Presentation is loading. Please wait.

Presentation is loading. Please wait.

ATOCA & Security Hannes Tschofenig. Two Phases 2 Subscription Alert Delivery Re-use of Common Mechanism.

Published byAlexandra Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "ATOCA & Security Hannes Tschofenig. Two Phases 2 Subscription Alert Delivery Re-use of Common Mechanism."— Presentation transcript:

1 ATOCA & Security Hannes Tschofenig

2 Two Phases 2 Subscription Alert Delivery Re-use of Common Mechanism.

3 Subscription RFC 3265 talks about: – Access Control – Denial-of-Service attacks (of server’s and third parties) – Replay Attacks – Man-in-the middle attacks Event packages may describe additional considerations. XEP 60 covers similar aspects. 3

4 Message Delivery 4 Author Originator Relay Gateway Relay Receiver Recipient Message Handling System

5 KSTO1055887203 KSTO@NWS.NOAA.GOV 2003-06-17T14:57:00-07:00 Actual Alert Public Met SEVERE THUNDERSTORM Severe Likely NATIONAL WEATHER SERVICE SACRAMENTO SEVERE THUNDERSTORM WARNING SEVERE THUNDERSTORM OVER SOUTH CENTRAL ALPINE COUNTY… TAKE COVER IN A SUBSTANTIAL SHELTER UNTIL THE STORM PASSES BARUFFALDI/JUSKIE EXTREME NORTH CENTRAL TUOLUMNE COUNTY IN CALIFORNIA, EXTREME NORTHEASTERN CALAVERAS COUNTY IN CALIFORNIA, SOUTHWESTERN ALPINE COUNTY IN CALIFORNIA 38.47,-120.14 38.34,-119.95 38.52,-119.74 38.62,-119.89 38.47,-120.14 Author

6 MESSAGE sip:aggregator@domain.com SIP/2.0 Via: SIP/2.0/TCP relay.domain.com;branch=z9hG4bK776sgdkse Max-Forwards: 70 From: sip:dean@school.example.edu;tag=49583 To: sip:tony@foobar.com Call-ID: asd88asd77a@1.2.3.4asd88asd77a@1.2.3.4 CSeq: 1 MESSAGE Content-Type: common-alerting-protocol+xml Content-Length:... …… 6 Originator Receiver

7 Message Delivery: Communication Security 7 Originator Receiver SIP/XMPP End-to-End Security Mechanisms Authentication of originator Integrity protection Confidentiality protection Example mechanisms: S/MIME SIP Identity, PAI

8 Message Delivery: Alert Security 8 Originator Receiver CAP security Authentication and integrity protection Uses XML Digital Signatures Author Recipient

9 Example 9 Author Originator Relay Receiver Recipient Message Handling System Plain CAP Alert TLS PAI Alert OK? SIP Msg OK?

10 Authorization Alert delivery: – Where do the root certs come from? – Once digital signature is verified what check is supposed to be performed to the author’s identity? More likely that underlying SIP/XMPP communication architecture will be utilized!? – Fewer problems where prior subscription step is performed. E.g. School case – Originator’s identity is asserted via SIP mechanisms. – How to deal with messages from unknown authors/originators that appear out of the blue? 10

Download ppt "ATOCA & Security Hannes Tschofenig. Two Phases 2 Subscription Alert Delivery Re-use of Common Mechanism."

Similar presentations

Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
SIP Security Matt Hsu.

SIP Security Matt Hsu.
SIP Security Henning Schulzrinne Columbia University.

SIP Security Henning Schulzrinne Columbia University.
SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) Reporter : Allen.

SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) Reporter : Allen.
Chapter 8 Web Security.

Chapter 8 Web Security.
Session Initiation Protocol (SIP) Event Package for the Common Alerting Protocol (CAP) B. Rosen, H. Schulzrinne, H. Tschofenig.

Session Initiation Protocol (SIP) Event Package for the Common Alerting Protocol (CAP) B. Rosen, H. Schulzrinne, H. Tschofenig.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.

Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical.

Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

Similar presentations

Ads by Google