1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

Slides:

Advertisements

Similar presentations

SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.

Advertisements

Indication of support for keep- alive draft-holmberg-sip-keep-03 Christer Holmberg

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.

Internet Telecom Expo September 20, 2000 SIP vs. H.323 SIP vs. H.323 Will the Real IP Telephony Please Stand Up? Jonathan Rosenberg.

SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-02 David Hancock, Daryl Malas.

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

SIP Security Matt Hsu.

SIP Security Henning Schulzrinne Columbia University.

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

SIP Session Initiation Protocol Short Introduction Artur Hecker, ENST.

July 30, 2010SIPREC WG1 SIP Call Control - Recording Extensions draft-johnston-siprec-cc-rec-00 Alan Johnston Andrew Hutton.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

4 August 2005draft-burger-simple-imdn-011 Instant Message Delivery Notification (IMDN) for Presence and Instant Messaging (CPIM) Messages draft-burger-simple-imdn-01.

Presented by Zhi-Hong Guo Instructed by Assistant Professor Quincy Wu

Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.

SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

Cullen Jennings Certificate Directory for SIP.

Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.

1 SIPREC draft-ietf-siprec-architecture-00 An Architecture for Media Recording using SIP IETF SIPREC INTERIM – Sept 28 th 2010 Andrew Hutton.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential Issues with HTTP Authentication for SIP Hisham Khartabil SIP WG IETF 59, Seoul.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum

SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-01 David Hancock, Daryl Malas.

SIP INFO Event Framework (draft-kaplan-sip-info-events-00) Hadriel Kaplan Christer Holmberg 70th IETF, Vancouver, Canada.

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

1 Secure VoIP: call establishment and media protection Johan Bilien, Erik Eliasson, Joachim Orrblad, Jon-Olov Vatn Telecommunication Systems Laboratory.

Draft-ono-sipping-end2middle-security-00 1 End-to-middle Security in SIP Kumiko Ono NTT Corporation July 17, 2003.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.

End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-03 draft-ono-sipping-end2middle-security-02 Kumiko Ono IETF60.

1/7 Clarification of Privacy Mechanism for SIP draft-munakata-sipping-privacy-clarified-00 Mayumi Munakata (NTT) Shida Schubert (NTT) IETF67 SIPPING 1.

Open issues from SIP list Jonathan Rosenberg dynamicsoft.

SIP Security Issues : The SIP Authentication Procedure and its Processing Load Speaker: Lin-Yi Wu Advisor : Prof. Yi-Bing Lin Date : 2003/04/09.

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:

March 20, 2007BLISS BOF IETF-681 Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol.

Location Conveyance in SIP draft-ietf-sip-location-conveyance-01 James M. Polk Brian Rosen 2 nd Aug 05.

March 20th, 2001 SIP WG meeting 50th IETF SIP WG meeting Overlap signalling handling

The Session Initiation Protocol - SIP

User Application Control (Keypress Events) SIPPING WG - IETF 53 Robert Fairlie-Cuninghame, Bert Culpepper, Jean-François Mulé.

Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.

SIP Congestion Safety Open Issues. Background SIP over UDP uses retransmissions timers within each transaction with exponential backoffs to provide reliability.

Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.

SIP Extension Changes Jonathan Rosenberg dynamicsoft IETF 52.

Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.

End-to-middle Security in SIP

ECRIT Interim: SIP Location Conveyance

Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.

Examining Session Policy Topologies

Transcoding Framework

Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol (SIP) draft-johnston-bliss-mla-req-00.

