We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJessica Kerr
Modified over 2 years ago
© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01 Saverio Niccolini, Eric Chen, Jan Seedorf, Hendrik Scholz
© 2006 NEC Corporation - Confidential November Goals / Scope Goals of the draft –List of security threats (specific) for SPEERMINT –Mapping of these threats to suggested countermeasures As information for implementers Also helping implementers choose proper means for addressing SPEERMINT security requirements (as defined in draft-ietf-speermint-requirements-07) Target: –Informational document for implementers
© 2006 NEC Corporation - Confidential November VoIP-SPECIFIC USE CASES IM/PRESENCE-SPECIFIC USE CASES VOIP-SPECIFIC REQUIREMENTS IM/PRESENCE-SPECIFIC REQUIREMENTS ARCHITECTURE MESSAGE FLOWS DNS SRV & NAPTR USE OTHER IMPLEMENTER DOCUMENTS (BCPs) TERMINOLOGY Contribution of the draft (related to SPEERMINT document flow chart) SPEERMINT Security Threats and Suggested Countermeasures: Informational Document
© 2006 NEC Corporation - Confidential November Security Requirements vs. concrete Solutions Security Requirements: draft-ietf-speermint-requirements-07 –This draft lists security requirements without stating concrete protocols or guidance on how to meet these requirements How to fulfill/meet the Security Requirements: draft-ietf-speermint-voipthreats-01 –This draft provides concrete protocols and solutions for meeting the requirements –As guidance for implementers who want to fulfill the security requirements for SPEERMINT –Section on security requirements (section 3) Currently only listing the security requirements Waiting for draft-ietf-speermint-requirements-07 to be finalized (IESG processing) Then addressing the requirements with text on protocols and solutions
© 2006 NEC Corporation - Confidential November Comments received for Version -00 at IETF 73 Minimization of SED suggested as countermeasure Included in the new -01 version Text regarding password cracking was misleading Changed Digest authentication onall requests was seen as unrealistic Removed PKI is assumed for TLS Added text
© 2006 NEC Corporation - Confidential November Changes since -00 version Addressed comments received (see previous slide) New threats –network discovery –unwanted requests New countermeasures –minimization of session establishment data –topology hiding Renamed / Restructured Countermeasures (see next slide) Editorial changes –Updated/removed references
© 2006 NEC Corporation - Confidential November Version -01: Suggested Countermeasures Suggested Countermeasures –Database Security BCPs –DNSSEC –DNS Replication –Cross-Domain Privacy Protection –Use TCP instead of UDP to deliver SIP messages –Ingress Filtering / Reverse-Path Filtering –Strong Identity Assertion –Reliable Border Element Pooling –Rate limit –Topology Hiding –Border Element Hardening –Minimization of Session Establishment Data –Encryption and Integrity Protection of Signalling Messages –Encryption and Integrity Protection of Media Stream
© 2006 NEC Corporation - Confidential November Current Issues / Discussion IPSec vs. TLS –IPSec is a lower-layer solution but often deployed and seen as sufficient for hop-to-hop SSP security –Requirements draft says: Even though SSPs may use lower layer security mechanisms to guarantee some of those security properties, candidate protocols for the LUF and LRF must meet the above requirements authentication/integrity/confidentiality]. –Opinions from the WG? Section on deployment (Comment received at IETF 71) –Are there other solutions besides DNSSEC which are not deployed yet?
© 2006 NEC Corporation - Confidential November How to proceed... We welcome any comments on this work on the mailing list –Are there additional threats missing / not considered? –Are there countermeasures missing / not considered? –Editorial changes / comments? Or contact authors directly if you have any comments: –Saverio Niccolini: –Eric Chen: –Jan Seedorf: –Hendrik Scholz:
© 2006 NEC Corporation - Confidential November History of the draft Early versions of the draft –Investigations on the security threats and attack vectors related to SPEERMINT Classification of the threats Description of instances of the threats –Objectives Identify and enumerate the SPEERMINT-specific threat vectors Help in selecting security-related requirements Input now included in draft-ietf-speermint- requirements-07 Since IETF-72, the draft has become WG item
Architectural Approaches to Multi-Homing for IPv6 A Walk-Through of draft-huston-multi6-architectures-00 Geoff Huston June 2004.
IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.
SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-02 David Hancock, Daryl Malas.
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: Initiate An Exercise for Generating a 21a Document Date Submitted: September 21, 2009.
RadSec – A better RADIUS protocol Stig Venaas Stefan Winter
SIP WG Open Issues Jonathan Rosenberg. Record-Routing Problem: spec omits anything about Routing in reverse direction Lots and lots and lots of discussion.
Identity and Locators in IPv6 IAB Meeting IETF 60 August 2004.
Jonathan Rosenberg Cisco Interactive Connectivity Establishment: ICE.
Approaches to Multi-Homing for IPv6 An Architectural View of IPv6 MultiHoming proposals Geoff Huston 2004.
ITU-TSG16 ITU-T Standardization Seminar – Madrid, December 2002 H.323 and some Security-related issues – a presentation in two parts Simão Ferraz.
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: Security TG Call For Proposals Date Submitted: March 11, 2009 Presented at IEEE
es IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Response to ES PAR and 5C Comments Date Submitted: March,
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: Q & A for Discussion Date Submitted: Aug 17, 2010 Presented at IEEE a Teleconference.
LinkSec Architecture Attempt 3 Robert Moskowitz ICSAlabs.
Doc.: IEEE /1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.
Enabling Interoperable Secure Web Services Bret Hartman, DataPower Technology July, 2004.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: Security Group TR Date Submitted: 20 th January, 2009 Presented at IEEE
GSC: Standardization Advancing Global Communications Telecommunication Security Herbert Bertine Chairman, ITU-T SG 17 SOURCE:ITU-T TITLE:ITU-T Security.
1 Carrier VoIP Security: Threats and Defenses. 2 Agenda Security Philosophy VoIP Basics (IETF SIP-based) VoIP Threats Fundamental VoIP Security Mechanisms.
1/24/2005CTS II - HL7 Vocabulary TC CTS II HL7 Working Group Meeting Vocabulary TC.
Version 4.1 CCNA Discovery 2– Chapter 7. Contents 7.1: ISP Services : TCP / IP Protocols 7.2: 7.3: DNS 7.3: 7.4: Application Layer Protocols 7.4.
EHR-S Reconciliation Worksheet Instructions. The spreadsheet is an extract from the EHR-S Database. Each column is Filterable by click- ing on the header.
Secure routing in Wireless sensor Networks: Attacks and Countermeasures AUTHORS: CHRIS KARLOF AND DAVID WAGNER UNIVERSITY OF CALIFORNIA AT BERKELEY, BERKELEY,
1 IETF Response To Pervasive Monitoring November 7 th 2013.
1 A Cloud Reference Framework … for discussion only … Please send comments and suggestions to Bhumip Khasnabish Friday,
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
Happy Eyeballs Extension for Multiple Interfaces Gang Chen Carl
1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.
Doc.: IEEE /0085r2 Submission July 2011 Gerald Chouinard, CRCSlide Response to Comments received on the proposed a PAR and 5C Date:
© 2016 SlidePlayer.com Inc. All rights reserved.