X232 requirements no requirements have been

Info icon This preview shows pages 131–133. Sign up to view the full content.

View Full Document Right Arrow Icon
X.2.3.2 Requirements No requirements have been identified. X.2.3.3 Procedures Figure X.2.3.3-1 shows the registration flow: Figure X.2.3.3-1: WebRTC client authentication using IMS AKA - Web page download from WWSF From within a WebRTC-enabled browser, the user accesses a URI to the WWSF to initiate an HTTPS connection to the WWSF. The TLS connection provides one-way authentication of the server based on the server certificate. The browser downloads and initializes the WIC from the WWSF. - Establishment of secure Web socket connection between WIC and eP-CSCF 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 131 Release 12
Image of page 131

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
The WIC opens a WSS (secure Web Socket) connection to the eP-CSCF. The TLS connection provides one-way authentication of the server based on the server certificate. The eP-CSCF verifies in this step that the WIC establishing the signalling connection comes from a trusted domain. NOTE 1: The eP-CSCF can verify that the web-page establishing the signalling connection comes from a trusted domain by inspecting the value of Origin header. This header is inserted by the browser in the WebSocket handshake and in every HTTP request (requires the use of CORS, http://www.w3.org/TR/cors/). The protection mechanism works under the assumption that the browser is not under the attacker's control , which means that the contents of the Origin header can be trusted . - IMS AKA Procedure (from Step 1 to Step 8) The IMS AKA procedure is performed as specified in section 6.1 with the usage of HTT P Digest AKAv2 as defined in RFC 4169 [ xx 65 ] (instead of HTTP Digest AKA defined in RFC 3310 [17]) and without security association set-up. The WebRTC IMS Client forwards necessary IMS AKA information to the UICC application in charge of the IMS AKA authentication for WebRTC. The ME applies access control policy to the WIC before granting the access to the UICC application in charge of the IMS AKA authentication for WebRTC. This UICC application sends back the results of the AUTHENTICATE command executed to perform the IMS AKA authentication, as defined in section 8 of this document. After successful execution of the AUTHENTICATE command, the ME secur i e ly derives the HTTP Digest password as described in RFC 4169 [ xx 65 ] using algorithm name equal to AKAv2-SHA-256 as and associated pseudo-random function (PRF) as defined in RFC 4169 [65] the key derivation function (KDF) specified in Annex B of 3GPP TS 33.220 [yy] The algorithm value equals to SHA-256 in RFC 3310[17]. . The WebRTC IMS Client uses this HTTP Digest password to provide the authentication response in the SIP Register message. The WIC shall not have access to the keys CK and IK. The S-CSCF shall also derive the HTTP Digest password as described in RFC 4169 [65] using algorithm name equal to AKAv2-SHA-256 and associated use the KDF defined in Annex B of 3GPP TS 33.220 [yy] as pseudo- random function (PRF) when deriving the HTTP Digest password .
Image of page 132
Image of page 133
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern