Presentation is loading. Please wait.

Presentation is loading. Please wait.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

Published byIrene Pearson Modified over 8 years ago

Similar presentations

Presentation on theme: "MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas."— Presentation transcript:

1 MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi (sbaba@tari.toshiba.com) Ready for MWIF Kansas City TC meeting

2 MWIF Confidential Overview Task 5: “Examine Signaling Security” for the All IP wireless network General idea of security for signaling Consideration of security on SIP –SIP is the tacit signaling protocol currently assumed in the MWIF NRA

3 MWIF Confidential General discussion Signaling Security: to avoid the malicious attack through signaling (message) Basics: encryption and authentication –Ref: End-to-End and Overall security (mwif2001.104) Variety of layer for implementation: –Network layer (e.g., IPSEC) –Transport layer (e.g., TSL/SSL) –Application layer (e.g., WWW-authentication)

4 MWIF Confidential Legacy vs All IP In the legacy system, i.e., SS7 –Dedicated link base –Poor user interface for signaling –Authentication of inter-service provider signaling In the IP based system, i.e., All IP –No separation between signaling channel and bearer channel –Easy to send a spoofing signaling message and to monitor the signaling message

5 MWIF Confidential Node-to-node model Signaling message exchange with security based on SA Network-1 Network-2 BR BR : Border Router SA : Security Association

6 MWIF Confidential Network-to-network model Signaling message exchange with security based on SA Signaling message exchange without security Protected Network-1 Protected Network-2 FW SG : Security Gateway FW : Firewall SG FW

7 MWIF Confidential Examination of models Node-to-NodeNetwork-to-Network Pros Robust (No single point of failure) Flexible (less architecture restriction) Small number of SA to manage Easy to implement and operate Cons Mean for the dynamic SA establishment, maybe PKI Single point of failure

8 MWIF Confidential Security of SIP Basic investigation in draft “2543bis” –Confidentiality –Authentication –etc... Issues still being worked –Integrity of request and response Predictive nonce for digest –Registration and SA –etc...

9 MWIF Confidential Confidentiality in SIP End-to-end –Cannot encrypt whole message –Header evaluated and modified by the SIP server (i.e., proxy, redirect and register) Hop-by-hop –Use transport or lower layer method

10 MWIF Confidential Authentication in SIP Borrow from HTTP, “Basic” and “Digest” –Though, Basic is NOT recommended to use –WWW-Authenticate/Authorization for called user –Proxy-Authenticate/Proxy-Authorization for server –A kind of weakness to replay and MITM (man-in- the-middle) attacks Predictive nonce –Hop-by-hop authentication may be supported by under layer mechanism.

11 MWIF Confidential Privacy and so on Privacy of the called user –Called user information (location or availability) may be carried to the caller. –Required careful network design Denial of Service –Spoofing ‘Via’ header –6xx responses from a rogue proxy

12 MWIF Confidential Summary General idea of Signaling Security –Difference: Legacy vs All IP –Node-to-node and Network-to-network Security for SIP –Confidentiality, Authentication, Privacy and DoS protection –Network design is important, since SIP doesn’t provide a whole security solution only by itself. Modification protocol hop-by-hop security

Download ppt "MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
www.dynamicsoft.com U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP 2000-05-10-00 SIP Security Jonathan Rosenberg Chief Scientist.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.
Secure Mobile IP Communication

Secure Mobile IP Communication
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
RSVP Cryptographic Authentication ...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate

SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google