sip-identity-04 Added new response codes for various conditions

Slides:

Advertisements

Similar presentations

MARTINI WG Interim draft-kaplan-martini-with-olive-00 Hadriel Kaplan.

Advertisements

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.

1 SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008 Return Routability Check draft-kuthan-sip-derive-00 Jiri

Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

1 A Path Forward on Identity Agreement on a problem space –We all agree that E.164 numbers don’t work well with RFC4474 –Less agreement about the requirements.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Draft-rosen-ecrit-emergency- framework-00 Brian Rosen NeuStar CPa

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

Discovery issues in atoca Brian Rosen. We need to handle several cases Some alerts are broadcast via some access network specific mechanism (multicast,

IETF 77 MARTINI WG draft-ietf-martini-reqs-02 John Elwell Hadriel Kaplan (editors)

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

(we need your advice!) Jon Peterson MIT– December 2010 IETF & Privacy.

7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.

Draft-elwell-sipping- redirection-reason-00 Author: John Elwell

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

SIP working group IETF#70 Essential corrections Keith Drage.

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

©Stephen Kingham SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005 By Stephen Kingham

Congestion Safety Changes and Issues draft-ietf-sip-congestsafe-01.

Open issues from SIP list Jonathan Rosenberg dynamicsoft.

GRUU Jonathan Rosenberg Cisco Systems. Changes in -06 Editorial as a result of RFC-ED early copy experiment.

Call Completion using BFCP draft-roach-sipping-callcomp-bfcp IETF 67 – San Diego November 7, 2006.

GIN with Literal AoRs for SIP in SSPs (GLASS) draft-kaplan-martini-glass-00 Hadriel Kaplan.

SIPPING Drafts Jonathan Rosenberg dynamicsoft. Conferencing Package Issues Only one – scope Depends on broader work in conferencing May include –Participant.

Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.

SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.

Jonathan Rosenberg dynamicsoft

NodeJS Security Using PassportJS and HelmetJS:

IP: Addressing, ARP, Routing

Telephone Related Queries (TeRQ)

Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.

SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005

SIP over MANETs Introduction to SIP SIP vs MANETs Open Issues

THIS IS THE WAY ENUM Variants Jim McEachern

IP-NNI Joint Task Force Status Update

Jonathan Rosenberg dynamicsoft

ECRIT Interim: SIP Location Conveyance

Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.

Consent-based Communications in SIP draft-ietf-sipping-consent-reqs-04

Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)

Secure Sockets Layer (SSL)

Request History Capability – Requirements & Solution

Outline Basics of network security Definitions Sample attacks

Examining Session Policy Topologies

Request-URI Param Delivery

Session Initiation Protocol (SIP)

Whether you decide to use hidden frames or XMLHttp, there are several things you'll need to consider when building an Ajax application. Expanding the role.

Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol (SIP) draft-johnston-bliss-mla-req-00.

draft-ietf-geopriv-lbyr-requirements-02 status update

IP-NNI Joint Task Force Status Update

Verstat Related Best Practices

Application layer Lecture 7.

Hannes Tschofenig Henning Schulzrinne M. Shanmugam

HTTP Hypertext Transfer Protocol

draft-ipdvb-sec-01.txt ULE Security Requirements

RFC PASSporT Construction 6.2 Verifier Behavior

Doug Bellows – Inteliquent 10/4/2018

IETF 101 (London) STIR WG Mar2018

Simulation of Session Initiation Protocol

Proposal for a Generic Emergency Call Support

Lecture 3: Secure Network Architecture

IP Interconnection Profile

Outline Basics of network security Definitions Sample attacks

Shared Infrastructure

Presentation transcript:

sip-identity-04 Added new response codes for various conditions Softened ‘direct TLS connection’ requirement Added support for CID URI in Identity-Info Added some non-normative text about requests in the backwards direction within a dialog

New Open Issues Fixing 6.1 Display-name handling Should the identity signature cover the display-name? Transitional authorization policy How do you know if a domain supports sip-identity? Privacy interaction RFC3323 isn’t so current anymore URI scheme for Identity-Info Should SIPS be an option? Or should it just be a fetch (like, HTTP) Applicability to REGISTER tel URI handling domain certs v. end-user certs Name subordination rules

What is Response Identity? A mechanism that allows UACs to detect that responses come from an impersonator Flip side of request identity sip-identity-04 wouldn’t work if it were applied as-is to responses (assuming flipping From for To) The problem: signature over the To header field in a response would come from the actual ‘connected’ domain -Not- the original target domain of the request, when retargeting has taken place Thus, the root cause of response identity problems is retargeting That is, if there were no retargeting, response identity would “just work”

Response Identity is Hard™ Issues: Who are you impersonating when you forge a response? What are intermediaries authorized to do when routing SIP requests? How would a UAC make authorization decisions on the basis of response identity? Architectural properties that make this harder: Lack of distinction between AoRs and contract addresses and ‘identities’

Impersonate who? Biggest difference between request and response identity is: In a transaction, a request can only come from one identity… But a response can legitimately come from tens or hundreds or thousands of entities Who is authorized to respond to a request? The set of corresponding addresses in the location service of the target domain But, that is just a logical concept – a domain can populate location services arbitrarily So who might an impersonator impersonate? The original target URI is one possibility As are any translated contacts (possibly a very large set) if known by the adversary But, an impersonator can just “be themselves” – how would a UAC know that they aren’t authorized? This is our first hint that the problem is architectural

Identities, AoRs, and contacts When I respond legitimately, who am I, really? I may be capable of registering under many AoRs I don’t just have one unique identity – which one should I use? The identity to which a request was originally sent may be a valid AoR for the respondent E.g., a request to jon.peterson@neustar.com redirected to jon.peterson@neustar.biz Does retargeting change the identity from which you respond? Should it? What about non-AoR targets (contact addresses)? The ultimate target of a request isn’t likely to be an AoR No way to tell from inspecting a URI if it represents a user, device, or what have you Sipping-sip-arch 4.3

Difficulty of Response Impersonation Huge difference in threat model between request and response identity Request identity: adversary can forge a From header field Requires adversary to control their own device Response identity: Adversary can eavesdrop on traffic to capture transaction/dialog identifiers Adversary can suppress or somehow complement legitimate responses Adversary can reinsert forged responses into any existing persistent transport-layer connections Actually impersonating a legitimate respondant requires a great deal of sophistication

What is the solution space? Strategy 1: Increase transaction security Try to prevent adversaries from learning enough about transactions/dialogs to forge responses Strategy 2: Provide a causal trace of intermediary agency after the fact E.g., Request History (post-facto authorization at UAC) Each intermediary sending a backwards-direction NOTIFY (i.e., an implicit SUBSCRIBE) Strategy 3: Let the UAC explore new targets for a request rather than an intermediary E.g., Redirection (before the fact authorization at UAC) Spidering contacts via presence before sending a “real” request Strategy 4: Essentially do nothing – bar for attackers is high enough that we shouldn’t worry

Permissions of Intermediaries The architectural problem: A UAC wants to authorize a specific intermediary to change the target of a request That intermediary, in turn, wants to authorize a specific set of respondants to provide responses Any response outside of that set is NOT authorized

Authorization Decisions at UACs