requirements for ipsec negotiation in the sip framework
play

Requirements for IPsec Negotiation in the SIP Framework - PDF document

Dec 19, 2022 •23 likes •83 views

Requirements for IPsec Negotiation in the SIP Framework draft-saito-mmusic-ipsec-negotiation-req-00.txt August 1, 2005 Makoto Saito (ma.saito@ntt.com) Shingo Fujimoto (shingo_fujimoto@jp.fujitsu.com) 1 Motivation To secure communication

  1. Requirements for IPsec Negotiation in the SIP Framework draft-saito-mmusic-ipsec-negotiation-req-00.txt August 1, 2005 Makoto Saito (ma.saito@ntt.com) Shingo Fujimoto (shingo_fujimoto@jp.fujitsu.com) 1 Motivation • To secure communication between SIP- enabled home appliances . – Applicable to Proprietary Media Protocols – One Generic Security Protocol • Proposal: IPsec!! – But, no standard key-exchange mechanism for IPsec within SIP/SDP. RTP HTTP FTP SNMP ... ... ... Application L2TP Proprietary-1 SRTP HTTPS Security IPsec 2 1

  2. Where and how can it be used? • Assumptions Use Cases – Trusted 3rd Party Model • ISPs ’ SIP proxies assure identification of UAs – Mutual Trust between Domains (ISPs?) Proxy-1 Proxy-2 (ISP1) (ISP2) Trust Trust Trust UA-1@ISP1 UA-2@ISP2 3 Use Case 1: Remote Device Control • Home Security Service Controlling Sensors, Cameras, etc. • Secure Access via the Internet Trust & Proxy Secure Channel (ISP) Trust & Secure Channel Security Devices, Control Device Home Appliances Sessions over IPsec 4 2

  3. Use Case 2: Visual Communication • P2P Communication between Users Proprietary protocols are often used. (Not always RTP) • Secure Access via the Internet Trust & Trust & Proxy Secure Channel Secure Channel (ISP) Sessions over IPsec 5 Requirements for Security Protocol • Security • Reduction of Resources – Transaction Load – Implementation Cost • Connectivity – Protocol Interoperability, Scalability • Generic Use – Independent of Applications IPsec meets these requirements 6 3

  4. Possible Key-Exchange Solutions Conformance Calculation Implementation Load with SDP IKE Full IKE No High needed (RFC2409) KINK External Kerberos No Low system needed (work in progress) MIKEY in SDP High Yes with kmgmt Low Security Yes in SDP *SDP must be Descriptions secured. 7 IPsec Negotiation in SIP UA-1 Proxy UA-2 INVITE INVITE Get Address & Get Address & Port of UA-1 Port of UA-2 200 OK 200 OK IPsec SA for UA-1 is configured ACK ACK IPsec SA for UA-2 is configured Media Session over IPsec 8 4

  5. Summary • Home appliances need security with their resources reduced. ----- IPsec is proposed. • Standard mechanism to configure IPsec based on SDP information is needed. • Concept of Security Descriptions may be a better solution. 9 Discussions in MMUSIC ML • Why SIP to configure IPsec? – IP addresses of devices (necessary for IPsec configuration) are not static. They are determined during SDP negotiation. • Why not IKE for key-exchange? – It is still necessary to transmit the information from SDP to IKE. It ’ s efficient to exchange IPsec keys during SDP negotiation. 10 5

  6. Next Steps • Suggestions? • Discussions? • MMUSIC WG item? 11 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC can be used with VPNs Identify areas where extensions to IPSEC could be useful Bryan Gleeson, Page-1 VPN Reference Model CE CE PE

352 views • 9 slides
FAR Subcontractor Flowdown Requirements Negotiation Strategies for Primes and Subs Negotiation

FAR Subcontractor Flowdown Requirements Negotiation Strategies for Primes and Subs Negotiation

presents presents FAR Subcontractor Flowdown Requirements Negotiation Strategies for Primes and Subs Negotiation Strategies for Primes and Subs Involved in Government Contracts A Live 90-Minute Teleconference/Webinar with Interactive Q&A

726 views • 69 slides
IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE

IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE

IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE PE CPE/CLE Host PE CPE to CPE IPSEC can be used for : PE to PE PE to CPE Bryan Gleeson, Page-1 CPE to CPE IPSEC tunnels

680 views • 8 slides
Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt draft-jml-ipsec-ikev2-security-context-00.txt Presented by: Joy Latten Document authors: Serge Hallyn, Trent Jaeger, Joy Latten, and George Wilson Problem Description Mandatory

295 views • 6 slides
Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab

Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab

Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab Version 2.5.47 basiert auf dem USAGI Projekt. Hierbei handelt es sich um eine alternative Implementierung des IPsec Stacks zum FreeS/WAN Projekt.

610 views • 8 slides
THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec

THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec

THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec based VPN solution Make encryption the default mode of communication Certifjcations (FIPS, Common Criteria, USGv6, etc.)

