Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 2006 doc.: IEEE xx/xxxx January 2006

Similar presentations


Presentation on theme: "January 2006 doc.: IEEE xx/xxxx January 2006"— Presentation transcript:

1 January 2006 doc.: IEEE xx/xxxx January 2006 SIP based Fixed Mobile Convergence (FMC) – A Security Analysis framework Date: Authors: Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures < ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE Working Group. If you have questions, contact the IEEE Patent Committee Administrator at Colin Blanchard, BT Group Colin Blanchard, BT Group

2 January 2006 doc.: IEEE xx/xxxx January 2006 Abstract Security for UMA based Fixed Mobile Convergence (FMC) is specified in 3GPP TS "Generic Access to the A/Gb interface, but security for SIP based FMC still under consideration and will be driven by maximising reuse of existing mechanisms and the need for “seamless” handover. The mechanisms common to more than one standard and those that are unique to what needs to be protected, need to be analysed. Security for SIP based FMC needs to take such an analysis into account. It is proposed that IEEE u considers the need for such an analysis and which group would be best placed to complete it. Colin Blanchard, BT Group Colin Blanchard, BT Group

3 Current standardisation status
January 2006 Current standardisation status Security for UMA based FMC specified in 3GPP TS "Generic Access to the A/Gb interface; Stage 2 Security for SIP based FMC still under consideration Colin Blanchard, BT Group

4 SIP based FMC Security Likely to be driven by
January 2006 SIP based FMC Security Likely to be driven by Reuse of existing mechanisms defined by the standards development organisation responsible for the components (WLAN AP, IMS platform) that make up the design ( IEEE, IETF, 3GPP, TISPAN) The need for “seamless” handover You know that you have changed networks by explicit notification e.g. billing and NOT by a dropped session Colin Blanchard, BT Group

5 Required Security Features
January 2006 Required Security Features Authentication and Key agreement- Link Layer Authentication and Key agreement – Network layer User Identity/location Privacy- link Layer User Identity/location Privacy- Network Layer Traffic Integrity and confidentiality protection – Link layer (user plane, control plane) Traffic Integrity and confidentiality protection – Network Layer (user plane, control plane) Colin Blanchard, BT Group

6 Reuse of existing mechanisms
January 2006 Reuse of existing mechanisms Many mechanisms are common to more than one standard Others are unique to what needs to be protected and, for example, the position in a protocol stack Some may require modification for more general applicability A preliminary analysis is summarised in the following tables: Colin Blanchard, BT Group

7 1 Authentication and Key agreement mechanisms - Link Layer
January 2006 1 Authentication and Key agreement mechanisms - Link Layer UMA FMC 3GPP WLAN IMS TISPAN NAS SIP FMC 3GPP AKA Not required ? EAP-AKA EAP-SIM End user certificate Network certificate Colin Blanchard, BT Group

8 2 Authentication and Key agreement mechanisms – Network Layer
January 2006 2 Authentication and Key agreement mechanisms – Network Layer UMA 3GPP WLAN IMS TISPAN NAS SIP FMC 3GPP AKA Not required ? EAP-AKA EAP-SIM End user certificate Network certificate Colin Blanchard, BT Group

9 3 User Identity/location Privacy mechanisms - link Layer
January 2006 3 User Identity/location Privacy mechanisms - link Layer UMA 3GPP WLAN IMS TISPAN NAS SIP FMC Temp id X ? Encrypted Colin Blanchard, BT Group

10 4 User Identity/location Privacy mechanisms – Network layer
January 2006 4 User Identity/location Privacy mechanisms – Network layer UMA 3GPP WLAN IMS TISPAN NAS SIP FMC Temp id X ? Encrypted Colin Blanchard, BT Group

11 January 2006 5 Traffic Integrity and confidentiality protection mechanisms – Link layer UMA 3GPP WLAN IMS TISPAN NAS SIP FMC WEP Not required ? WPA WPA2 IPSec TLS * Don’t care - Treat as “black box” and just provide the key Colin Blanchard, BT Group

12 January 2006 6 Traffic Integrity and confidentiality protection mechanisms – Network Layer UMA 3GPP WLAN IMS TISPAN NAS SIP FMC WEP Not required ? WPA WPA2 IPSec TLS X FFS Colin Blanchard, BT Group

13 Modification for more general applicability
January 2006 Modification for more general applicability Control only or user plane protection Emphasis often on control plane Location of security termination points GANG, P-CSCF, PDG QoS Management within IPsec Tunnels Far end NAT transversal Colin Blanchard, BT Group

14 Summary and Proposal A complete analysis will be required
January 2006 Summary and Proposal A complete analysis will be required Security for SIP based FMC needs to take such an analysis into account It is proposed that IEEE u considers the need for such an analysis and which group would be best placed to complete it Colin Blanchard, BT Group


Download ppt "January 2006 doc.: IEEE xx/xxxx January 2006"

Similar presentations


Ads by Google