Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Presentation_ID © 1998, Cisco Systems, Inc. SIP Security Status Michael Thomas

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Presentation_ID © 1998, Cisco Systems, Inc. SIP Security Status Michael Thomas"— Presentation transcript:

1 1 Presentation_ID © 1998, Cisco Systems, Inc. SIP Security Status Michael Thomas mat@cisco.com

2 2 Presentation_ID © 1998, Cisco Systems, Inc. Current Status 2543bis leaves HTTP’isms, rest deprecated Many BOF’s, many different points of view Many common themes though One combination framework and requirements draft, and several drafts positing both point and generalized authentication schemes Many drafts are becoming more and more aware that there is the need for better security than an unauthenticated assertion isn’t adequate The workability of all of them rolling their own is nil Hercules should have it so easy

3 3 Presentation_ID © 1998, Cisco Systems, Inc. Proposal to Move Forward Separate out base level SIP “outside” attacks from “inside” attacks 2543bis provide a base mechanism for outside attacks: IPsec, TLS, return routability… Retain HTTP’isms for compatibility Allow 2543bis to advance without requirement for answers to harder-to-counter inside attacks Moratorium on inside attack crypto work Separate Standards Track draft for SIP security which addresses inside attacks and more Separate Informational Track Requirements draft

4 4 Presentation_ID © 1998, Cisco Systems, Inc. Proposed Work Create Requirements/Threats Draft Can reuse some of my draft as starting point Come to consensus on 2543bis base requirements Create a framework which can accommodate current popular authentication mechanisms X.509/PKI, Kerberos, Pre-shared, Radius/AAA… Focus on a simple initial authentication scheme Maybe pre-shared and/or NULL? Focus on two scenarios: UA-Proxy authentication (normal onramp challenge) Proxy-Proxy identity assertion (referrals/caller-id) Would be nice to align this with SRTP/SDP keying

Download ppt "1 Presentation_ID © 1998, Cisco Systems, Inc. SIP Security Status Michael Thomas"

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.

IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.
© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-kivinen-mobike-design-00.txt Tero Kivinen

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-kivinen-mobike-design-00.txt Tero Kivinen
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
November 9 1999IPsec Remote Access BOF Washington D.C. November 9 1999.

November IPsec Remote Access BOF Washington D.C. November
VoIP – Security Considerations An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.

VoIP – Security Considerations An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.
SIP Security Michael Thomas Status First Cut of Requirements Draft –draft-thomas-sip-sec-reqt-00.txt –Will be basis going forward –Design.

SIP Security Michael Thomas Status First Cut of Requirements Draft –draft-thomas-sip-sec-reqt-00.txt –Will be basis going forward –Design.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Gopal Dommety Mobile IP VPN Design Team Update.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Gopal Dommety Mobile IP VPN Design Team Update.
Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.

Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.
DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.

DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.
Comparative studies on authentication and key exchange methods for 802.11 wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
L3A: A Protocol for Layer Three Accounting Alwyn Goodloe, Matthew Jacobs, Gaurav Shah University of Pennsylvania Carl A. Gunter University of Illinois.

L3A: A Protocol for Layer Three Accounting Alwyn Goodloe, Matthew Jacobs, Gaurav Shah University of Pennsylvania Carl A. Gunter University of Illinois.
Windows IP Security Filters October 23, 2002 Joe Klemencic Fermilab Business Services.

Windows IP Security Filters October 23, 2002 Joe Klemencic Fermilab Business Services.
DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.

DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.

Similar presentations

Ads by Google