Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome."— Presentation transcript:

1 SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome "Tor Vergata", Italy 2 Dpt. of Information Engineering - University of Parma, Italy

2 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Overview Scope  roaming amongst (WLAN-based) access networks WLAN access networks are widely used current wireless internet providers (WISPs) use different authentication schemes lack of an integrated and open authentication framework Goal  open solution for secure authentication in wireless (also wired) access scenario based on a distributed AAA architecture and on SIP protocol enabling the use through standard 3G terminals  testbed implementation Characteristics  captive portal like solution (layer-two independent)  based on SIP registration procedure

3 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Outline SIP authentication overview  Digest authentication  AKA  Digest-AKA Uni-Fy architecture SIP-based authentication scheme Implementation Future work

4 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP Digest authentication It follows a challenge-based scheme based on a shared secret for authentication purposes (as on HTTP authentication) Any time that a proxy server or UA receives a request, it MAY challenge the initiator of the request to provide assurance of its identity

5 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP AKA

6 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP Digest-AKA

7 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Uni-Fy Proposed solution based on Uni-Fy distributed access control system Uni-Fy characteristics  Wireless LAN/HotSpot management system with distributed authentication access and policy control other capabilities  authentication and authorization functions implemented at application layer  access control is applied at IP layer by means of firewalling capability  overall scheme can be viewed as a captive portal implementation  used within the TWELVE research project (developed by the University of Trento)

8 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Uni-Fy architecture

9 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Uni-Fy architecture Access network  through which mobile users can attach the rest of the network (e.g. Internet), and, after being successfully authenticated, gain connectivity towards it Gateway  acts as access router for the access network  enforces the policy rules (as PEP) dynamically setup by the Gatekeeper Gatekeeper  together with the Gateway enforces authentication procedure before granting access to mobile users  it works at application level redirecting specific application sessions to a proper authentication server Authentication Provider  directly or indirectly trusted by the Gatekeeper; application sessions are redirected to it in order to force a proper authentication procedure  implementation strictly depend on the specific application supported for authentication purpose (HTTP, SIP, others)  optionally uses a backend authentication server (an AAA server such as a RADIUS or Diameter server) and an LDAP or DB repository

10 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP GW and GK architecture GW and GK can be co-located or implemented on different nodes

11 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP-based authentication scheme Proposal of a captive-portal-like mechanism based on  access control scheme based on the Uni-Fy architecture open and flexible  SIP authentication procedure same signaling platform used for multimedia real-time service and used by 3G mobile networks When a mobile user roams into a new visited network  it tries to authenticate with his own SIP server  such procedure is intercepted by the local GK administrated by the visited ISP  the authentication procedure between the mobile user and his SIP server goes on with some modifications

12 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP SIP extension For ISP-to-ISP authentication and correct authorization information retrieval an extension of the SIP authentication procedure is proposed Two new header fields defined  Proxy-To-Proxy-Authenticate (pp-authenticate) used to carry authentication request information sent by a generic intermediate proxy to authenticate a next-hop entity, in order to correctly trust information sent as response from such next hop entity inserted by the proxy within the second SIP request from the UAC to the next hop entity  Proxy-To-Proxy-Authorization (pp-authorization) used to carry authentication response information inserted in a SIP response message by the next hop entity in response to the pp-authenticate request

13 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Authentication scheme

14 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Implementation testbed Whole authentication and authorization scenario implemented in a testbed  based on the Uni-Fy access control mechanism GW and GK nodes have been realized based on the original Uni- Fy implementation (TWELVE project; http://netmob.unitn.it/twelve.html ) GK plugin for SIP has been developed in C++  based on the reSIProcate C++ SIP stack library (http://www.sipfoundry.org/reSIProcate) Proxy server (opportunely extended with proxy-to-proxy authentication) has been implemented in Java  based on the mjsip SIP stack library and reference implementation (http://www.mjsip.org)

15 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Future Work Improve the actual shared secret mechanism between Uni-Fy and the next hop entity Access to the 3G SIM card in order to base the authentication procedure in the credentials stored in the SIM card

16 WLAN/3G secure authentication based on SIP Università degli Studi di Parma Dipartimento di Ingegneria dell'Informazione WLAN/3G secure authentication based on SIP Thank you for your attention!! For further details, please contact: jfgutierrezc@gmail.com

Download ppt "SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
SIP, Presence and Instant Messaging

SIP, Presence and Instant Messaging
www.dynamicsoft.com IM 2000 -- May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Session-Independent Policies draft-ietf-sipping-session-indep-policy-01 Volker Hilt Gonzalo Camarillo

Session-Independent Policies draft-ietf-sipping-session-indep-policy-01 Volker Hilt Gonzalo Camarillo
SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.
Signalling Flows for the IP Multimedia Call Control in 3G Wireless Network Master’s Project By Sanjeev Kayath.

Signalling Flows for the IP Multimedia Call Control in 3G Wireless Network Master’s Project By Sanjeev Kayath.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Rev A8/8/021 ABC Networks

Rev A8/8/021 ABC Networks
TNC 2003 Wireless Campus project Coletta Elisa Marchioro -

TNC 2003 Wireless Campus project Coletta Elisa Marchioro -
SIP for Mobile Services Arjun Roychowdhury Hughes Software Systems.

SIP for Mobile Services Arjun Roychowdhury Hughes Software Systems.
An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.
History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,

History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Similar presentations

Ads by Google