End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-03 draft-ono-sipping-end2middle-security-02 Kumiko Ono IETF60.

Slides:

Advertisements

Similar presentations

SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.

Advertisements

SIP Session-ID draft-kaplan-sip-session-id-02 Hadriel Kaplan.

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

1 RFC 3486 Compressing the Session Initiation Protocol (SIP) 曾朝弘電機系系統組碩士班一年級.

1 SIPREC Recording Metadata format (draft-ram-siprec-metadata-format- 01) IETF-80 SIPREC MEETING R Parthasarathi On behalf of the team Team: Paul Kyzivat,

SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.

Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.

DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.

RTSP Substream Control Extension (IETF #83) Peiyu YUE (Roy) Huawei Technologies.

Explicit Subscriptions for REFER draft-sparks-sipcore-refer-explicit-subscription-00 SIPCORE – IETF90 Robert Sparks.

0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

Strength of Cryptographic Systems Dr. C F Chong, Dr. K P Chow Department of Computer Science and Information Systems The University of Hong Kong.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

Diameter SIP application IETF 64 Vancouver, 6-11 November, 2005

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

SIEVE Mail Filtering WG IETF 69, Chicago WG Chairs: Cyrus Daboo, Alexey Melnikov Mailing List: Jabber:

Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.

1 Diameter SIP application draft-ietf-aaa-diameter-sip-app-03.txt 60 th IETF meeting August 3 rd, 2004 Status.

1 SIPREC draft-ietf-siprec-architecture-00 An Architecture for Media Recording using SIP IETF SIPREC INTERIM – Sept 28 th 2010 Andrew Hutton.

Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.

Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

Enhanced Digest (draft-undery-sip-auth-00.txt) Sanjoy Sen, Nortel Networks James Undery, Ubiquity Vesa Torvinen, Ericsson.

SIPPING - IETF 62 - Minneapolis (March 2005)1 Session Initiation Protocol (SIP) Session Mobility draft-shacham-sipping-session-mobility-00 Ron Shacham.

Interworking between SIP and QSIG for call transfer draft-rey-sipping-qsig2sip-transfer-00.txt Jean-Francois Rey Alcatel IETF59.

ROLL RPL Security IETF 77 status

Draft-ono-sipping-end2middle-security-00 1 End-to-middle Security in SIP Kumiko Ono NTT Corporation July 17, 2003.

Conference Control Manipulation Protocol (CCMP) draft-ietf-xcon-ccmp-03.txt Authors: Mary Barnes Chris Boulton.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

1/7 Clarification of Privacy Mechanism for SIP draft-munakata-sipping-privacy-clarified-00 Mayumi Munakata (NTT) Shida Schubert (NTT) IETF67 SIPPING 1.

IETF-Vienna IEPREP WG, July 2003 Ken Carlberg. Discussion Update –draft-ietf-ieprep-framework-05.txt –draft-ietf-ieprep-ets-general-03.txt –draft-ietf-ieprep-ets-telephony-05.txt.

E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:

1 © 2001, Cisco Systems, Inc. All rights reserved. VVT _05_2001_c1 Resource Priority Header draft-ietf-sip-resource-priority-05 James M Polk Henning.

1 SIPREC Recording Metadata format (draft-ram-siprec-metadata-format- 00) Jan 25-26th SIPREC INTERIM MEETING R Parthasarathi On behalf of the team Team:

Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,

Draft-ietf-sip-location-conveyance-09 IETF70 – Vancouver James Polk.

Location Conveyance in SIP draft-ietf-sip-location-conveyance-01 James M. Polk Brian Rosen 2 nd Aug 05.

REFER Are security mechanisms beyond those in bis-09 needed?

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.

SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.

Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.

End-to-middle Security in SIP

Authenticated Identity

Jonathan Rosenberg Volker Hilt Daryl Malas

Request History Capability – Requirements & Solution

ECRIT Interim: SIP Location Conveyance

Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.

Request History Capability – Requirements & Solution

Transcoding Framework

ROLL RPL Security IETF 77 status

Flemming Andreasen SIP Extensions for Caller Identity and Privacy Flemming Andreasen

Transcoding Framework

Event Notification in SIP SUBSCRIBE and NOTIFY and an example service

SIP Session Policies Volker Hilt

SAML/SIP Profiles and Call Initiation

An Architecture for Media Recording using the Session Initiation Protocol draft-ietf-siprec-architecture Andy Hutton

Presentation transcript:

End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-03 draft-ono-sipping-end2middle-security-02 Kumiko Ono IETF60

Requirements

Changes since 02 Use cases –Decreased the dependency on session policies discussion. Requirements –Closed an open issue whether the proxy server needs to notify the UAS after receiving a response. Because there is no such security policies that depends solely on a response. –Deleted text which belonged to a mechanism. –Changed the requirement for discovery mechanism from proxy-driven to UA-driven. Security Consideration –Added text which relates to DoS attack on proxy servers.

Open Issue: the scope Is discovery of “middle” overlapping with the scope of the session policy ? –Discussion on the ML –My proposal: Yes, they are overlapped in the discovery mechanism. I will add notes that refer to the session policy. However, e2m mechanism should have a way to notify proxy’s policy using an error message.

Next Steps for e2m-reqs. Something missing? Ready for WGLC?

Mechanism

Open Issues e2m-mechs. 1.How to discover security policies on “middle” 2.How to label a body for “middle” for inspection only :-)

How to label a body for “middle” Option 1: A SIP header and Content-ID MIME header –This is used in Referred-by mechanism. Option 2: A Content-Target MIME header –This is proposed in e2m I-D.

Experimental Data Environment –CPU Intel Celeron 2.2GHz –RAM 512MB –INVITE message: 568 bytes –Passing through a proxy server: 41.5 ms –Target data size to be encrypted/signed: 868 byte multipart/mime that contains sipfrag and SDP –Public key size (RSA): 1024bits –CEK size (3DES): 168bits S/MIME-secured message size (base64-encoded) –e2e encryption: 2358 bytes –e2e+e2m encryption: 2630bytes Performance at a proxy server –Passing through: 47.9ms –Checking the label and passing through: Opt1: Label in a new SIP header : +0.1ms Opt2: Label in a new MIME header: +1.0ms –Checking the label, decrypting and inspecting a body: Opt1: Label in a new SIP header : +8.8ms Opt2: Label in a new MIME header: +8.4ms

Next Steps for e2m-mechs. Is there sufficient interest in the SIPPING WG to continue this work?