Presentation is loading. Please wait.

Presentation is loading. Please wait.

End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-03 draft-ono-sipping-end2middle-security-02 Kumiko Ono IETF60.

Published byChloe Pope Modified over 9 years ago

Similar presentations

Presentation on theme: "End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-03 draft-ono-sipping-end2middle-security-02 Kumiko Ono IETF60."— Presentation transcript:

1 End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-03 draft-ono-sipping-end2middle-security-02 Kumiko Ono ono.kumiko@lab.ntt.co.jp IETF60

2 Requirements

3 Changes since 02 Use cases –Decreased the dependency on session policies discussion. Requirements –Closed an open issue whether the proxy server needs to notify the UAS after receiving a response. Because there is no such security policies that depends solely on a response. –Deleted text which belonged to a mechanism. –Changed the requirement for discovery mechanism from proxy-driven to UA-driven. Security Consideration –Added text which relates to DoS attack on proxy servers.

4 Open Issue: the scope Is discovery of “middle” overlapping with the scope of the session policy ? –Discussion on the ML –My proposal: Yes, they are overlapped in the discovery mechanism. I will add notes that refer to the session policy. However, e2m mechanism should have a way to notify proxy’s policy using an error message.

5 Next Steps for e2m-reqs. Something missing? Ready for WGLC?

6 Mechanism

7 Open Issues e2m-mechs. 1.How to discover security policies on “middle” 2.How to label a body for “middle” for inspection only :-)

8 How to label a body for “middle” Option 1: A SIP header and Content-ID MIME header –This is used in Referred-by mechanism. Option 2: A Content-Target MIME header –This is proposed in e2m I-D.

9 Experimental Data Environment –CPU Intel Celeron 2.2GHz –RAM 512MB –INVITE message: 568 bytes –Passing through a proxy server: 41.5 ms –Target data size to be encrypted/signed: 868 byte multipart/mime that contains sipfrag and SDP –Public key size (RSA): 1024bits –CEK size (3DES): 168bits S/MIME-secured message size (base64-encoded) –e2e encryption: 2358 bytes –e2e+e2m encryption: 2630bytes Performance at a proxy server –Passing through: 47.9ms –Checking the label and passing through: Opt1: Label in a new SIP header : +0.1ms Opt2: Label in a new MIME header: +1.0ms –Checking the label, decrypting and inspecting a body: Opt1: Label in a new SIP header : +8.8ms Opt2: Label in a new MIME header: +8.4ms

10 Next Steps for e2m-mechs. Is there sufficient interest in the SIPPING WG to continue this work?

Download ppt "End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-03 draft-ono-sipping-end2middle-security-02 Kumiko Ono IETF60."

Similar presentations

SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.

SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.
SIP Session-ID draft-kaplan-sip-session-id-02 Hadriel Kaplan.

SIP Session-ID draft-kaplan-sip-session-id-02 Hadriel Kaplan.
1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
www.dynamicsoft.com U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP 2000-05-10-00 SIP Security Jonathan Rosenberg Chief Scientist.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.

Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)
1 RFC 3486 Compressing the Session Initiation Protocol (SIP) 曾朝弘 電機系 系統組 碩士班一年級.

1 RFC 3486 Compressing the Session Initiation Protocol (SIP) 曾朝弘 電機系 系統組 碩士班一年級.
1 SIPREC Recording Metadata format (draft-ram-siprec-metadata-format- 01) IETF-80 SIPREC MEETING R Parthasarathi On behalf of the team Team: Paul Kyzivat,

1 SIPREC Recording Metadata format (draft-ram-siprec-metadata-format- 01) IETF-80 SIPREC MEETING R Parthasarathi On behalf of the team Team: Paul Kyzivat,
SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.

SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.
Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.

Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.
DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.

DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.
RTSP Substream Control Extension (IETF #83) Peiyu YUE (Roy) Huawei Technologies.

RTSP Substream Control Extension (IETF #83) Peiyu YUE (Roy) Huawei Technologies.
Explicit Subscriptions for REFER draft-sparks-sipcore-refer-explicit-subscription-00 SIPCORE – IETF90 Robert Sparks.

Explicit Subscriptions for REFER draft-sparks-sipcore-refer-explicit-subscription-00 SIPCORE – IETF90 Robert Sparks.
0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.

0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Strength of Cryptographic Systems Dr. C F Chong, Dr. K P Chow Department of Computer Science and Information Systems The University of Hong Kong.

Strength of Cryptographic Systems Dr. C F Chong, Dr. K P Chow Department of Computer Science and Information Systems The University of Hong Kong.

Similar presentations

Ads by Google