Presentation is loading. Please wait.

Presentation is loading. Please wait.

TDR authentication requirements

Published byHope Hall Modified over 5 years ago

Similar presentations

Presentation on theme: "TDR authentication requirements"— Presentation transcript:

1 TDR authentication requirements
Dr. Ian Brown University College London

2 Key Requirements for full TDR service
Verify TDR authorisation at originating, terminating and intermediate network nodes Minimise impact of Denial of Service attacks

3 Three stage authorisation
Verify user’s TDR credentials Verify signalling is from authorised user Verify data flows are part of an authorised session

4 Credential verification mechanisms
GETS: PIN entered by user GSM/TIPHON: challenge-response registration protocol between user device, local and home networks. User enters PIN to device SIP: HTTPS with client authentication used to fetch token?

5 Verifying user credentials
Ideally done by local domain e.g. GSM, TIPHON retrieve user profile allows local transport priority – edge networks important, as most likely to suffer congestion Otherwise done remotely e.g. GETS, SIP proxy

6 Verifying signalling In trusted federation of domains, may rely on ingress policing But this has problems with transitive trust, DoS and complex network topologies which are difficult to map to international TDR agreements Possibility of independent verification better

7 Authorisation token IP client obtains token from server like tdr.ncs.gov Token included in SIP call setup message and can be verified by SIP nodes along whole path to IP endpoint Endpoint can interrupt lower priority sessions or take other TDR-specific action International Emergency Priority Parameter proposed for ISUP, B-ISUP and BICC CS‑2

8 Flow verification Session setup most important in Circuit Switched Networks But Packet Switched Networks need mechanism to differentiate specific packet flows

9 QoS mechanisms DiffServ, RSVP, MPLS all possibilities
All unpopular inter-domain with ISPs due to potential security problems between untrusted networks Hardest remaining problem for multi-domain networks!

10 Gateway support Gateways must translate TDR markings appropriately, and carry authorisation through if possible Cryptographic link between IP source and PSTN gateway allows PSTN priority even without IP-side support. But gateway should check authorisation on destination network first

11 VoIP scenarios ISP Internetwork
Single IP backbone network connecting SS7 switches Authorisation done in PSTN ISUP tunnelled in SIP Legacy Telco Networks SS7 IP (SIP or H.323) SS7 PSTN IP Domains Internetwork Home+access network authorise transport priority Proxy/gateway authorises session and PSTN priority ISP ...Rest of the Internet

Download ppt "TDR authentication requirements"

Similar presentations

www.dynamicsoft.com dynamicsoft Inc. Proprietary VON Developers Conference 1/19/00 C O N N E C T I N G T H E W O R L D W I T H A P P L I C A T I O N S.

dynamicsoft Inc. Proprietary VON Developers Conference 1/19/00 C O N N E C T I N G T H E W O R L D W I T H A P P L I C A T I O N S.
Voice over IP Fundamentals

Voice over IP Fundamentals
Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP)
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.

 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.
CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 15 Introduction to Networks and the Internet.

CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 15 Introduction to Networks and the Internet.
12 July 2015 Requirements for prioritized access to PSTN resources Henning Schulzrinne Columbia University superset of draft-schulzrinne-ieprep-resource-req-00.

12 July 2015 Requirements for prioritized access to PSTN resources Henning Schulzrinne Columbia University superset of draft-schulzrinne-ieprep-resource-req-00.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Internet, Part 2 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support 3) Mobility aspects (terminal vs. personal mobility) 4) Mobile.

Internet, Part 2 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support 3) Mobility aspects (terminal vs. personal mobility) 4) Mobile.
Internet, Part 2 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support 3) Mobility aspects (terminal vs. personal mobility) 4) Mobile.

Internet, Part 2 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support 3) Mobility aspects (terminal vs. personal mobility) 4) Mobile.
Service Oriented VoIP (SOVoIP): True Convergence of Data and Voice Networks Presented By Mohammed Jubaer Arif Supervisors Dr Shanika Karunasekera and Dr.

Service Oriented VoIP (SOVoIP): True Convergence of Data and Voice Networks Presented By Mohammed Jubaer Arif Supervisors Dr Shanika Karunasekera and Dr.
Objectives: Chapter 5: Network/Internet Layer  How Networks are connected Network/Internet Layer Routed Protocols Routing Protocols Autonomous Systems.

Objectives: Chapter 5: Network/Internet Layer  How Networks are connected Network/Internet Layer Routed Protocols Routing Protocols Autonomous Systems.
Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.

Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.
Hemant Sengar, George Mason University

Hemant Sengar, George Mason University
Future Emergency Telecommunication Scenarios over the Internet Dr. Ken Carlberg Emergency Telecommunications Workshop 26’th-27’th,

Future Emergency Telecommunication Scenarios over the Internet Dr. Ken Carlberg Emergency Telecommunications Workshop 26’th-27’th,
George Tsirtsis “BURP Requirements behind draft-ietf-dhc-aaa-ra-00.txt”

George Tsirtsis “BURP Requirements behind draft-ietf-dhc-aaa-ra-00.txt”
Module 10: How Middleboxes Impact Performance

Module 10: How Middleboxes Impact Performance

Similar presentations

Ads by Google