Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

Slides:

Advertisements

Similar presentations

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

Skype Connected to a SIP PBX

Session Initiation Protocol (SIP) By: Zhixin Chen.

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

SIP Session Initiation Protocol Short Introduction Artur Hecker, ENST.

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人：向峻霈.

Fall VON - September 28, 1999 C O N N E C T I N G T H E W O R L D W I T H A P P L I C A T I O N S SIP - Ready to Deploy Jim Nelson,

A Risk Analysis Approach for Biometric Authentication Technology Author: Arslan Brömme Submission: International Journal of Network Security Speaker: Chun-Ta.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Session Initiation Protocol (SIP) 王承宇張永霖.

An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.

多媒體網路安全實驗室 A novel user authentication and privacy preserving scheme with smartcards for wireless communications 作者 :Chun-Ta Li,Cgeng-Chi Lee 出處 :Mathematical.

Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :

Voice over IP by Rahul varikuti course instructor: Vicky Hsu.

Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

Voice over IP B 林與絜.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.

A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:

Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)

Providing secure mobile access to information servers with temporary certificates Diego R. López

CSE5803 Advanced Internet Protocols and Applications (14) Introduction Developed in recent years, for low cost phone calls (long distance in particular).

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and.

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

The Session Initiation Protocol - SIP

KERBEROS SYSTEM Kumar Madugula.

3/10/2016 Subject Name: Computer Networks - II Subject Code: 10CS64 Prepared By: Madhuleena Das Department: Computer Science & Engineering Date :

University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.

Analysis of SIP security Ashwini Sanap ( ) Deepti Agashe ( )

Threshold password authentication against guessing attacks in Ad hoc networks Authors: Zhenchuan Chai, Zhenfu Cao, Rongxing Lu Sources: Ad Hoc Networks,

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

Cryptography CSS 329 Lecture 13:SSL.

Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.

A Secure Authentication Scheme with Anonymity for Wireless Communications IEEE COMMUNICATIONS LETTERS, VOL. 12, NO. 10, OCTOBER 2008 Chia-Chun Wu, Wei-Bin.

Web Server Management: Securing Access to Web Servers Jon Warbrick University of Cambridge Computing Service.

An Efficient and Practical Authenticated Communication Scheme for Vehicular Ad Hoc Networks Source: IEEE Transactions on Vehicular Technology, Reviewing.

IP Telephony (VoIP).

SIP over MANETs Introduction to SIP SIP vs MANETs Open Issues

Cryptanalysis on Mu–Varadharajan's e-voting schemes

A secure and traceable E-DRM system based on mobile device

Efficient password authenticated key agreement using smart cards

A Private Key System KERBEROS.

Unit 8 Network Security.

Advanced Computer Networks

Electronic Payment Security Technologies

Presentation transcript:

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )

2 Outline  Introduction on VoIP  SIP call setup procedure  Proposed authentication scheme  Performance analysis  Comments

3 Introduction on VoIP (Voice over IP) ． H.323( ITU-T Recommendation H.323) ，是目前最普遍用於 VoIP 的標準． MGCP( Media Gateway Control Protocol) ，媒體閘道控制協定． SIP(Session Initiation Protocol) ，是 IETF 於 1999 年 3 月所制定的通信協定

4 Introduction on VoIP (cont.)  SIP (Session Initiation Protocol) H.323 是針對區域網路所設計且架構繁雜，所以應用上的技術限制較多，而 SIP 是屬於 OSI 應用層（ Application Layer ）的協定，作為起始、維護和結束一個會議的控制協定。 SIP 採用類似 HTTP 協定 Client-Server 的架構，在封包的處理上 SIP 更可以利用 HTTP 既有的封包資料，而不像 H.323 的封包那樣必須保留很多傳輸上的資訊，所以 SIP 非常適用於網際網路的傳輸架構。 SIP 裡有定義了 Client-Server 的架構， SIP 的 Client 包含了 User Agent Client （ UAC ）及 User Agent Server （ UAS ），首先發出要求（ request ）稱為 User Agent Client ，接受 Call 的一方則叫做 User Agent Server ，它們可存在於軟體電話或 SIP Phone 上。 SIP Server 上包含了三種的服務，一是 Proxy service ，二是 Redirect service ，三是 Registration service

5 SIP call setup procedure

6 Proposed authentication scheme  Notations // The proxy server and registrar server hold the public key certificate issued by the certification authorities //

7 Proposed authentication scheme (cont.)  Registration User Client Registrar Server I UC PW UC PW UC = H[N || I UC ] // N: secret key Secure channel I RS, r and H. r = H[N || I RS ] ⊕ H[N || I UC ] ⊕ I RS ⊕ I UC

8 Proposed authentication scheme (cont.)  The authentication protocol n = r ⊕ PW UC L = H(PW UC ⊕ TS UC ) [R 0 ] L // R 0 : random number A = n, [R 0 ] L, I RS, TS UC User Client Proxy Server ． Check the timestamp ． Compute its signature

9 Proposed authentication scheme (cont.)  The authentication protocol Proxy Server Registrar Server ． Compute Signature of PS = E KR PS (H[σ, n, [R 0 ] L, TS UC, C PS ]) // KR PS : PS ’ s private key // σ: PS ’ s secret random // C PS : PS ’ s certificate B = σ,n, [R 0 ] L, Signature of PS, TS PS, C PS ． Check the timestamp ． Validate the certificate ． Verify UC ’ s identity

10 Proposed authentication scheme (cont.)  The authentication protocol Proxy Server Registrar Server ． Verify UC ’ s identity I UC =? I RS ⊕ n ⊕ H[N || I RS ] ． Compute temporary key L L =H[TS UC ⊕ H[N || I UC ]] ． Decrypt the message [R 0 ] L to obtain R 0 ． Encrypt H[I UC ] and R 0 with PS ’ s public key KU PS C =γ,E KU PS (H[I UC ],R 0 ), Signature of RS, TS RS, C RS ． Compute Signature of RS = E KR RS (H[σ,γ,E KU PS [H[I UC ],R 0 ]) // γ: RS ’ s secret random

11 Proposed authentication scheme (cont.)  The authentication protocol User Client Proxy Server ． Check the timestamp ． Validate the certificate ． Verify the received parameters ． Issue a temporary certificate TC UC to the UC ． Compute session key SK, SK = H[I UC ] ⊕ R 0 ． Store H[I UC ] and R 0 D = [TC UC ] SK

12 Proposed authentication scheme (cont.)  Call progress period Calling User Client (UC) Calling User Server (US) [R i || TC UC ] SK i // SK i = H[I UC ] ⊕ R i-1, i = 1,2, …,n ． Validate the certificate TC UC ． Store R i in order to compute the next session key and provides connection for calling UC ． Verify the integrity of the message

13 Performance analysis  Computation load in the protocol  Delay budget

14 Comments  About R 0 It only shared with UC, PS and RS How could US compute SK i without knowing R 0 to decrypt the message  How to provide the integrity of the message in media transmission phase  16 typos Evaluation of Paper: Confirmatory Recommendation: Revise with major