The p cscf then selects the spis for the inbound sas

Info icon This preview shows pages 38–39. Sign up to view the full content.

View Full Document Right Arrow Icon
The P-CSCF then selects the SPIs for the inbound SAs. The P-CSCF shall define the SPIs such that they are unique and different from any SPIs as received in the Security-setup-line from the UE. NOTE : 3: This rule is needed since the UE and the P-CSCF use the same key for inbound and outbound traffic. In order to determine the integrity and encryption algorithm the P-CSCF proceeds as follows: the P-CSCF has a list of integrity and encryption algorithms it supports, ordered by priority. The P-CSCF selects the first algorithm combination on its own list which is also supported by the UE. If the UE did not include any confidentiality algorithm in SM1 then the P-CSCF shall either select the NULL encryption algorithm or abort the procedure, according to its policy on confidentiality. NOTE : 4 : It should be noted that, if the P-CSCF policy requires confidentiality, then all UEs with no encryption support would be denied access to the IMS network. This would apply in particular to UEs, which support only a Release 5-version of this specification or only GIBA according to Annex T of this specification. The P-CSCF then establishes two new pairs of SAs in the local security association database. The Security-setup- line in SM6 contains the SPIs and the ports assigned by the P-CSCF. It also contains a list of identifiers for the integrity and encryption algorithms, which the P-CSCF supports. The only exception from this is the case that the P-CSCF is configured to never apply confidentiality. In this case, it shall not include encryption algorithms to the Security-setup- line in SM6. NOTE 5 : The P-CSCF may be configured to never apply confidentiality, e.g. because it trusts the encryption provided by the underlying access network. If the P-CSCF is configured to apply confidentiality whenever the UE supports it then the P-CSCF always includes the encryption algorithms in SM6, which it supports, even if the UE did not include encryption algorithms in SM1. This is to thwart bidding down attacks. SM6: 4xx Auth_Challenge(Security-setup = SPI_P, Port_P , P-CSCF integrity and encryption algorithms list) SPI_P is the symbolic name of the pair of SPI values (cf. clause 7.1) ( spi_pc, spi_ps ) that the P-CSCF selects. spi_pc is the SPI of the inbound SA at the P-CSCF’s protected client port, and spi_ps is the SPI of the inbound SA at the P-CSCF’s protected server port. The syntax of spi _pc and spi_ps is defined in Annex H. Port_P is the symbolic name of the port numbers ( port_pc , port_ps ) as defined in clause 7.1. The syntax of Port_P is defined in Annex H. Upon receipt of SM6, the UE determines the integrity and encryption algorithms as follows: the UE selects the first integrity and encryption algorithm combination on the list received from the P-CSCF in SM 6 which is also supported by the UE. If the P-CSCF did not include any confidentiality algorithm in SM6 then the UE shall select the NULL encryption algorithm.
Image of page 38

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 39
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern