Session Initiation Protocol (SIP) is an Internet Engineering Task Force (IETF) peer-to-peer, signaling protocol that facilitates openness, connectivity, choice and personalization. Initially designed to support multicast applications, the simplicity, power and extensibility of SIP have lead to its rapid adoption for other uses, notably Voice over Internet Protocol (VoIP), and Instant Messaging (IM). SIP can set up and manage communication sessions, regardless of the media type (e.g. voice, text, video, or data). In addition to voice communication features, SIP enables new services that are difficult or impossible to provide in traditional telephony-centric systems, such as presence; mobility; user-defined personalized services; instant multimedia communications; advanced multimedia conferencing; and multiple devices. Due to its ease of use and platform-independent nature, more devices, such as video surveillance cameras, are now SIP-based and can be accessed over the Internet.
A SIP-based video surveillance system can include many cameras distributed over a wide geographic area. In order to effect surveillance, cameras must by queried or polled by a user or client to retrieve video and other information. The cameras should only be accessible to authorized users; therefore, it is desirable to provide secure communication channels over which a user can access one of more cameras or other devices. Due to the large amount of video and other data that it may be necessary to transmit, it is also desirable that the secure communication channel permit high-bandwidth communications. A disadvantage of SIP is its inherent lack of authentication and security features. Public key, symmetric key and other security methods have been proposed, but all suffer disadvantages, particularly when used with always-on type devices, such as video surveillance cameras.
Public key, or asymmetric key, cryptography allows users and devices to communicate securely without having prior access to a shared secret key. This is achieved by providing a pair of cryptographic keys, designated as a public key and a private key, which are related mathematically. In public key cryptography, the private key is generally kept secret, while the public key can be widely distributed. In a general sense, one key locks a lock; while the other is required to unlock it. There are many forms of public key cryptography, such as public key encryption and public key digital signing. Digital certificates and public key infrastructure (PKI) technologies are two public key technologies that provide authentication and strong data encryption, and are commonly employed for secure transmission between two endpoints. However, they are computationally intensive and relatively slow. In addition, they are cumbersome to manage, since the public and private key pairs or digital certificates must be generated and stored for every device. The keys or digital certificates must also be regularly updated if they are not to be maliciously intercepted and broken.
Symmetric key systems are much less computationally expensive than asymmetric key systems. In practice, an asymmetric key algorithm is hundreds or thousands of times slower than a symmetric key algorithm. Symmetric key systems use related cryptographic keys for both decryption and encryption. The encryption key is trivially related to the decryption key, in that it may be identical or there is a simple transform to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. Other terms for symmetric key encryption include single-key, one-key and private-key encryption (which should not be confused with the private key in public key cryptography). Symmetric key algorithms can be divided into stream ciphers and block ciphers. The Advanced Encryption Standard (AES) algorithm, which encrypts data as 128-bit blocks, is a commonly used symmetric block cipher. Other examples of symmetric key algorithms include Twofish, Serpent, Blowfish, CAST5, RC4, TDES, and IDEA. However, a disadvantage of symmetric key algorithms is the requirement of a shared secret key, with one copy at each end. Since keys are subject to potential discovery by a cryptographic adversary, they need to be changed frequently and kept secure during distribution and in service. The consequent requirement to choose, distribute and store keys without error and without loss, known as key management, can also be difficult to reliably achieve. In addition, symmetric key algorithms cannot be used for authentication or non-repudiation purposes.
It is, therefore, desirable to provide a fast, scalable, and less computationally intensive system and method to authenticate, and provide a secure communication channel between, devices initiating communications according to a peer-to-peer signaling protocol, such as SIP.