Date post: | 06-Apr-2018 |
Category: |
Documents |
Upload: | hodashariati |
View: | 222 times |
Download: | 0 times |
of 21
8/3/2019 Sipping Ietf51 3gpp Security Final
1/21
SIPPING IETF51
3GPP Security and Authentication
Peter Howard
3GPP SA3 (Security) delegate
8/3/2019 Sipping Ietf51 3gpp Security Final
2/21
3GPP IP Multimedia Subsystem (Release 5)
Visited
Home
HSS
RAN
SGSN
GGSN
Cx interface based onDiameter
SIP proxies get authorisation andauthentication information
P-CSCFREGISTER/INVITE
I-CSCFREGIST
ER/INVITE
S-CSCF
REGISTER/INVITE
SIP proxy serversSIP-based interfaces
PS domain
UA
8/3/2019 Sipping Ietf51 3gpp Security Final
3/21
3GPP Release 5 Security
Packet Switched (PS) domain
access security features retained from 3GPP Release 99
specifications
IP Multimedia Subsystem (IMS) domain
new access security features to be specified
to protect the access link to the IMS domain
independent of underlying PS domain security features
network domain security features to protect signalling
links between network elements with the IMS domain
8/3/2019 Sipping Ietf51 3gpp Security Final
4/21
IP Multimedia Subsystem: Access Security
Visited
Home
HSS
RAN
SGSN
GGSN
P-CSCFREGISTER/INVITE
I-CSCFREGIST
ER/INVITE
S-CSCF
REGISTER/INVITE
4. Protection of SIP signalling
using agreed session key
2. Mutual authentication and session key agreement
3. Session key distribution
1. Distribution of
authentication information
UA
Draft 3GPP TS 33.203
8/3/2019 Sipping Ietf51 3gpp Security Final
5/21
IP Multimedia Subsystem: Network Domain Security
Visited
Home
HSS
RAN
SGSN
GGSN
P-CSCFREGISTER/INVITE
I-CSCFREGIST
ER/INVITE
S-CSCF
REGISTER/INVITE
Per-hop protection of
signalling using IPsec/IKE
UA
Draft 3GPP TS 33.210
8/3/2019 Sipping Ietf51 3gpp Security Final
6/21
Access Security:
Authentication Principles
3GPP authentication protocol (3GPP AKA)
based on secret key stored in UAs tamper-proof
subscriber identity module (SIM) and in the HSS Authentication check located in S-CSCF
Working assumption is to authenticate only at SIPregistrations with on-demand re-authentication
requiring re-registration Use SIP authentication rather than an outer layer
protocol such as TLS or IKE in order to minimiseroundtrips
8/3/2019 Sipping Ietf51 3gpp Security Final
7/21
Integration of Authentication Protocol into
DIAMETER and SIP
Distribution of authentication information to S-
CSCF using DIAMETER
distribution of authentication vectors for 3GPP AKA
Integration of authentication protocol into SIP
registration
3GPP AKA protocol between UA and S-CSCF
distribution of session key to P-CSCF
8/3/2019 Sipping Ietf51 3gpp Security Final
8/21
Possible Information Flow for Authentication and Session
Key Establishment (from draft 3GPP TS 33.203)
Cx-Put
Cx-Pull
Changed to 407 Proxy
Authentication
Required
8/3/2019 Sipping Ietf51 3gpp Security Final
9/21
Use of Extensible Authentication Protocol (EAP)
There is a desire to minimise impact on protocols
and equipment if 3GPP AKA is updated or if other
schemes are used a generic/extensible scheme to carry the authentication
messages is desirable
candidates include SASL, EAP, GSS_API
current working assumption is EAP which has much ofthe necessary machinery in place
8/3/2019 Sipping Ietf51 3gpp Security Final
10/21
EAP AKA in SIP
HTTP EAP
SIP
HTTP Authentication PGP
HTTP DigestHTTP Basic
EAP AKAEAP GSMEAP TLS EAP ...EAP Token Card
8/3/2019 Sipping Ietf51 3gpp Security Final
11/21
Concrete Authentication Example in SIP
1.p REGISTERsip: SIP/2.0
Authorization: eap base64_eap_identity_response
...
2.n SIP/2.0 407 Proxy Authentication Required
WWW-Authenticate: eap base64_eap_aka_challenge_request
3.p REGISTERsip: SIP/2.0
Authorization: eap base64_eap_aka_challenge_response
4.n SIP/2.0 200 OK
WWW-Authenticate: eap base64_eap_aka_success
...
8/3/2019 Sipping Ietf51 3gpp Security Final
12/21
EAP AKA in DIAMETER
EAP Extensions
DIAMETER base
EAP AKAEAP GSMEAP TLS EAP ...EAP Token Card
8/3/2019 Sipping Ietf51 3gpp Security Final
13/21
Access Security: Security Mode
Establishment between UA and P-CSCF
Determines when to start applying protection and
which algorithm to use
includes secure algorithm negotiation
Uses session key derived during authentication
Integration into SIP registration with no new
roundtrips
8/3/2019 Sipping Ietf51 3gpp Security Final
14/21
Access security: Protection of SIP signalling
between UA and P-CSCF
Integrity protection of SIP signalling between UA
and P-CSCF
Uses session key derived during authentication
Symmetric scheme because of efficiency concerns
Candidate mechanisms include modified CMS and
ESP
8/3/2019 Sipping Ietf51 3gpp Security Final
15/21
IP Multimedia Subsystem:
Access Security Documentation
TS 23.228
(SA2)
TS 24.228
(CN1)
TS 29.228
(CN4)
TS 29.229
(CN4)
3GPP IETF
SIPPING
WG
TS 33.203
(SA3)
TS 24.229
(CN1)AAA, PPPEXT, IPsec,
Other specs
(e.g. AKA)(SA3)
High level
architecture
Protocol detail
8/3/2019 Sipping Ietf51 3gpp Security Final
16/21
Summary of 3GPP dependencies on IETF
relating to security
3GPP AKA in EAP
draft-arkko-pppext-aka-00.txt
EAP and session key transport in SIP draft-torvinen-http-eap-00.txt (to appear)
EAP and session key transport in DIAMETER
SIP extensions to support security mode
establishment
8/3/2019 Sipping Ietf51 3gpp Security Final
17/21
References
Draft 3GPP TS 33.203, Access security for IP-basedservices (Release 5).
Draft 3GPP TS 33.210, Network domain security; IPnetwork layer security (Release 5).
J. Arkko and H. Haverinen, EAP AKA Authenticationdraft-arkko-pppext-aka-00.txt.
V. Torvinen, J. Arkko, A. Niemi, HTTP Authentication
with EAP, draft-torvinen-http-eap-00.txt (to appear). L. Blunk, J. Vollbrecht, PPP Extensible Authentication
Protocol (EAP), RFC 2284.
P. Calhoun et al. DIAMETER NASREQ Extensions,draft-ietf-aaa-diameter-nasreq-06.txt.
8/3/2019 Sipping Ietf51 3gpp Security Final
18/21
Questions?
Peter Howard
8/3/2019 Sipping Ietf51 3gpp Security Final
19/21
Authentication and Key Agreement Protocol
(3GPP AKA)ISIM/UA S-CSCF HSS
Authentication vector request
Authentication request
Authentication response
Authentication vector response
Three party protocol
Two-pass mutual authentication
protocol between UA and S-CSCF Each authentication vector is good
for one authentication
Authentication vectors can bedistributed in batches to minimise
signalling/load on HSS
Distribution of session
key to P-CSCFP-CSCF
8/3/2019 Sipping Ietf51 3gpp Security Final
20/21
Other IP Multimedia Subsystem Security Issues (1)
Hide callers public ID from called party
by encrypting remote party ID header at callers S-
CSCF and decrypting by same S-CSCF is there a requirement to hide callers IP addresses that
are dynamically assigned?
Network configuration hiding
mechanism being developed to hide host domain nameof CSCFs and number of CSCFs within one operators
network
8/3/2019 Sipping Ietf51 3gpp Security Final
21/21
Session transfer
guidance on security aspects based on GSM call
transfer feature authorisation and accounting of transferred leg needs toinvolve transferring party who has dropped out of session
should there be a limit to the number of transferred sessions?
should final destination be hidden from calling party?
Security aspects of other IP multimedia subsystemservices?
End-to-end security
Other IP Multimedia Subsystem Security Issues (2)