The ip address check table cf subclause n211 shall be

Info icon This preview shows pages 78–80. Sign up to view the full content.

View Full Document Right Arrow Icon
The IP address check table (cf. subclause N.2.1.1) shall be used by the P-CSCF to identify the initiator of subsequent requests as follows: one of the public user identities associated with the packet IP address (and port if applicable) is selected and asserted to the S-CSCF according to the rules in TS 24.229 [8], subclause 5.2.6.3. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 78 Release 12
Image of page 78

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
In addition, subsequent requests (e.g. INVITE) may be authenticated with SIP Digest, as described in the following: NOTE 1: The assertion of IMPUs based on checks of IP address (and ports if applicable) provides a reasonable level of security only in environments where the risk from source IP address and port spoofing or from IP address re-assignment unnoticed by the SIP application is sufficiently low. If the environment does not fulfill this condition then it is recommended to use SIP Digest in conjunction with either TLS, as specified in Annex O of this specification, or with the SIP Digest proxy authentication mechanism as specified in this subclause. It is not part of this specification to determine which environments fulfill the conditions in this NOTE. This is left to specifications, possibly maintained by standardization bodies other than 3GPP, describing these environments. More details on the usage of the authentication mechanisms for non- registration messages are provided in Annex Q (informative). When the S-CSCF receives a SIP request with a method other than the REGISTER method from the UE, the S-CSCF may perform authentication on the SIP request according to the operator's policy and according to the following procedures. - If the request does not contain a Proxy-Authorization header or the Proxy-Authorization header does not contain a digest response the S-CSCF shall send a 407 (Proxy Authentication Required) response to challenge the UE. The 407 response shall contain digest challenge parameters in a Proxy-Authenticate header as defined by RFC 2617 [12]. The challenge parameters, with the exception of the nonce, shall be taken from the same SD- AV as used for the last successful registration or re-registration message of the UE. The nonce shall be generated freshly by the S-CSCF. Upon receiving the challenge the UE shall extract digest challenge parameters from the Proxy-Authenticate header field and calculate a digest response as indicated in RFC 2617[12]. The UE should store the received digest challenge. The UE then sends a new request to the network containing a Proxy-Authorization header in which the header fields are populated as described in RFC 2617 [12] using the calculated digest response. Upon receiving the new request which contains a digest response, the S-CSCF verifies the user’s identity by validating the digest response information (e.g. the nonce-count) contained in the Proxy-Authorization header field against the expected information based on the same SD-AV as used for generating the challenge; NOTE 1a: Authorization (used for registration messages, cf. sub-clause N.2.1.1) and Proxy-Authorization (used for
Image of page 79
Image of page 80
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern