Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving Security of Real-time Communications

Published byDominic Small Modified over 6 years ago

Similar presentations

Presentation on theme: "Improving Security of Real-time Communications"— Presentation transcript:

1 Improving Security of Real-time Communications
SIPNOC 2016 Herndon, Virginia Russ Housley

2 My Background Became active in the IRTF, and then IETF to work on security for and PKI IETF S/MIME WG Chair IETF Security Area Director – 4 years IETF Chair – 6 years IAB Chair – 2 years IETF STIR WG Chair

3 Introduction Two IETF activities that will improve the security of real-time communications: Secure Telephone Identity Revisited (STIR) Session initiation Protocol Best-practice Recommendations Against Network Danger (SIPBRANDY)

4 STIR Three parts to the STIR specification set: SIP Identity PASSporT
Certificate Profile

5 SIP Identity RFC 4474bis Carries signature on the source of the session Relies on PASSporT for signature definition

6 STIR PASSporT Uses the JOSE JWT format for signature
Three parts: BASE64URL(UTF8(JWS Protected Header)) BASE64URL(JWS Payload) BASE64URL(JWS Signature) Uses only ECDSA with P-256 and SHA-256 Design allows this to be used in other contexts too { "typ":"passport", "alg":"ES256", "x5u":" passport.cer" } { "iat":" ", "otn":" ", }

7 STIR Certificate Profile
Great deal of flexibility in the PKI Each Country Code need to set policies regarding trust anchors Certificate signed with either RSA or ECDSA with P-256 Subject public key is ECDSA with P-256

8 Display of Caller Identity
Not being done by the IETF Vital for consumer confidence

9 SIPBRANDY will deprecate SDES
Objective: two-party, SIP-signaled SRTP sessions with end-to-end security That means no sharing of SRTP keying material Personal Prediction: SIPBRANDY will deprecate SDES

10 SIPBRANDY Approach Leverage the caller authentication provided by STIR
SRTP already provides some confidentiality and integrity Move to end-to-end Move to compatible key establishment

11 SIPBRANDY Opinion Successful deployment will require compatibility with WebRTC Need to think about transition to multi-party, even if it is not initial goal

12 Schedule STIR Expect WG Last Call in next few weeks
Expect RFC before end of the year SIPBRANDY Not started yet WG to be chartered in next few weeks

13 Questions?

Download ppt "Improving Security of Real-time Communications"

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.
H ELSINKI U NIVERSITY OF T ECHNOLOGY AAA Architecture for hierarchical wireless Mobile IPv4 Tom Weckström Telecommunications Software and Multimedia Laboratory.

H ELSINKI U NIVERSITY OF T ECHNOLOGY AAA Architecture for hierarchical wireless Mobile IPv4 Tom Weckström Telecommunications Software and Multimedia Laboratory.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Secure Teleradiology Nick Collett Brookside Consulting

Secure Teleradiology Nick Collett Brookside Consulting
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
STIR Charter (discussion) STIR BoF Berlin, DE 7/30/2013.

STIR Charter (discussion) STIR BoF Berlin, DE 7/30/2013.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Cullen Jennings Certificate Directory for SIP.

Cullen Jennings Certificate Directory for SIP.
Email Security PGP IT352 | Network Security |Najwa AlGhamdi 1.

Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.

Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.
Email Security  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.
Mary Barnes (WG co-chair) Cullen Jennings (WG co-chair) DISPATCH WG IETF-86.

Mary Barnes (WG co-chair) Cullen Jennings (WG co-chair) DISPATCH WG IETF-86.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.

第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel: 62932135

Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:

Similar presentations

Ads by Google