1 / 11

Requirements for IPsec Negotiation in the SIP Framework

Requirements for IPsec Negotiation in the SIP Framework. draft-saito-mmusic-ipsec-negotiation-req-00.txt. August 1, 2005 Makoto Saito (ma.saito@ntt.com) Shingo Fujimoto (shingo_fujimoto@jp.fujitsu.com). Motivation. To secure communication between SIP-enabled home appliances .

teegan-thornton
Download Presentation

Requirements for IPsec Negotiation in the SIP Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Requirements for IPsec Negotiation in the SIP Framework draft-saito-mmusic-ipsec-negotiation-req-00.txt August 1, 2005 Makoto Saito (ma.saito@ntt.com) Shingo Fujimoto (shingo_fujimoto@jp.fujitsu.com)

  2. Motivation • To secure communication between SIP-enabledhome appliances. • Applicable to Proprietary Media Protocols • One Generic Security Protocol • Proposal: IPsec!! • But, no standard key-exchange mechanism for IPsec within SIP/SDP. ... ... ... RTP HTTP FTP SNMP Application L2TP Proprietary-1 SRTP HTTPS IPsec Security

  3. Where and how can it be used? Use Cases • Assumptions • Trusted 3rd Party Model • ISPs’ SIP proxies assure identification of UAs • Mutual Trust between Domains (ISPs?) Proxy-1 (ISP1) Proxy-2 (ISP2) Trust Trust Trust UA-1@ISP1 UA-2@ISP2

  4. Use Case 1: Remote Device Control • Home Security Service Controlling Sensors, Cameras, etc. • Secure Access via the Internet Trust & Secure Channel Proxy (ISP) Trust & Secure Channel Security Devices, Home Appliances Control Device Sessions over IPsec

  5. Use Case 2: Visual Communication • P2P Communication between Users Proprietary protocols are often used. (Not always RTP) • Secure Access via the Internet Trust & Secure Channel Trust & Secure Channel Proxy (ISP) Sessions over IPsec

  6. Requirements for Security Protocol • Security • Reduction of Resources • Transaction Load • Implementation Cost • Connectivity • Protocol Interoperability, Scalability • Generic Use • Independent of Applications IPsec meets these requirements

  7. Possible Key-Exchange Solutions Calculation Load Conformance with SDP Implementation IKE (RFC2409) Full IKE needed No High KINK (work in progress) External Kerberos system needed No Low MIKEY with kmgmt High in SDP Yes Low *SDP must be secured. Security Descriptions Yes in SDP

  8. IPsec Negotiation in SIP UA-1 Proxy UA-2 INVITE INVITE Get Address & Port of UA-1 Get Address & Port of UA-2 200 OK IPsec SA for UA-1 is configured 200 OK ACK ACK IPsec SA for UA-2 is configured Media Session over IPsec

  9. Summary • Home appliances need security with their resources reduced. ----- IPsec is proposed. • Standard mechanism to configure IPsec based on SDP information is needed. • Concept of Security Descriptions may be a better solution.

  10. Discussions in MMUSIC ML • Why SIP to configure IPsec? • IP addresses of devices (necessary for IPsec configuration) are not static. They are determined during SDP negotiation. • Why not IKE for key-exchange? • It is still necessary to transmit the information from SDP to IKE. It’s efficient to exchange IPsec keys during SDP negotiation.

  11. Next Steps • Suggestions? • Discussions? • MMUSIC WG item?

More Related