SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

Slides:

Advertisements

Similar presentations

Inter WISP WLAN roaming

Advertisements

SIP, Presence and Instant Messaging

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Session-Independent Policies draft-ietf-sipping-session-indep-policy-01 Volker Hilt Gonzalo Camarillo

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

Signalling Flows for the IP Multimedia Call Control in 3G Wireless Network Master’s Project By Sanjeev Kayath.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

Rev A8/8/021 ABC Networks

TNC 2003 Wireless Campus project Coletta Elisa Marchioro -

SIP for Mobile Services Arjun Roychowdhury Hughes Software Systems.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Kyushu University Graduate School of Information Science and Electrical Engineering Department of Advanced Information Technology Supervisor: Professor.

1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.

A Gateway For SIP Event Interworking - Sasu Tarkoma & Thalainayar Balasubramanian Ramya.

Peer WLAN Consortium: A P2P Case Study Mobile Multimedia Laboratory Department of Informatics Athens University of Economics & Business Athens MMAPPS Meeting,

E J B J A V A X M L C O R B A M P L S D i f f S e r v I P V P N Q o S I P v 6 G P R S U M T S An Analysis.

Secure Authentication System for Public WLAN Roaming Ana Sanz Merino Yasuhiko Matsunaga Manish Shah Takashi Suzuki Randy Katz.

Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN

Issues of HIP in an Operators Network Nick Papadoglou Thomas Dietz.

Interworking Architecture Between 3GPP and WLAN Systems 張憲忠, 何建民, 黃瑞銘, 紀嘉雄, 李有傑.

Professor OKAMURA Laboratory. Othman Othman M.M. 1.

Doc.: IEEE /229r0 Submission Tan Pek-Yew, Panasonic Slide 1 March 2003 Interworking – QoS and Authorization Tan Pek Yew & Cheng Hong Panasonic.

1 Integrating 3G and WLAN Services in NTP SIP-based VoIP Platform Dr. Quincy Wu National Telecommunications Program Office

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.

Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.

Support Services & IP Multimedia Subsystem (IMS)

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

Professor OKAMURA Laboratory. Othman Othman M.M. 1.

COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSING Fifth International Symposium July, 2006, Patras, Greece Security in Wireless Networks:

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Larry Amiot Northwestern University Internet2 Commons Site Coordinator Training September 27, 2004 Austin, Texas Introduction to.

2003/12/291 Security Aspects of 3G-WLAN Interworking 組別： 2 組員：陳俊文 , 李奇勇 , 黃弘光 , 林柏均

A Conference Gateway Supporting Interoperability Between SIP and H.323 Jiann-Min Ho (Presenter) Jia-Cheng Hu Information Networking Institute Peter Steenkiste.

Introduction to SIP Larry Amiot Northwestern University Internet2 Commons Site Coordinator Training March 22, 2004 Indianapolis,

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.

CP-a Emergency call stage 2 requirements - A presentation of the requirements from 3GPP TS Keith Drage.

EAP Authentication for SIP & HTTP V. Torvinen (Ericsson), J. Arkko (Ericsson), A. Niemi (Nokia),

INTRODUCTION. 1.1 Why the Internet Protocol Multimedia Subsystem 1.2 Where did it come from?

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

輔大資工所在職研一報告人：林煥銘學號： Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.

1 © NOKIA Functionality and Testing of Policy Control in IP Multimedia Subsystem Skander Chaichee HUT/Nokia Networks Supervisor: Professor Raimo.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

Problem Scope Objective To demonstrate/determine clearly the need for an edge protocol that allows a user to interact with an agent in the network for.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.

S Postgraduate Course in Radio Communications. Application Layer Mobility in WLAN Antti Keurulainen,

1 Personal Mobility Management for SIP-based VoIP Services 王讚彬國立台中教育大學資訊工程學系

RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.

REST API to develop application for mobile devices Mario Torrisi Dipartimento di Fisica e Astronomia – Università degli Studi.

1 Implementation of IMS-based S-CSCF with Presence Service Jenq-Muh Hsu and Yi-Han Lin National Chung Cheng University Department of Computer Science &

Integration of and Third-Generation Wireless Data Networks

EA C451 Vishal Gupta.