Network Announcements with SIP

ELECTRONIC MAIL SECURITY

SIP Authentication using CHAP-Password

Transcoding Framework

ELECTRONIC MAIL SECURITY

INSIPID Session Initiation Protocol (SIP) Extension for logging and debugging (draft-kaithal-dispatch-sip-log-information-00 ) March 26th 2012 IETF -83.

call completion services

SIP Session Policies Volker Hilt

SIP Session Timer Glare Handling

An Architecture for Media Recording using the Session Initiation Protocol draft-ietf-siprec-architecture Andy Hutton

Presentation transcript:

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt draft-ono-sipping-smime-keyreuse-00.txt

2 Background Existing problems –All proxies are not always trusted by UAs to view a message body. e.g. Access via a proxy in visited network. –If e2e encryption is used, some services cannot be provided to UAs. e.g. logging services, FW control for SRTP. –If only TLS is used, visited network proxy can look some private data. e.g. user- authentication data, user-location data. Usecases –Logging services for enterprise use –Location object conveyance [It is unclear if LOC always requires all proxies to be trusted]. –FW traversal –Early media disposition –Session policy

3 Changes from ieft-sipping-e2m-sec-reqs-00 Reworked requirements to clarify the objectives; separated e2m confidentiality and integrity. Clarified the requirement for confidentiality, "The solution MUST work even with end-to-end encryption…”. –It MUST be compatible with end-to-end encryption. Shared with the end user and selected proxy, if needed. –It MUST NOT violate end-to-end encryption when the encrypted data does not need to be shared with any proxy servers. e.g., keying materials for SRTP in SDP I will add following requirement reflecting ML comment. UAs must be able to apply confidentiality and integrity protection to parts of the bodies that are only for a selected proxy.

4 Open issue for reqs. Should I add the requirement that a proxy to be allowed to delete the data that targets only for the proxy. –My proposal No (Changed from the last IETF meeting) –If the data is encrypted, UAC can set “handling=optional” in Content-Disposition to request UAS to ignore the e2m part of the body. –If the data is signed but not encrypted, the body does not contain any private data. Therefore proxy does not need to delete it. –This can keep the mechanism in RFC3261. The deleting is useful to reduce the data size, but not essential to maintain to security.

5 Proposed Mechanism This approach allows a UA to disclose message data to selected proxies while protecting the data from being seen by other proxies. End-to-middle encryption uses “S/MIME CMS envelopedData” for one/multiple recipients. –An encrypted data for recipients. Data encrypted with a content-encryption-key (CEK). The CEK encrypted with each key-encryption-key (public keys) of recipients. e.g. a proxy, multiple proxies, proxy & UA. An indicator that specifies proxies which body it should inspect. –Proposal: A new parameter in Content-Disposition –Alternative: A new SIP header and Content-ID

6 Indicator of target data for intermediaries I prefer a new param in Content-Disposition over a new SIP header and Content-ID. 1.A “required-entity” param in Content-Disposition indicates a proxy which data is required to view. No additional SIP header is required. Integrity protection of the indication is relatively simple. When there is a data for proxy, it is easier to inspect the data.  Even there is no data for proxy, all bodies are inspected to find the param. 2.A new header contains content-id which is needed to be viewed by the indicated proxy. When there is no data for proxy, it is easy to find that out.  An additional header is required.  Integrity protection of the indicator requires inner headers with signature.  When there is a data for proxy, process for SIP header in addition to search Content-ID in MIME headers are required.

7 Example of option1: a new param in Content-Disposition e2m target body INVITE From: : Content-Type: xxx Content-Disposition: session; handling=optional; required-entity=proxy1-uri

8 Example of option 2: a new SIP header with Content-ID e2m target body INVITE From: : Proxy-xxx: proxy1-uri; cid=1234 Content-Type: xxx Content-ID: 1234

9 Option 1 with integrity protection of the indicator INVITE From: : Content-Type: xxx Content-Disposition: session; handling=optional; required-entity=proxy1-uri Signature e2m target body

10 Option 2 with integrity protection of the indicator e2m target body INVITE From: : Proxy-xxx: proxy1-uri; cid=1234 Content-Type: multipart/mixed Content-Type: message/sipfrag Content-Type: xxx Content-ID: 1234 From : Proxy-xxx: proxy1-uri; cid=1234 Signature

11 Key reuse mechanism Efficient way to encrypt multiple message in a dialog. This is based on RFC3185. Please read the draft and send me your comments.

12 Next Steps I will brush up the reqs. draft –Add analysis and categorization of usecases inband or out of band data target ( only proxy or both of proxy+UA ) I plan to continue to work on the mechanism drafts in the SIPPING/SIP WG.