Protection mechanisms ciphersuites with null

Info icon This preview shows pages 84–86. Sign up to view the full content.

View Full Document Right Arrow Icon
E, shall apply. - Protection mechanisms: - CipherSuites with NULL encryption may be used. If NULL encryption is implemented and used, TLS_RSA_WITH_NULL_SHA shall be supported. - The UE shall always include at least one CipherSuite that supports (non-NULL) encryption during the handshake phase. NOTE 0 : TLS 1.0, TLS 1.1, and TLS 1.2 already fulfill the preceding requirement as the mandatory cipher suite has non-NULL encryption and the client includes all supported cipher suites in the Client Hello message . - CipherSuite s with NULL integrity protection (or HASH) are not allowed. - Authentication of the P-CSCF - The P-CSCF shall be authenticated by the UE by presenting a valid server certificate. The P-CSCF certificate profile shall be based on TLS certificates as presented in clause O.5.1. - Authentication of the UE - The P-CSCF shall not request a certificate in a Server Hello Message from the UE. The HN shall authenticate the UE as specified in Annex N of this specification. - Verification of the TLS session endpoints - In order for the UE to be able to trust the TLS session endpoint, the P-CSCF certificate shall be used during the authentication procedure. - In order for the P-CSCF to be able to trust that the UE, which was authenticated according to Annex N, is the TLS session endpoint, the P-CSCF shall use the mechanism for associating the TLS Session ID with registration parameters IP address, port, IMPI, IMPU(s), specified in clause O.2.2, and shall have assurance that man-in-the-middle attacks can be mitigated, e.g. by following the rules in the NOTE in clause O.1.1. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 84 Release 12
Image of page 84

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
- TLS session parameters - The TLS Handshake Protocol negotiates a session, which is identified by a Session ID. - The lifetime of a Session ID is subject to local policies of the UE and the P-CSCF. A recommended lifetime is one hour (or at least more than the re-REGISTRATION time out). The procedure for TLS session re-negotiation in IMS is specified in clauses O.4.1 and O.4.2. - Ports - The P-CSCF shall be prepared to accept TLS session requests on port 5061 or on a port published by the operator. - Forwarding requests - The procedures for forwarding requests by the edge proxy in RFC 5626 [32] shall apply to the P-CSCF when managing TLS connections. NOTE 1: The use of RFC 5626 [32] in conjunction with TLS is needed so that terminating requests can re-use an existing TLS connection. O.2.2 TLS session set-up during registration The TLS session set-up procedure is necessary in order to decide what security services to apply and when the security services start. In the IMS, authentication of users is performed during registration. Subsequent signalling communications in this session will be integrity protected based on the TLS session that was established during the authentication process.
Image of page 85
Image of page 86
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern