Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP Authentication using CHAP-Password

Published byGeorges Desjardins Modified over 5 years ago

Similar presentations

Presentation on theme: "SIP Authentication using CHAP-Password"— Presentation transcript:

1 SIP Authentication using CHAP-Password
draft-byerly-sip-radius-00.txt Bryan J. Byerly David Williams

2 Problem and Objectives
HTTP-Digest user authentication is not compatible with deployed backend Radius servers. SIP user authentication (RFC2617) and Radius (RFC 2138) user authentication run MD5 over differently formatted messages. Objective Provide mechanism to allow authentication of users using deployed Radius servers. Advantageous to ISPs deploying SIP voice service to PPP customers Approaches Extend SIP to support CHAP-Password Extend Radius to support HTTP-Digest

3 Comparison of hash formats
CHAP-Password: MD5 MD5(seqnum, user-password, nonce) HTTP-Digest: MD5 MD5(unq(username-value) “:” unq(realm-value) “:” password) HTTP-Digest: MD5-sess MD5(unq(username-value) “:” unq(realm-value) “:” password “:” unq(nonce-value) “:” unq(cnonce-value))

4 SIP User Authentication using Radius backend
SIP client SIP proxy RADIUS server INVITE Access-Request Access-Accept 407 Proxy Authorization Required Proxy-Authenticate: CHAP-Password ;algorithm="MD5" ;id=0 ;nonce="cccccccccccccccccccccccccccccccc" INVITE Proxy-Authorization: CHAP-Password ;username="byerly" ;algorithm="MD5" ;id=0 ;response="dddddddddddddddddddddddddddddddd" CHAP-Password=(dddddddddddddddddddddddddddddddd)

5 Future Remaining issues Proposed next steps
Multiple Proxy-Authorization headers (semicolon vs. comma separated tags) Is additional complexity of Mahler draft necessary? Reflection attack in trusted side of network Proposed next steps SIP WG item Standards track

Download ppt "SIP Authentication using CHAP-Password"

Similar presentations

SIP Session-ID draft-kaplan-sip-session-id-02 Hadriel Kaplan.

SIP Session-ID draft-kaplan-sip-session-id-02 Hadriel Kaplan.
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Advanced Flooding Attack on a SIP Server Xianglin Deng, Canterbury University Malcolm Shore, Canterbury University & Telecom NZ.

Advanced Flooding Attack on a SIP Server Xianglin Deng, Canterbury University Malcolm Shore, Canterbury University & Telecom NZ.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, 2008 ~ndk/apanSIP.pdf.

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
SIP Authentication using CHAP-Password Bryan J. Byerly David Williams draft-byerly-sip-radius-00.txt.

SIP Authentication using CHAP-Password Bryan J. Byerly David Williams draft-byerly-sip-radius-00.txt.
The Elbert HTTP Server HTTP Authentication, providing security in tough times By: Shawn M. Jones.

The Elbert HTTP Server HTTP Authentication, providing security in tough times By: Shawn M. Jones.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,

History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,
SIP Security Matt Hsu.

SIP Security Matt Hsu.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)
Brian Dwyer – CITA370. Introduction  Network Device Security  Identity Management AAA Process Model ○ Authentication ○ Authorization ○ Accounting (Sometimes.

Brian Dwyer – CITA370. Introduction  Network Device Security  Identity Management AAA Process Model ○ Authentication ○ Authorization ○ Accounting (Sometimes.

Similar presentations

Ads by Google