3AKEP: Triple-authenticated key exchange protocol for peer-to-peer VoIP applications

Peer-to-peer architectures have become very popular in the last years for a variety of services and applications they support, such as collaborative computing, streaming and VoIP applications. The security of the protocols involved in such operations is, however, a fundamental prerequisite for a widespread diffusion of such a technology. In this paper, we focus on the establishment of a security association in a distributed scenario and we propose a new key exchange protocol authenticated through three different methods: i) the verification of a signature, based on the identifier of the remote peer, ii) the use of retained secrets from previously established sessions with the same peer, iii) the exchange of a Short Authentication String through a proper “trusted means”. We also provide a possible implementation for peer-to-peer VoIP applications for setting up secure multimedia communications through the standard SIP protocol. Our proposal does not require pre-shared secrets, trusted third parties, nor a Public Key Infrastructure. In addition, we investigate different ways of distributing cryptographic peer identities in a sort of P2P web-of-trust. The proposed protocols have been also implemented and integrated into an open source SIP User Agent, for functional validation.