Note 3 it is recommended that the user does not enter

Info icon This preview shows pages 129–132. Sign up to view the full content.

View Full Document Right Arrow Icon
NOTE 3: It is recommended that the user does not enter his SIP Digest credentials into the WIC, except possibly once before the initial registration. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 129 Release 12
Image of page 129

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Figure X.2.2.3-1: WebRTC IMS Client authentication using SIP Digest The details of the signalling flows are as follows: 1) Web page download from WWSF From within a WebRTC-enabled browser, the user accesses a URI to the WWSF to initiate an HTTPS connection to the WWSF. The TLS connection provides one-way authentication of the server based on the server certificate. The browser downloads and initializes the WIC from the WWSF. 2) Establishment of secure Web socket connection between WIC and eP-CSCF The WIC opens a WSS (secure Web Socket) connection to the eP-CSCF. The TLS connection provides one-way authentication of the server based on the server certificate. The eP-CSCF verifies in this step that the WIC establishing the signalling connection comes from a trusted domain. NOTE 3: The eP-CSCF can verify that the web-page establishing the signalling connection comes from a trusted domain by inspecting the value of Origin header. This header is inserted by the browser in the WebSocket handshake and in every HTTP request (requires the use of CORS, http://www.w3.org/TR/cors/). The protection mechanism works under the assumption that the browser is not under the attacker's control , which means that the contents of the Origin header can be trusted . 3-10) SIP Digest message flow The SIP Digest messages exchanged between the WIC and eP-CSCF and between the eP-CSCF and the I/S- CSCF are as defined in Annex N of this document. X.2.3 Solution 1. 2: Use of IMS AKA X.2.3.1 General When the WIC has access to the USIM/ISIM in the UE, IMS AKA scheme is used for authenticating WebRTC IMS Client, as described figure X.2.3.3-1. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 130 Release 12
Image of page 130
The IMS AKA procedure is performed as specified in section 6.1 with the usage of HTTP Digest AKAv2 as defined in RFC 4169 [65] (instead of HTTP Digest AKA defined in RFC 3310 [17]) and without security association set-up. The protection of IMS signalling between the WIC and the eP-CSCF is provided by the secure WebSocket connection. The ME shall be able to apply access control policy to the WIC before granting the access to the UICC application in charge of the IMS AKA authentication for WebRTC. NOTE: Precision on how the ME could apply access control policy to restrict access to UICC is at the discretion of the ME implementation and is left out of scope of the present 3GPP release. It is optional to have in the UICC an ISIM application that would be dedicated to WebRTC usage in order to maintain a clear separation between WebRTC Client and regular IMS UEs. This ISIM application dedicated to WebRTC could have separate subscription in the HSS (with unique IMPI and key K). In this way an attack will have an isolated impact and only affect the WebRTC IMS Client.
Image of page 131

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 132
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern