Presentation is loading. Please wait.

Presentation is loading. Please wait.

REFER Are security mechanisms beyond those in bis-09 needed?

Published byGodwin O’Connor’ Modified over 9 years ago

Similar presentations

Presentation on theme: "REFER Are security mechanisms beyond those in bis-09 needed?"— Presentation transcript:

1 REFER Are security mechanisms beyond those in bis-09 needed?

2 Problem REFER sip:B Refer-To: sip:C Referred-By: ACB Can C trust the Referred-By header? Should the header influence logic at C? INVITE sip:C Referred-By:

3 Problem INVITE sip:C Referred-By: CB Referred-By <sip:unclaimed-prizes@lottery.state.tx.us Referred-By Can C trust the Referred-By header? Should the header influence logic at C? INVITE sip:C?Replaces=1234%40C%3Bto-tag=1234%3Bfrom-tag=3994%3B

4 Choices for Path Forward Remove Referred-By from REFER Specify transfer specific mechanism in the transfer draft Specify REFER specific mechanism in the REFER draft Solve general problem of passing authorization tokens through intermediaries.

5 Possible Mechanisms Use Referred-By generic-params Use Authorization header Use S/MIME body parts Have C directly contact A

6 Use generic-params Add a signature/hash over the information to protect to the Referred-By header This was the original PGP-based proposal

7 Use Authorization header Refer-To: sip:C?Authorization=DIGEST&realm=… How does A provide meaningful credentials? –Needs a challenge from C –Challenge can be carried from B to A using NOTIFY –How does challenge get from C to B?

8 Use Authorization header ACB REFER 202 INVITE 4?? Authenticate Referror Refer-Authenticate: DIGEST (…) NOTIFY 4?? Authenticate Referror Refer-Authenticate: DIGEST (…) ACK 200 REFER Refer-To: sip:c?Authorization=DIGEST(…) INVITE Authorization: DIGEST(…)

9 Use S/MIME Body Parts Provide a S/MIME protected sipfrag containing Referred-By –In Refer-To URL as a ?body= component –In Body Part REFER recipients add that part to the body of the triggered request (probably making it multipart). Likely to be more efficient that challenge/response since both A and B’s identity can be proven to C in the initial message to C

10 Using S/MIME Body Parts ACB REFER (A-signed part containing Refer-To, Referred-By) 202 INVITE (B-signed part protecting entire INVITE (A-signed part containing Refer-To, Referred-By)) 200 OK NOTIFY 200 OK ACK 200

11 Contact A directly Have C send a request to A asking “Did you ask B to do this” –Use URI from Referred-By as RURI –C can authenticate A using bis-09 mechanisms A B C REFER INVITE VERIFY

12 Taking Advantage of the Attended Transfer Triangle A B C 1: Invite/Hold2: Invite/Hold/Refer 3: Invite

13 Proposal Add an S/MIME-based mechanism for carrying proof of identity and content of the Refer* headers from A to C Add security discussion of some use cases (particularly the screening form of attended transfer)

Download ppt "REFER Are security mechanisms beyond those in bis-09 needed?"

Similar presentations

Message Sessions Draft-campbell-simple-im-sessions-01 Ben Campbell

Message Sessions Draft-campbell-simple-im-sessions-01 Ben Campbell
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Service Bus Service Bus Access Control.

Service Bus Service Bus Access Control.
IETF Trade Working Group January 2000 XML Messaging Overview January 2000.

IETF Trade Working Group January 2000 XML Messaging Overview January 2000.
W3C Workshop on Web Services Mark Nottingham

W3C Workshop on Web Services Mark Nottingham
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.

Authentication in SIP Jon Peterson NeuStar, Inc Internet2 Member Meeting Los Angeles, CA - Nov 2002.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)
Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.

Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.
4 August 2005draft-burger-simple-imdn-011 Instant Message Delivery Notification (IMDN) for Presence and Instant Messaging (CPIM) Messages draft-burger-simple-imdn-01.

4 August 2005draft-burger-simple-imdn-011 Instant Message Delivery Notification (IMDN) for Presence and Instant Messaging (CPIM) Messages draft-burger-simple-imdn-01.
Proposed Fix to HERFP* (Heterogeneous Error Response Forking Problem) Rohan Mahy * for INVITE transactions.

Proposed Fix to HERFP* (Heterogeneous Error Response Forking Problem) Rohan Mahy * for INVITE transactions.
Rohan Mahy draft-ietf-sip-join and Semantics of REFER.

Rohan Mahy draft-ietf-sip-join and Semantics of REFER.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
1 SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008 Return Routability Check draft-kuthan-sip-derive-00 Jiri

1 SIP WG meeting 73rd IETF - Minneapolis, MN, USA November, 2008 Return Routability Check draft-kuthan-sip-derive-00 Jiri
SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.

SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13, 2014 1.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.

DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.

Similar presentations

Ads by Google