The set up of the tls session between the ue and the

Info icon This preview shows pages 85–87. Sign up to view the full content.

View Full Document Right Arrow Icon
The set-up of the TLS session between the UE and the P-CSCF is based on the TLS profile specified in clause O.2.1. The sip-sec-agree negotiation according to RFC 3329 [21] is performed during the registration procedure to negotiate the choice of the security mechanism. Annex H of this specification describes the parameters of RFC 3329 [21] for the set-up of TLS sessions. The following describes how TLS session set-up is integrated with the initial registration procedure described in Annex N.1: Up to and including message SM6 received by the UE, the procedures for the cases with and without TLS are identical, except for the following: - In SM1 the UE includes sip-sec-agree negotiation headers according to RFC 3329 [21], which must include one header with value "tls" (cf. annex H), if TLS is to be used. - In SM 6 the P-CSCF includes sip-sec-agree negotiation headers, which must include one header with value "tls" and the highest q-value of all security mechanisms common to UE and P-CSCF (cf. annex H), if TLS is to be used. After receiving SM6, when TLS was selected by the P-CSCF the procedure continues as follows: - the UE performs a TLS handshake with the P-CSCF; the UE shall not re-use an existing TLS connection for initial registrations; - after successful establishment of a TLS connection, the UE sends SM7 over this TLS connection, including sip- sec-agree negotiation headers; - the P-CSCF then sends SM8, together with a TLS integrity protection indicator indicating the logical value "authentication pending". - the S-CSCF receives this message as SM9 and treats it according to Annex N. If the authentication of the UE is successful the S-CSCF shall associate the registration with the local state "tls-protected". - when the P-CSCF receives message SM11 (200 OK) it shall associate the UE's IP address and port of the TLS connection with the TLS Session ID, the IMPI and all the successfully registered IMPUs related to that IMPI. From this point on, the P-CSCF shall not accept any SIP signalling messages outside the TLS connection other 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 85 Release 12
Image of page 85

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
than REGISTER messages, messages relating to emergency services in accordance with TS 24.229 [8] and TS 23.167 [31], and error messages. - after the UE has received SM12 it shall not accept any SIP signalling messages outside the TLS connection other than responses to REGISTER messages, messages relating to emergency services in accordance with TS 24.229 [8] and TS 23.167 [31], and error messages. An S-CSCF shall accept a REGISTER message with a TLS integrity protection indicator indicating "authentication pending" only if it contains a verifiable Digest value computed over a valid challenge according to Annex N. NOTE: The S-CSCF may have a local security policy to treat messages other than initial REGISTER messages, messages relating to emergency services, and error messages, differently depending on whether the registration is associated with the state "tls-protected".
Image of page 86
Image of page 87
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern