ATOCA & Security Hannes Tschofenig. Two Phases 2 Subscription Alert Delivery Re-use of Common Mechanism.

Slides:

Advertisements

Similar presentations

Cryptography and Network Security

Advertisements

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

Cryptography and Network Security Chapter 17

SIP Security Matt Hsu.

SIP Security Henning Schulzrinne Columbia University.

SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) Reporter : Allen.

Chapter 8 Web Security.

Session Initiation Protocol (SIP) Event Package for the Common Alerting Protocol (CAP) B. Rosen, H. Schulzrinne, H. Tschofenig.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

CS 4720 Security CS 4720 – Web & Mobile Systems. CS 4720 The Traditional Security Model The Firewall Approach “Keep the good guys in and the bad guys.

Session Initiation Protocol Team Members: Manjiri Ayyar Pallavi Murudkar Sriusha Kottalanka Vamsi Ambati Girish Satya LeeAnn Tam.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date:

Chapter 21 Distributed System Security Copyright © 2008.

Requirements, Terminology and Framework for Exigent Communications H. Schulzrinne, S. Norreys, B. Rosen, H. Tschofenig.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Presented By Team Netgeeks SIP Session Initiation Protocol.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 21 – Internet Security.

Elin Sundby Boysen Lars Strand Norwegian Defence Research Establishment (FFI) Norwegian Computing Center (NR) University Graduate Center (UNIK) November.

Discovery issues in atoca Brian Rosen. We need to handle several cases Some alerts are broadcast via some access network specific mechanism (multicast,

(c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/ Nobuhiro Electric.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

Quiz Problem – Draw Ladder Diag. INVITE SIP/ :19: INFO SIP ::send_sip_udp Send to: udp: :5060.

Infrastructure Service Approach to Handling Security in Service-Oriented Architecture Business Applications Doina Iepuras.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.

SIP Security Issues : The SIP Authentication Procedure and its Processing Load Speaker: Lin-Yi Wu Advisor : Prof. Yi-Bing Lin Date : 2003/04/09.

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

1 RFC4028 Session Timer in the Session Initiation Protocol Speaker ： Ying Shun Lin Adviser ： Quincy Wu.

Replay Attacks.

SIP Event Lists Adam Roach 3/17/2003. Major Changes No longer a template; now simply an extension (using Supported/Require). Arbitrary nesting of lists.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

The Session Initiation Protocol - SIP

Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.

1 GDOI Changes to Update Draft draft-ietf-msec-gdoi-update-01 Sheela Rowles Brian Weis.

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

6.033 Quiz3 Review Spring How can we achieve security? Authenticate agent’s identity Verify the integrity of the request Check the agent’s authorization.

Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden

Cullen Jennings S/MIME Certificates Cullen Jennings

Cryptography and Network Security

S/MIME T ANANDHAN.

Cryptography and Network Security

Security in ebXML Messaging

Securing the CASP Protocol

Cryptography and Network Security

Presentation transcript:

ATOCA & Security Hannes Tschofenig

Two Phases 2 Subscription Alert Delivery Re-use of Common Mechanism.

Subscription RFC 3265 talks about: – Access Control – Denial-of-Service attacks (of server’s and third parties) – Replay Attacks – Man-in-the middle attacks Event packages may describe additional considerations. XEP 60 covers similar aspects. 3

Message Delivery 4 Author Originator Relay Gateway Relay Receiver Recipient Message Handling System

KSTO T14:57:00-07:00 Actual Alert Public Met SEVERE THUNDERSTORM Severe Likely NATIONAL WEATHER SERVICE SACRAMENTO SEVERE THUNDERSTORM WARNING SEVERE THUNDERSTORM OVER SOUTH CENTRAL ALPINE COUNTY… TAKE COVER IN A SUBSTANTIAL SHELTER UNTIL THE STORM PASSES BARUFFALDI/JUSKIE EXTREME NORTH CENTRAL TUOLUMNE COUNTY IN CALIFORNIA, EXTREME NORTHEASTERN CALAVERAS COUNTY IN CALIFORNIA, SOUTHWESTERN ALPINE COUNTY IN CALIFORNIA 38.47, , , , , Author

MESSAGE SIP/2.0 Via: SIP/2.0/TCP relay.domain.com;branch=z9hG4bK776sgdkse Max-Forwards: 70 From: To: Call-ID: CSeq: 1 MESSAGE Content-Type: common-alerting-protocol+xml Content-Length:... …… 6 Originator Receiver

Message Delivery: Communication Security 7 Originator Receiver SIP/XMPP End-to-End Security Mechanisms Authentication of originator Integrity protection Confidentiality protection Example mechanisms: S/MIME SIP Identity, PAI

Message Delivery: Alert Security 8 Originator Receiver CAP security Authentication and integrity protection Uses XML Digital Signatures Author Recipient

Example 9 Author Originator Relay Receiver Recipient Message Handling System Plain CAP Alert TLS PAI Alert OK? SIP Msg OK?

Authorization Alert delivery: – Where do the root certs come from? – Once digital signature is verified what check is supposed to be performed to the author’s identity? More likely that underlying SIP/XMPP communication architecture will be utilized!? – Fewer problems where prior subscription step is performed. E.g. School case – Originator’s identity is asserted via SIP mechanisms. – How to deal with messages from unknown authors/originators that appear out of the blue? 10