中文摘要：

本文先简要概述了SIP应用背景和重要概念,然后详细分析了SIP面临的安全威胁以及现有安全解决方案,主要为安全认证和加密,讨论了几种典型方案的原理和不足.随后仔细研究了一种先进的基于共享用户密码进行密钥协商的轻量级的SIP安全认证、加密机制,并加入一次口令机制加以改进.随后借鉴了一种基于能力的IP-DOS控制思想,结合SIP本身特点,提出了一种能更好地限制SIP-DoS安全威胁的SIP-TVA.

英文摘要：

This article briefly outlines the application background and some important concepts of SIP at first, analyzing amply the common safety problems and existing solutions measures, with mainly the security authentication and encryption methods. And we also talk several typical solution discussing their principles and defects for each. Then, we made a detailed study for an advanced and lightweight security authentication and encryption scheme that is based on the shared user password for the key negotiation in the SIP network. After this, we join the one-time password mechanism to improve it. Subsequently, we anlehnung a thought that is for controlling the IP-DOS based on the capabilities, to propose one SIP-TVA for the better solutions and limiting for the SIP-DOS threat, combining with its own characteristics of the SiP.