View
220
Download
0
Tags:
Embed Size (px)
Citation preview
SIPPING IETF513GPP Security and Authentication
Peter Howard 3GPP SA3 (Security) delegate
3GPP IP Multimedia Subsystem (Release 5)
Visited
HomeHSS
RANSGSNGGSN
Cx interface based on Diameter
SIP proxies get authorisation and authentication information
P-CSCFREGISTER/INVITE
I-CSCFREGISTER/INVITE
S-CSCF
REGISTER/INVITE
SIP proxy serversSIP-based interfaces
PS domain
UA
3GPP Release 5 Security
• Packet Switched (PS) domain – access security features retained from 3GPP Release 99
specifications
• IP Multimedia Subsystem (IMS) domain– new access security features to be specified
• to protect the access link to the IMS domain
• independent of underlying PS domain security features
– network domain security features to protect signalling links between network elements with the IMS domain
IP Multimedia Subsystem: Access Security
Visited
HomeHSS
RANSGSNGGSN
P-CSCFREGISTER/INVITE
I-CSCFREGISTER/INVITE
S-CSCF
REGISTER/INVITE
4. Protection of SIP signalling using agreed session key
2. Mutual authentication and session key agreement
3. Session key distribution
1. Distribution of authentication information
UA
Draft 3GPP TS 33.203
IP Multimedia Subsystem: Network Domain Security
Visited
HomeHSS
RANSGSNGGSN
P-CSCFREGISTER/INVITE
I-CSCFREGISTER/INVITE
S-CSCF
REGISTER/INVITE
Per-hop protection of signalling using IPsec/IKE
UA
Draft 3GPP TS 33.210
Access Security: Authentication Principles
• 3GPP authentication protocol (3GPP AKA)– based on secret key stored in UA’s tamper-proof
subscriber identity module (SIM) and in the HSS
• Authentication check located in S-CSCF• Working assumption is to authenticate only at SIP
registrations with on-demand re-authentication requiring re-registration
• Use SIP authentication rather than an outer layer protocol such as TLS or IKE in order to minimise roundtrips
Integration of Authentication Protocol into DIAMETER and SIP
• Distribution of authentication information to S-CSCF using DIAMETER– distribution of authentication vectors for 3GPP AKA
• Integration of authentication protocol into SIP registration– 3GPP AKA protocol between UA and S-CSCF
– distribution of session key to P-CSCF
Possible Information Flow for Authentication and Session Key Establishment (from draft 3GPP TS 33.203)
Cx-Put
Cx-Pull
Changed to 407 Proxy Authentication
Required
Use of Extensible Authentication Protocol (EAP)
• There is a desire to minimise impact on protocols and equipment if 3GPP AKA is updated or if other schemes are used– a generic/extensible scheme to carry the authentication
messages is desirable
– candidates include SASL, EAP, GSS_API
– current working assumption is EAP which has much of the necessary machinery in place
EAP AKA in SIP
HTTP EAP
SIP
HTTP Authentication PGP
HTTP DigestHTTP Basic
EAP AKAEAP GSMEAP TLS EAP ...EAP Token Card
Concrete Authentication Example in SIP
1. REGISTER sip:… SIP/2.0
Authorization: eap base64_eap_identity_response
...
2. SIP/2.0 407 Proxy Authentication Required
WWW-Authenticate: eap base64_eap_aka_challenge_request
…
3. REGISTER sip:… SIP/2.0
Authorization: eap base64_eap_aka_challenge_response
…
4. SIP/2.0 200 OK
WWW-Authenticate: eap base64_eap_aka_success
...
Access Security: Security Mode Establishment between UA and P-CSCF
• Determines when to start applying protection and which algorithm to use– includes secure algorithm negotiation
• Uses session key derived during authentication • Integration into SIP registration with no new
roundtrips
Access security: Protection of SIP signalling between UA and P-CSCF
• Integrity protection of SIP signalling between UA and P-CSCF
• Uses session key derived during authentication • Symmetric scheme because of efficiency concerns • Candidate mechanisms include modified CMS and
ESP
IP Multimedia Subsystem: Access Security Documentation
TS 23.228(SA2)
TS 24.228(CN1)
TS 29.228(CN4)
TS 29.229(CN4)
3GPP IETF
SIPPINGWG
TS 33.203(SA3)
TS 24.229(CN1)
AAA, PPPEXT, IPsec, …
Other specs (e.g. AKA)
(SA3)
High level architecture
Protocol detail
Summary of 3GPP dependencies on IETF relating to security
• 3GPP AKA in EAP– draft-arkko-pppext-aka-00.txt
• EAP and session key transport in SIP– draft-torvinen-http-eap-00.txt (to appear)
• EAP and session key transport in DIAMETER• SIP extensions to support security mode
establishment
References
• Draft 3GPP TS 33.203, Access security for IP-based services (Release 5).
• Draft 3GPP TS 33.210, Network domain security; IP network layer security (Release 5).
• J. Arkko and H. Haverinen, “EAP AKA Authentication” draft-arkko-pppext-aka-00.txt.
• V. Torvinen, J. Arkko, A. Niemi, “HTTP Authentication with EAP”, draft-torvinen-http-eap-00.txt (to appear).
• L. Blunk, J. Vollbrecht, “PPP Extensible Authentication Protocol (EAP)”, RFC 2284.
• P. Calhoun et al. “DIAMETER NASREQ Extensions”, draft-ietf-aaa-diameter-nasreq-06.txt.
Authentication and Key Agreement Protocol (3GPP AKA)
ISIM/UA S-CSCF HSS
Authentication vector request
Authentication request
Authentication response
Authentication vector response
• Three party protocol• Two-pass mutual authentication
protocol between UA and S-CSCF• Each authentication vector is good
for one authentication• Authentication vectors can be
distributed in batches to minimise signalling/load on HSS
Distribution of session key to P-CSCF
P-CSCF
Other IP Multimedia Subsystem Security Issues (1)
• Hide caller’s public ID from called party– by encrypting remote party ID header at caller’s S-
CSCF and decrypting by same S-CSCF
– is there a requirement to hide caller’s IP addresses that are dynamically assigned?
• Network configuration hiding– mechanism being developed to hide host domain name
of CSCFs and number of CSCFs within one operator’s network
• Session transfer– guidance on security aspects based on GSM call
transfer feature• authorisation and accounting of transferred leg needs to
involve transferring party who has dropped out of session• should there be a limit to the number of transferred sessions?• should final destination be hidden from calling party?
• Security aspects of other IP multimedia subsystem services?
• End-to-end security
Other IP Multimedia Subsystem Security Issues (2)