Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-ono-sipping-end2middle-security-00 1 End-to-middle Security in SIP Kumiko Ono NTT Corporation July 17, 2003.

Published byHarold Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Draft-ono-sipping-end2middle-security-00 1 End-to-middle Security in SIP Kumiko Ono NTT Corporation July 17, 2003."— Presentation transcript:

1 draft-ono-sipping-end2middle-security-00 1 End-to-middle Security in SIP Kumiko Ono ono.kumiko@lab.ntt.co.jp NTT Corporation July 17, 2003

2 draft-ono-sipping-end2middle-security-00 2 Problems RFC3261’s end-to-end encryption may conflict with some features provided by intermediaries. –They may reject or drop encrypted data without notifying the UAs. –They may unable to offer certain features that should be provided to users. SIP needs “end-to-middle encryption” that can work with end-to-end encryption using S/MIME.

3 draft-ono-sipping-end2middle-security-00 3 Use cases of “end-to-middle security” 1.Logging services Instant message logging or other logging for enterprise use (e.g. financial or healthcare industries) 2.Hotspot services Connecting to home SIP server via partially-trusted proxy (e.g. from a Internet café) 3.Session-policy by J. Rosenberg This could be used as a mechanism for parts of the session-policy setup under certain specific conditions. 4.Transcoding by G. Camarillo Provide secure way to setup transcoding services??

4 draft-ono-sipping-end2middle-security-00 4 Reference models Case #1 The 1 st -hop SIP proxy is trusted by the user. The trustworthiness of the next-hop SIP proxy is unknown. Case #2 The user communicates with a trusted SIP proxy, but the trustworthiness of the 1 st -hop SIP proxy is not known to the user. UAC UAS UAC UAS

5 draft-ono-sipping-end2middle-security-00 5 Example of Case #1 Worried patient or nurse Hospital’s proxyVisited network’s proxy Doctor who is out playing golf A user needs to urgently and securely contact a doctor and also must log SDP at hospital proxy server. (This is hospital policy.)

6 draft-ono-sipping-end2middle-security-00 6 Example of Case #2 Fund manager on a business trip in Japan Enterprise network’s logging proxy Internet café’s proxy, SIP public phone or WiFi roaming services A colleague at headquarters The fund manager wants to protect his instant messages that include confidential financial information from being inspected by the hostile proxy.

7 draft-ono-sipping-end2middle-security-00 7 Relationship to Session-Policy One possible mechanism to implement for part of the session policy feature. In session-policy, proxies express the session policies. Proxy server policies, not user policies, can be defined. In end-to-middle security, users can securely request services that are provided by proxies for a session.

8 draft-ono-sipping-end2middle-security-00 8 Proposed Mechanism This approach allows a UA to disclose message data to selected intermediaries while protecting the data from being seen by other intermediaries. End-to-middle encryption uses for “S/MIME CMS EnvelopedData” for multiple destinations. The EnvelopedData structure contains; –Data encrypted with a content-encryption-key (CEK). –The CEK encrypted with two different key-encryption- keys, that are public keys. One for the opposite-side UA (end-to-end). One for the selected proxy (end-to- middle). This approach can use S/MIME SignedData to additionally provide integrity.

9 draft-ono-sipping-end2middle-security-00 9 Open Issues How does a UA request proxies to inspect an S/MIME body? How does a UA request the opposite-side UA to reuse the content-encryption-key? How does this draft interact with M. Barnes’ middle-to-end header security draft ?

10 draft-ono-sipping-end2middle-security-00 10 Next Steps Is there sufficient interest in the SIPPING WG to continue this work? Should I split this draft into the following? –Requirements for end-to-middle security –Mechanism for end-to-middle security –Mechanism for bidirectional key exchange for S/MIME

11 draft-ono-sipping-end2middle-security-00 11 Thanks!! Please send feedback to Kumiko Ono ono.kumiko@lab.ntt.co.jp.

Download ppt "Draft-ono-sipping-end2middle-security-00 1 End-to-middle Security in SIP Kumiko Ono NTT Corporation July 17, 2003."

Similar presentations

SIP, Presence and Instant Messaging

SIP, Presence and Instant Messaging
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
www.dynamicsoft.com IM 2000 -- May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
2N Telekomunikace a.s. VoIP Products.

2N Telekomunikace a.s. VoIP Products.
Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.
Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Session-Independent Policies draft-ietf-sipping-session-indep-policy-01 Volker Hilt Gonzalo Camarillo

Session-Independent Policies draft-ietf-sipping-session-indep-policy-01 Volker Hilt Gonzalo Camarillo
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
Sharmistha Chatterjee 82349D 82349D Helsinki University of Technology Instant Messaging and Presence with SIP.

Sharmistha Chatterjee 82349D 82349D Helsinki University of Technology Instant Messaging and Presence with SIP.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Fredrik Lindholm 52st IETF Meeting 1Key management extensions Key Management Extensions for SDP and RTSP.

Fredrik Lindholm 52st IETF Meeting 1Key management extensions Key Management Extensions for SDP and RTSP.
1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.

1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.

Similar presentations

Ads by Google