7 provides security between sip capable nodes located

Info icon This preview shows pages 102–103. Sign up to view the full content.

View Full Document Right Arrow Icon
If the SIP AS resides in the Home Network, then the security association 3 applies. 7. Provides security between SIP-capable nodes located in different networks. It differs from security association 4 in that the SIP-capable node here is the SIP Application Server. Using SIP, this type of application server may communicate with network entities to offer service control and content, access functionality provided in the operator’s network, and manage bearers. This security association is covered in clause S.5 of this specification. It is only applicable when the SIP AS resides in an external IP network. If the SIP AS resides in the Home Network, then security association 5 applies. Not all security mechanisms in this specification provide all of the above. There may exist other interfaces and reference points in IMS, which have not been addressed above. Those interfaces and reference points reside within the IMS, either within the same security domain or between different security domains. Clause S.5 of this specification is intended to address security issues for all such interfaces. The present document assumes that the IP-CAN supports secure communications via standard IETF protocols RFC 4301 [53]. The confidentiality and integrity protection for SIP-signaling is provided in a hop-by-hop fashion. The first hop i.e. between the UE and the P-CSCF is specified in clause S.3. The other hops, inter-domain and intra-domain are specified in clause S.5 of this specification. S.3 Application of clauses 5 through 9 The user’s subscription is authenticated by the S-CSCF (home service provider). The security association between the UE and the first access point into the operator’s network (P-CSCF) is negotiated based on the protocol defined in RFC 3329 [21]. The options that may be negotiated using RFC 3329 [21], which are defined in 3GPP specifications, are: tls and ipsec-3gpp. If the negotiated protocol is ipsec-3gpp and no NAT device is present between the UE and the P-CSCF then clauses 5 through 9 of the main body of the present document shall apply. If the negotiated mechanism is “ipsec- 3gpp” and a NAT device is present between the UE and the P-CSCF, then Annex M of this specification shall apply. If the negotiated mechanism is tls then Annex O of this specification shall apply. NOTE1: RFC 3329 [21] also allows to negotiate the mechanisms digest, ipsec-ike, and ipsec-man for use between UE and P-CSCF. They are defined in SIP RFC 3261 [6]. NOTE2: RFC 3329 only defines the security mechanisms between the SIP client and the next-hop SIP entity, i.e. the P-CSCF. In particular, if SIP Digest is negotiated by means of RFC 3329 then Digest has to be run between UE and P-CSCF, with the P-CSCF acting as the server. So, RFC 3329 cannot be used to negotiate SIP Digest authentication in IMS, which occurs between UE and S-CSCF. When using security mechanisms or protocols specified in the present document (including ipsec-3gpp), the following exceptions shall apply: - The clause 8 on ISIM is replaced with the clause S.4 on 3GPP2 AKA Credentials.
Image of page 102

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 103
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern