Upload
erna
View
65
Download
8
Embed Size (px)
DESCRIPTION
Digest AKA Authentication . IETF53, SIP WG Minneapolis, 20.03.2002 Aki Niemi Vesa Torvinen Jari Arkko . Overview. All security needs infrastructure - PowerPoint PPT Presentation
Citation preview
Digest AKA Authentication<draft-niemi-sipping-digest-aka-00.txt>
IETF53, SIP WG
Minneapolis, 20.03.2002
Aki Niemi <[email protected]>
Vesa Torvinen <[email protected]>
Jari Arkko <[email protected]>
Overview
• All security needs infrastructure
Most of the setup cost is in equipment
Desire to reuse existing infrastructure
• 3GPP IMS Authentication
Uses Authentication and Key Agreement (AKA)
Shared secret on a smart card like device
• Previous proposal draft-torvinen-http-eap-01.txt
Feedback received after IETF52
Scope of the work was changed
AKA Overview
User Identity
RAND, AUTN
RES / AUTS
Client Server
Digest AKA Features
• Digest scheme is reused with AKA authentication
• AKA parameters are encapsulated into Digest
–Digest challenge contains the AKA challenge (RAND + AUTN)
–AKA RES is used as input in calculating the Digest credentials
–New auth-param is defined for SQN synchronization
=> AKA generates "one-time" passwords for Digest
Issues
• "Choke point" attack when reusing RES
Not possible, since RES should always be used only once
Confusion on the relationship between Digest AKA and Enhanced Digest
• Adopt draft-niemi-sipping-digest-aka-00...
Message integrity
Complementary to vanilla-Digest
• …or create "clear-text" HTTP AKA solution
Simpler (no MD5 calculations)
Make message integrity optional?
Basically a new auth-scheme
Future
• Work Item for SIP WG
RFC Category?
• draft-niemi-digest-aka-00.txt adopted as solution
Work out the issues
• This is needed for 3GPP Release 5
=> Time pressure