳統監聽機制之挑戰”, 2008數位生活科技研討會
[32]賈文康編著(民94)。SIP會談啟始協議操典。台北市：松崗。