Application Layer Mobility Management Scheme for Wireless Internet

AAA: A Survey and a Policy- Based Architecture and Framework

IEEE P vs IEEE Date: Authors:

TDR authentication requirements

Presentation transcript:

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome "Tor Vergata", Italy 2 Dpt. of Information Engineering - University of Parma, Italy

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Overview Scope  roaming amongst (WLAN-based) access networks WLAN access networks are widely used current wireless internet providers (WISPs) use different authentication schemes lack of an integrated and open authentication framework Goal  open solution for secure authentication in wireless (also wired) access scenario based on a distributed AAA architecture and on SIP protocol enabling the use through standard 3G terminals  testbed implementation Characteristics  captive portal like solution (layer-two independent)  based on SIP registration procedure

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Outline SIP authentication overview  Digest authentication  AKA  Digest-AKA Uni-Fy architecture SIP-based authentication scheme Implementation Future work

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP Digest authentication It follows a challenge-based scheme based on a shared secret for authentication purposes (as on HTTP authentication) Any time that a proxy server or UA receives a request, it MAY challenge the initiator of the request to provide assurance of its identity

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP AKA

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP Digest-AKA

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Uni-Fy Proposed solution based on Uni-Fy distributed access control system Uni-Fy characteristics  Wireless LAN/HotSpot management system with distributed authentication access and policy control other capabilities  authentication and authorization functions implemented at application layer  access control is applied at IP layer by means of firewalling capability  overall scheme can be viewed as a captive portal implementation  used within the TWELVE research project (developed by the University of Trento)

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Uni-Fy architecture

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Uni-Fy architecture Access network  through which mobile users can attach the rest of the network (e.g. Internet), and, after being successfully authenticated, gain connectivity towards it Gateway  acts as access router for the access network  enforces the policy rules (as PEP) dynamically setup by the Gatekeeper Gatekeeper  together with the Gateway enforces authentication procedure before granting access to mobile users  it works at application level redirecting specific application sessions to a proper authentication server Authentication Provider  directly or indirectly trusted by the Gatekeeper; application sessions are redirected to it in order to force a proper authentication procedure  implementation strictly depend on the specific application supported for authentication purpose (HTTP, SIP, others)  optionally uses a backend authentication server (an AAA server such as a RADIUS or Diameter server) and an LDAP or DB repository

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP GW and GK architecture GW and GK can be co-located or implemented on different nodes

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP-based authentication scheme Proposal of a captive-portal-like mechanism based on  access control scheme based on the Uni-Fy architecture open and flexible  SIP authentication procedure same signaling platform used for multimedia real-time service and used by 3G mobile networks When a mobile user roams into a new visited network  it tries to authenticate with his own SIP server  such procedure is intercepted by the local GK administrated by the visited ISP  the authentication procedure between the mobile user and his SIP server goes on with some modifications

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP extension For ISP-to-ISP authentication and correct authorization information retrieval an extension of the SIP authentication procedure is proposed Two new header fields defined  Proxy-To-Proxy-Authenticate (pp-authenticate) used to carry authentication request information sent by a generic intermediate proxy to authenticate a next-hop entity, in order to correctly trust information sent as response from such next hop entity inserted by the proxy within the second SIP request from the UAC to the next hop entity  Proxy-To-Proxy-Authorization (pp-authorization) used to carry authentication response information inserted in a SIP response message by the next hop entity in response to the pp-authenticate request

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Authentication scheme

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Implementation testbed Whole authentication and authorization scenario implemented in a testbed  based on the Uni-Fy access control mechanism GW and GK nodes have been realized based on the original Uni- Fy implementation (TWELVE project; ) GK plugin for SIP has been developed in C++  based on the reSIProcate C++ SIP stack library ( Proxy server (opportunely extended with proxy-to-proxy authentication) has been implemented in Java  based on the mjsip SIP stack library and reference implementation (

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Future Work Improve the actual shared secret mechanism between Uni-Fy and the next hop entity Access to the 3G SIM card in order to base the authentication procedure in the credentials stored in the SIM card

WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Thank you for your attention!! For further details, please contact: