1 Presentation_ID © 1998, Cisco Systems, Inc. SIP Security Status Michael Thomas

Slides:

Advertisements

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

Advertisements

IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-kivinen-mobike-design-00.txt Tero Kivinen

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Password?. Project CLASP: Common Login and Access rights across Services Plan

November IPsec Remote Access BOF Washington D.C. November

VoIP – Security Considerations An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.

SIP Security Michael Thomas Status First Cut of Requirements Draft –draft-thomas-sip-sec-reqt-00.txt –Will be basis going forward –Design.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Gopal Dommety Mobile IP VPN Design Team Update.

Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.

DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

L3A: A Protocol for Layer Three Accounting Alwyn Goodloe, Matthew Jacobs, Gaurav Shah University of Pennsylvania Carl A. Gunter University of Illinois.

Windows IP Security Filters October 23, 2002 Joe Klemencic Fermilab Business Services.

DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Session Initiation Protocol (SIP) 王承宇張永霖.

NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.

S/MIME Certificates Cullen Jennings

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

The HIP-HOP proposal draft-matthews-p2psip-hip-hop-00 Philip Matthews

6LoWPAN (Introduction, Problem Statement & Goals) Nandakishore Kushalnagar Intel Corporation.

Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.

July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

1 © 1999, Cisco Systems, Inc. Course Number Presentation_ID Peer-to-Peer 3rd party call control Rohan Mahy—Cisco Systems

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

S/MIME and Certs Cullen Jennings

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

By: Versha Thakur Shravani Aishwarya Sai Kamal.  The Session Initiation Protocol (SIP) is a simple text-based protocol that is easy to understand. 

1 Virtual Router Redundancy Protocol (VRRP) San Francisco IETF VRRP Working Group March 2003 San Francisco IETF Mukesh Gupta / Nokia Chair.

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (

ROLL RPL Security IETF 77 status

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.

Emergency call assurance. Highest-level goals Protect PSAP resources –network resources –call takers Protect first-responder resources –unnecessary dispatch.

Public Safety Answering Point (PSAP) Callbacks draft-ietf-ecrit-psap-callback-02.txt H. Schulzrinne, H. Tschofenig, M. Patel.

Draft-ietf-aaa-diameter-mip-15.txt Tom Hiller et al Presented by Pete McCann.

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

VOMS Attribute Authorities Michael Helm ESnet/LBNL 23 Feb 2007.

SEC #11 WG4 Status & Release 1 Outlook Group Name: Source:,, Meeting Date: Agenda Item:

DICOM Security Andrei Leontiev, Dynamic Imaging Presentation prepared by: Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington.

HTTPbis BOF IETF 69, Chicago BOF Chairs: Mark Nottingham Alexey Melnikov Mailing List: Jabber:

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.

Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

Analysis of SIP security Ashwini Sanap ( ) Deepti Agashe ( )

Securing Access to Data Using IPsec Josh Jones Cosc352.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

03/22/10 draft-zhang-hip-privacy-protection- 00 Dacheng Zhang Miika Komu An Extension of HIP Base Exchange to Support Identity Privacy.

SDP Security Descriptions for Media Streams draft-ietf-mmusic-sdescriptions-02.txt November 14, 2003 Flemming Andreasen Mark Baugher.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

SIP Working Group IETF Chairs -- Rohan MAHY Dean WILLIS.

Cullen Jennings S/MIME Certificates Cullen Jennings

Network Security Mechanisms

Encryption and Network Security

STIR WG / IETF 94 Yokohama, Nov 2015 Jon

Global Standards Collaboration (GSC) 14

draft-ipdvb-sec-01.txt ULE Security Requirements

Presentation transcript:

1 Presentation_ID © 1998, Cisco Systems, Inc. SIP Security Status Michael Thomas

2 Presentation_ID © 1998, Cisco Systems, Inc. Current Status 2543bis leaves HTTP’isms, rest deprecated Many BOF’s, many different points of view Many common themes though One combination framework and requirements draft, and several drafts positing both point and generalized authentication schemes Many drafts are becoming more and more aware that there is the need for better security than an unauthenticated assertion isn’t adequate The workability of all of them rolling their own is nil Hercules should have it so easy

3 Presentation_ID © 1998, Cisco Systems, Inc. Proposal to Move Forward Separate out base level SIP “outside” attacks from “inside” attacks 2543bis provide a base mechanism for outside attacks: IPsec, TLS, return routability… Retain HTTP’isms for compatibility Allow 2543bis to advance without requirement for answers to harder-to-counter inside attacks Moratorium on inside attack crypto work Separate Standards Track draft for SIP security which addresses inside attacks and more Separate Informational Track Requirements draft

4 Presentation_ID © 1998, Cisco Systems, Inc. Proposed Work Create Requirements/Threats Draft Can reuse some of my draft as starting point Come to consensus on 2543bis base requirements Create a framework which can accommodate current popular authentication mechanisms X.509/PKI, Kerberos, Pre-shared, Radius/AAA… Focus on a simple initial authentication scheme Maybe pre-shared and/or NULL? Focus on two scenarios: UA-Proxy authentication (normal onramp challenge) Proxy-Proxy identity assertion (referrals/caller-id) Would be nice to align this with SRTP/SDP keying