Confidentiality between cscfs and between cscfs and

Info icon This preview shows pages 24–26. Sign up to view the full content.

View Full Document Right Arrow Icon
Confidentiality between CSCFs, and between CSCFs and the HSS shall rely on mechanisms specified by Network Domain Security in TS 33.210 [5]. 5.1.4 Integrity protection Integrity protection shall be applied between the UE and the P-CSCF for protecting the SIP signalling, as specified in clause 6.3. The following mechanisms are provided. 1. The UE and the P-CSCF shall negotiate the integrity algorithm that shall be used for the session, as specified in clause 7. 2. The UE and the P-CSCF shall agree on security associations, which include the integrity keys that shall be used for the integrity protection. The mechanism is based on IMS AKA and specified in clause 6.1. 3. The UE and the P-CSCF shall both verify that the data received originates from a node, which has the agreed integrity key. This verification is also used to detect if the data has been tampered with. 4. Replay attacks and reflection attacks shall be mitigated. Integrity protection between CSCFs and between CSCFs and the HSS shall rely on mechanisms specified by Network Domain Security in TS 33.210 [5]. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 24 Release 12
Image of page 24

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
NOTE 1: TLS is mandatorily supported by SIP proxies according to RFC 3261 [6], and operators may use it to provide confidentiality and integrity inside their networks instead of or on top of IPsec, as the intra- domain Zb interface is optional, and TLS may also be used between IMS networks on top of IPsec. It should be pointed out, that the 3GPP specifications do not ensure backward compatibility between CSCFs that do not support TLS and those CSCFs and other networks that do support it.. These management and capability issues need then to be solved by manual configuration of the involved operators. If TLS is to be applied then the authentication framework in TS 33.310 [24] can be used. 5.2 Network topology hiding The operational details of an operator's network are sensitive business information that operators are reluctant to share with their competitors. While there may be situations (partnerships or other business relations) where the sharing of such information is appropriate, the possibility should exist for an operator to determine whether or not the internals of its network need to be hidden. It shall be possible to hide the network topology from other operators, which includes the hiding of the number of S-CSCFs, the capabilities of the S-CSCFs and the capability of the network. The I-CSCF/IBCF shall have the capability to encrypt the addresses of all the entities of the operator network in SIP Via, Record-Route, Route and Path headers and then decrypt the addresses when handling the response to a request. The P-CSCF may receive routing information that is encrypted but the P-CSCF will not have the key to decrypt this information.
Image of page 25
Image of page 26
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern