TDR authentication requirements

Slides:

Advertisements

Similar presentations

dynamicsoft Inc. Proprietary VON Developers Conference 1/19/00 C O N N E C T I N G T H E W O R L D W I T H A P P L I C A T I O N S.

Advertisements

Voice over IP Fundamentals

Layer 2 Tunneling Protocol (L2TP)

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.

CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 15 Introduction to Networks and the Internet.

12 July 2015 Requirements for prioritized access to PSTN resources Henning Schulzrinne Columbia University superset of draft-schulzrinne-ieprep-resource-req-00.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Internet, Part 2 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support 3) Mobility aspects (terminal vs. personal mobility) 4) Mobile.

Internet, Part 2 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support 3) Mobility aspects (terminal vs. personal mobility) 4) Mobile.

Service Oriented VoIP (SOVoIP): True Convergence of Data and Voice Networks Presented By Mohammed Jubaer Arif Supervisors Dr Shanika Karunasekera and Dr.

Objectives: Chapter 5: Network/Internet Layer  How Networks are connected Network/Internet Layer Routed Protocols Routing Protocols Autonomous Systems.

Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.

Hemant Sengar, George Mason University

Future Emergency Telecommunication Scenarios over the Internet Dr. Ken Carlberg Emergency Telecommunications Workshop 26’th-27’th,

George Tsirtsis “BURP Requirements behind draft-ietf-dhc-aaa-ra-00.txt”

Module 10: How Middleboxes Impact Performance

ACHIEVING MULTIMEDIA QOS OVER HYBRID IP/PSTN INFRASTRUCTURES QOS Signalling and Media Gateway Control ITU-T SG13/SG16 Workshop on IP Networking and Mediacom.

CSE5803 Advanced Internet Protocols and Applications (14) Introduction Developed in recent years, for low cost phone calls (long distance in particular).

PTCL Training & Development1 H.323 Terminals Client end points on the network IP phones, PCs having own OS Terminals running an H.323 protocols and the.

Peer-to-Peer Solutions Between Service Providers David A. Bryan CTO, Jasomi Networks October 10, 2002 – Fall VON, Atlanta, GA.

COM594: Mobile Technologies Location-Identifier Separation.

Internet Telephony 1 Reference Architecture of R00.

1 NSIS: A New Extensible IP Signaling Protocol Suite Myungchul Kim Tel:

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

Firewalls, Network Address Translators(NATs), and H.323

BANANA BOF Scope & Problem Description

Advanced Computer Networks

VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.

Virtual Private Networks

Review of new Question descriptions under ITU-T SG11

IP Telephony (VoIP).

NET 3710 WAN Data Networks.

Implementing Quality of Service (QoS)

Microsoft Windows NT 4.0 Authentication Protocols

Inter domain signaling protocol

Internet and Intranet Fundamentals

Internet, Part 2 1) Session Initiating Protocol (SIP)

Deploying IP Telephony

EA C451 Vishal Gupta.

Network Layer Goals: Overview:

Network and Services Management

QOS Requirements for Real-Time Services over IP

Implementing TMG Server Publishing

BANANA BOF Scope & Problem Description

PPPoE Internet Point to Point Protocol over Ethernet

Internet, Part 2 1) Session Initiating Protocol (SIP)

Session Co-Chairs: Neal Seitz – Vice Chair, SG 13; Chair, WP 4/13

Gary Thom President, Delta Information Systems, Inc.

VoIP—Voice over Internet Protocol

Overview of ETS in IPCablecom Networks

Dynamic Management for End-to-end IP QoS

Alain Le Roux Geneva, 14 November 2002

Chapter 12: Circuit Switching and Packet Switching

The University of Adelaide, School of Computer Science

Session 8 Performance and security aspects

Emergency Calling Services (Calls for police, fire, ambulance, etc.)

Traffic Processing in the Internet

Introduction to Network Security

The Interworking of IP Telephony with Legacy Networks

Anup K.Talukdar B.R.Badrinath Arup Acharya

CIS679: Two Planes and Int-Serv Model

Advanced Computer Networks

VoIP Signaling Protocols Framework

Topic 12: Virtual Private Networks

Discussion Issues on IMS-based NGN

Presentation transcript:

TDR authentication requirements Dr. Ian Brown University College London

Key Requirements for full TDR service Verify TDR authorisation at originating, terminating and intermediate network nodes Minimise impact of Denial of Service attacks 29.08.2019

Three stage authorisation Verify user’s TDR credentials Verify signalling is from authorised user Verify data flows are part of an authorised session 29.08.2019

Credential verification mechanisms GETS: PIN entered by user GSM/TIPHON: challenge-response registration protocol between user device, local and home networks. User enters PIN to device SIP: HTTPS with client authentication used to fetch token? 29.08.2019

Verifying user credentials Ideally done by local domain e.g. GSM, TIPHON retrieve user profile allows local transport priority – edge networks important, as most likely to suffer congestion Otherwise done remotely e.g. GETS, SIP proxy 29.08.2019

Verifying signalling In trusted federation of domains, may rely on ingress policing But this has problems with transitive trust, DoS and complex network topologies which are difficult to map to international TDR agreements Possibility of independent verification better 29.08.2019

Authorisation token IP client obtains token from server like tdr.ncs.gov Token included in SIP call setup message and can be verified by SIP nodes along whole path to IP endpoint Endpoint can interrupt lower priority sessions or take other TDR-specific action International Emergency Priority Parameter proposed for ISUP, B-ISUP and BICC CS‑2 29.08.2019

Flow verification Session setup most important in Circuit Switched Networks But Packet Switched Networks need mechanism to differentiate specific packet flows 29.08.2019

QoS mechanisms DiffServ, RSVP, MPLS all possibilities All unpopular inter-domain with ISPs due to potential security problems between untrusted networks Hardest remaining problem for multi-domain networks! 29.08.2019

Gateway support Gateways must translate TDR markings appropriately, and carry authorisation through if possible Cryptographic link between IP source and PSTN gateway allows PSTN priority even without IP-side support. But gateway should check authorisation on destination network first 29.08.2019

VoIP scenarios ISP Internetwork Single IP backbone network connecting SS7 switches Authorisation done in PSTN ISUP tunnelled in SIP Legacy Telco Networks SS7 IP (SIP or H.323) SS7 PSTN IP Domains Internetwork Home+access network authorise transport priority Proxy/gateway authorises session and PSTN priority ISP ...Rest of the Internet 29.08.2019