The qop value shall be set to auth since sip digest

Info icon This preview shows pages 77–79. Sign up to view the full content.

View Full Document Right Arrow Icon
SIP Digest based authentication. The qop value shall be set to "auth" since SIP Digest, as used in IMS, can only provide authentication, not message integrity. CM2: Cx-AV-Req-Resp(IMPI, realm, algorithm, qop, H(A1) ) The S-CSCF generates a random nonce, stores H(A1) and the nonce against the IMPI, and then sends a SIP 401 Auth_Challenge i.e., an authentication challenge towards the UE including the nonce in SM4. It also includes the realm, qop and algorithm parameters. RFC 2617 [12] specifies how to populate the parameters of a 401 Auth_Challenge. SM4: 401 A uth_Challenge(IMPI, realm, nonce, qop, algorithm) The I-CSCF forwards the SIP 4xx Auth_Challenge message towards the P-CSCF as SM5. When the P-CSCF receives SM5 it shall forward the message to the UE. SM6: 4 01 Auth_Challenge(IMPI, realm, nonce, qop, algorithm) Upon receiving the challenge, SM6, the UE generates a cnonce. It then uses the cnonce as well as parameters provided in the SM6 such as nonce and qop to calculate an authentication response according to RFC 2617 [12]. This response and other parameters are put into the Authorization header and sent back towards the network in SM7. The inclusion of the IMPI and an Authorization header in SM7 are mandatory. SM7: REGISTER(IMPI, realm, nonce, response, cnonce, qop, nonce-count, algorithm, digest-uri) 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 77 Release 12
Image of page 77

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
NOTE 3: As specified in RFC 3261 [6], when the P-CSCF receives a SIP request from the UE, the P-CSCF checks the IP address in the "sent-by" parameter of the Via header field provided by the UE. If the "sent-by" parameter contains a domain name, or if it contains an IP address that differs from the packet source IP address, the P-CSCF adds a "received" parameter to that Via header field value. This parameter contains the source IP address from which the packet was received. The P-CSCF forwards the authentication response in SM8 to the I-CSCF, which queries the HSS to find the address of the S-CSCF. In SM9 the I-CSCF forwards the authentication response to the S-CSCF. Upon receiving SM9 containing the response, the S-CSCF calculates the expected response using the previously stored H(A1) and stored nonce together with other parameters contained in SM9 (e.g., cnonce, nonce-count, qop, as specified in RFC 2617 [12]) and uses this to check against the response sent by the UE. If the check is successful then the user has been authenticated and the IMPU is registered in the S-CSCF. If the IMPU was not currently registered, the S-CSCF shall send a Cx-Put to update the registration-flag to registered. If the IMPU was currently registered the registration- flag is not altered. NOTE 4: Depending on its local security policy, the S-CSCF may delete H(A1) immediately after checking the Digest response, but this may then lead to an increased exposure of H(A1) on the Cx-interface as H(A1) would then have to be fetched from the HSS more often.
Image of page 78
Image of page 79
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern