SIPPING IETF51 3GPP Security and Authentication - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

SIPPING IETF51 3GPP Security and Authentication

Description:

SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate peter.howard_at_vodafone.com 3GPP IP Multimedia Subsystem (Release 5) 3GPP ... – PowerPoint PPT presentation

Number of Views:171
Avg rating:3.0/5.0
Slides: 22
Provided by: PeterH233
Category:

less

Transcript and Presenter's Notes

Title: SIPPING IETF51 3GPP Security and Authentication


1
SIPPING IETF513GPP Security and Authentication
  • Peter Howard
  • 3GPP SA3 (Security) delegate
  • peter.howard_at_vodafone.com

2
3GPP IP Multimedia Subsystem (Release 5)
Cx interface based on Diameter SIP proxies get
authorisation and authentication information
HSS
REGISTER/INVITE
REGISTER/INVITE
P-CSCF
UA
REGISTER/INVITE
SIP proxy servers
SIP-based interfaces
PS domain
3
3GPP Release 5 Security
  • Packet Switched (PS) domain
  • access security features retained from 3GPP
    Release 99 specifications
  • IP Multimedia Subsystem (IMS) domain
  • new access security features to be specified
  • to protect the access link to the IMS domain
  • independent of underlying PS domain security
    features
  • network domain security features to protect
    signalling links between network elements with
    the IMS domain

4
IP Multimedia Subsystem Access Security
1. Distribution of authentication information
Draft 3GPP TS 33.203
4. Protection of SIP signalling using agreed
session key
HSS
REGISTER/INVITE
REGISTER/INVITE
P-CSCF
UA
REGISTER/INVITE
3. Session key distribution
2. Mutual authentication and session key agreement
5
IP Multimedia Subsystem Network Domain Security
Draft 3GPP TS 33.210
HSS
REGISTER/INVITE
REGISTER/INVITE
P-CSCF
UA
REGISTER/INVITE
Per-hop protection of signalling using IPsec/IKE
6
Access Security Authentication Principles
  • 3GPP authentication protocol (3GPP AKA)
  • based on secret key stored in UAs tamper-proof
    subscriber identity module (SIM) and in the HSS
  • Authentication check located in S-CSCF
  • Working assumption is to authenticate only at SIP
    registrations with on-demand re-authentication
    requiring re-registration
  • Use SIP authentication rather than an outer layer
    protocol such as TLS or IKE in order to minimise
    roundtrips

7
Integration of Authentication Protocol into
DIAMETER and SIP
  • Distribution of authentication information to
    S-CSCF using DIAMETER
  • distribution of authentication vectors for 3GPP
    AKA
  • Integration of authentication protocol into SIP
    registration
  • 3GPP AKA protocol between UA and S-CSCF
  • distribution of session key to P-CSCF

8
Possible Information Flow for Authentication and
Session Key Establishment (from draft 3GPP TS
33.203)
Changed to 407 Proxy Authentication Required
Cx-Put Cx-Pull
9
Use of Extensible Authentication Protocol (EAP)
  • There is a desire to minimise impact on protocols
    and equipment if 3GPP AKA is updated or if other
    schemes are used
  • a generic/extensible scheme to carry the
    authentication messages is desirable
  • candidates include SASL, EAP, GSS_API
  • current working assumption is EAP which has much
    of the necessary machinery in place

10
EAP AKA in SIP
SIP
HTTP Authentication
PGP
HTTP Basic
HTTP EAP
HTTP Digest
EAP AKA
EAP GSM
EAP TLS
EAP ...
EAP Token Card
11
Concrete Authentication Example in SIP
  • 1. ? REGISTER sip SIP/2.0
  • Authorization eap base64_eap_identity_respo
    nse
  • ...
  • 2. ? SIP/2.0 407 Proxy Authentication Required
  • WWW-Authenticate eap base64_eap_aka_challen
    ge_request
  • 3. ? REGISTER sip SIP/2.0
  • Authorization eap base64_eap_aka_challenge_
    response
  • 4. ? SIP/2.0 200 OK
  • WWW-Authenticate eap base64_eap_aka_success
  • ...

12
EAP AKA in DIAMETER
DIAMETER base
EAP Extensions
EAP AKA
EAP GSM
EAP TLS
EAP ...
EAP Token Card
13
Access Security Security Mode Establishment
between UA and P-CSCF
  • Determines when to start applying protection and
    which algorithm to use
  • includes secure algorithm negotiation
  • Uses session key derived during authentication
  • Integration into SIP registration with no new
    roundtrips

14
Access security Protection of SIP signalling
between UA and P-CSCF
  • Integrity protection of SIP signalling between UA
    and P-CSCF
  • Uses session key derived during authentication
  • Symmetric scheme because of efficiency concerns
  • Candidate mechanisms include modified CMS and ESP

15
IP Multimedia Subsystem Access Security
Documentation
3GPP
IETF
High level architecture
TS 23.228 (SA2)
SIPPING WG
TS 33.203 (SA3)
Other specs (e.g. AKA) (SA3)
TS 24.228 (CN1)
TS 29.228 (CN4)
TS 29.229 (CN4)
TS 24.229 (CN1)
AAA, PPPEXT, IPsec,
Protocol detail
16
Summary of 3GPP dependencies on IETF relating to
security
  • 3GPP AKA in EAP
  • draft-arkko-pppext-aka-00.txt
  • EAP and session key transport in SIP
  • draft-torvinen-http-eap-00.txt (to appear)
  • EAP and session key transport in DIAMETER
  • SIP extensions to support security mode
    establishment

17
References
  • Draft 3GPP TS 33.203, Access security for
    IP-based services (Release 5).
  • Draft 3GPP TS 33.210, Network domain security IP
    network layer security (Release 5).
  • J. Arkko and H. Haverinen, EAP AKA
    Authentication draft-arkko-pppext-aka-00.txt.
  • V. Torvinen, J. Arkko, A. Niemi, HTTP
    Authentication with EAP, draft-torvinen-http-eap-
    00.txt (to appear).
  • L. Blunk, J. Vollbrecht, PPP Extensible
    Authentication Protocol (EAP), RFC 2284.
  • P. Calhoun et al. DIAMETER NASREQ Extensions,
    draft-ietf-aaa-diameter-nasreq-06.txt.

18
Questions?
  • Peter Howard
  • peter.howard_at_vodafone.com

19
Authentication and Key Agreement Protocol (3GPP
AKA)
S-CSCF
ISIM/UA
HSS
Authentication vector request
Authentication vector response
  • Three party protocol
  • Two-pass mutual authentication protocol between
    UA and S-CSCF
  • Each authentication vector is good for one
    authentication
  • Authentication vectors can be distributed in
    batches to minimise signalling/load on HSS

Authentication request
Authentication response
Distribution of session key to P-CSCF
P-CSCF
20
Other IP Multimedia Subsystem Security Issues (1)
  • Hide callers public ID from called party
  • by encrypting remote party ID header at callers
    S-CSCF and decrypting by same S-CSCF
  • is there a requirement to hide callers IP
    addresses that are dynamically assigned?
  • Network configuration hiding
  • mechanism being developed to hide host domain
    name of CSCFs and number of CSCFs within one
    operators network

21
Other IP Multimedia Subsystem Security Issues (2)
  • Session transfer
  • guidance on security aspects based on GSM call
    transfer feature
  • authorisation and accounting of transferred leg
    needs to involve transferring party who has
    dropped out of session
  • should there be a limit to the number of
    transferred sessions?
  • should final destination be hidden from calling
    party?
  • Security aspects of other IP multimedia subsystem
    services?
  • End-to-end security
Write a Comment
User Comments (0)
About PowerShow.com