Embed Size (px)
Citation preview
MWIF Confidential
MWIF-Arch Security Task Force
Task 5: Security for Signaling
July 11, 2001
Baba, Shinichi ([email protected])
Ready for MWIF Kansas City TC meeting
MWIF Confidential
Overview
Task 5: “Examine Signaling Security” for the All IP wireless network
• General idea of security for signaling• Consideration of security on SIP
– SIP is the tacit signaling protocol currently assumed in the MWIF NRA
MWIF Confidential
General discussion
• Signaling Security: to avoid the malicious attack through signaling (message)
• Basics: encryption and authentication– Ref: End-to-End and Overall security
(mwif2001.104)• Variety of layer for implementation:
– Network layer (e.g., IPSEC)– Transport layer (e.g., TSL/SSL)– Application layer (e.g., WWW-authentication)
MWIF Confidential
Legacy vs All IP
• In the legacy system, i.e., SS7– Dedicated link base– Poor user interface for signaling– Authentication of inter-service provider signaling
• In the IP based system, i.e., All IP– No separation between signaling channel and
bearer channel– Easy to send a spoofing signaling message and to
monitor the signaling message
MWIF Confidential
Node-to-node model
Signaling message exchange with security based on SA
Network-1
Network-2
BR
BR
BR : Border Router
SA : Security Association
MWIF Confidential
Network-to-network model
Signaling message exchange with security based on SA
Signaling message exchange without security
ProtectedNetwork-1
ProtectedNetwork-2
FW
SG : Security Gateway FW : Firewall
SG
SGFW
MWIF Confidential
Examination of models
Node-to-Node Network-to-Network
Pros
•Robust (No single point of failure)•Flexible (less architecture restriction)
•Small number of SA to manage•Easy to implement and operate
Cons
•Mean for the dynamic SA establishment, maybe PKI
•Single point of failure
MWIF Confidential
Security of SIP
• Basic investigation in draft “2543bis”– Confidentiality– Authentication– etc...
• Issues still being worked– Integrity of request and response
• Predictive nonce for digest
– Registration and SA– etc...
MWIF Confidential
Confidentiality in SIP
• End-to-end– Cannot encrypt whole message– Header evaluated and modified by the SIP
server (i.e., proxy, redirect and register)• Hop-by-hop
– Use transport or lower layer method
MWIF Confidential
Authentication in SIP
• Borrow from HTTP, “Basic” and “Digest”– Though, Basic is NOT recommended to use– WWW-Authenticate/Authorization for called user– Proxy-Authenticate/Proxy-Authorization for server– A kind of weakness to replay and MITM (man-in-
the-middle) attacks• Predictive nonce
– Hop-by-hop authentication may be supported by under layer mechanism.
MWIF Confidential
Privacy and so on
• Privacy of the called user– Called user information (location or
availability) may be carried to the caller.– Required careful network design
• Denial of Service– Spoofing ‘Via’ header– 6xx responses from a rogue proxy
MWIF Confidential
Summary
• General idea of Signaling Security– Difference: Legacy vs All IP– Node-to-node and Network-to-network
• Security for SIP– Confidentiality, Authentication, Privacy and DoS
protection– Network design is important, since SIP doesn’t
provide a whole security solution only by itself.• Modification protocol• hop-by-hop security