917 views • 25 slides
Welcome to the Course on Negotiation Skills Course Objectives By the end of this course, you

Welcome to the Course on Negotiation Skills Course Objectives By the end of this course, you

Welcome to the Course on Negotiation Skills Course Objectives By the end of this course, you will be able to: Understand the basics of negotiation Describe the negotiation process Use appropriate strategies for win-win outcomes

810 views • 51 slides
Lecture 8: Decision Tables . Documents resolving later negotiation objections or regress

Lecture 8: Decision Tables . Documents resolving later negotiation objections or regress

Topic Area Requirements Engineering: Content Risks Implied by Bad Requirements Speci cations VL 6 Introduction preparation of tests , Requirements Specification without a description of allowed outcomes, tests are design and

287 views • 9 slides
CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec @CHIPSEC Wha What is is Pl Platform rm Se Secu curi rity? ty? Hardware Implementation and Configuration Available Security Features

695 views • 20 slides
The Southern Bayfront Negotiation Framework Ctrl. Waterfront Advisory Group| May 1, 2017

The Southern Bayfront Negotiation Framework Ctrl. Waterfront Advisory Group| May 1, 2017

The Southern Bayfront Negotiation Framework Ctrl. Waterfront Advisory Group| May 1, 2017 Southern Bayfront Strategy 1 Sa San n Fra ranc ncisco isco Wat aterfr front ont Pacific Ocean Northeas theast t Embar mbarcade dero Water

404 views • 17 slides
Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality

818 views • 37 slides
Presentation and Negotiation Presentation and Negotiation Filesize: 5.76 MB Reviews Reviews

Presentation and Negotiation Presentation and Negotiation Filesize: 5.76 MB Reviews Reviews

WLKHMWK17WKS \\ Doc / Presentation and Negotiation Presentation and Negotiation Presentation and Negotiation Filesize: 5.76 MB Reviews Reviews The publication is simple in read easier to comprehend. It really is rally interesting throgh

483 views • 3 slides
Negotiation Jos e M Vidal Department of Computer Science and Engineering University of South

Negotiation Jos e M Vidal Department of Computer Science and Engineering University of South

Negotiation Negotiation Jos e M Vidal Department of Computer Science and Engineering University of South Carolina. March 3, 2010 Abstract We describe automated negotiation as it applies to multiagent systems. Chapter 6. Negotiation

1.46k views • 114 slides
Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and Linux Contents Introduction Highly Scalable Linux Network Stack Netfilter Hooks Packet selection based on IP Tables The Connection Tracking

444 views • 9 slides
Presentation and Negotiation Presentation and Negotiation Filesize: 8.62 MB Reviews Reviews

Presentation and Negotiation Presentation and Negotiation Filesize: 8.62 MB Reviews Reviews

CGPVH9REZXIG // PDF \\ Presentation and Negotiation Presentation and Negotiation Presentation and Negotiation Filesize: 8.62 MB Reviews Reviews These types of book is the greatest ebook readily available. I was able to comprehended every

506 views • 4 slides
OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by Paul Wouters, RHEL Security THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec based VPN solution

736 views • 32 slides
Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

450 views • 25 slides
MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation ,

MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation ,

MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation , Cisco Press B. Davie and Y. Rekhter, MPLS Technology and Applications , Morgan Kaufmann MPLS VPN Agenda Introduction to VPNs Where do Layer

854 views • 61 slides
acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

IPQ806x Hardware acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration model Features Designed for Home Gateways (CPE) Flow detection based All -or- nothing offload Acceleration

248 views • 8 slides
Simple, Secure and Flexible VPN solution for home and business me Romain Bourgue IT

Simple, Secure and Flexible VPN solution for home and business me Romain Bourgue IT

Simple, Secure and Flexible VPN solution for home and business me Romain Bourgue IT Security and open source fan Works for the french Civil Service since 2003 romain.bourgue@gmail.com Summary VPN solutions : multiple choices

576 views • 38 slides
Vehicle Communication Experiment Environment With MANET And NEMO Manabu Tsukada Thierry Ernst

Vehicle Communication Experiment Environment With MANET And NEMO Manabu Tsukada Thierry Ernst

Vehicle Communication Experiment Environment With MANET And NEMO Manabu Tsukada Thierry Ernst 2007/01/15 Introduction Vehicle communication Intelligent Transportation System (ITS) Solution for traffic control Car position

421 views • 14 slides
Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be

Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be

Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be Francois.Fredricx@alcatel.be MUSE Winter School Network architecture Definitions (2): Nodes RGW BRAS Terminals Ethernet aggregation network

297 views • 16 slides
IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why? What is IPv6? Successor of currently used IP Version 4 Specified 1995 in RFC 2460 Why? Address space in IPv4 too small Routing tables too large

476 views • 19 slides
FortiOS Provider The FortiOS provider is used to interact with the resources supported by FortiOS.

FortiOS Provider The FortiOS provider is used to interact with the resources supported by FortiOS.

FortiOS Provider The FortiOS provider is used to interact with the resources supported by FortiOS. We need to congure the provider with with the proper credentials before it can be used. Example Usage provider "fortios" { hostname

938 views • 51 slides

More recommend