X22 solution 1 1 use of sip digest credentials x221

Info icon This preview shows pages 128–130. Sign up to view the full content.

View Full Document Right Arrow Icon
X.2.2 Solution 1. 1: Use of SIP Digest credentials X.2.2.1 General In this solution 1.1 it is assumed that the user has a subscription with an individual IMPU. The WebRTC IMS Client (WIC) is provided with the user's SIP Digest credentials and uses SIP Digest to register with IMS. The eP-CSCF is assumed to relay the authentication information so that the message flows are unchanged. The use of SIP Digest in IMS is specified in Annex N of this document. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 128 Release 12
Image of page 128

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
NOTE: The use of SIP Digest breaks the security requirement mandating IMS AKA to connect to IMS when using a 3GPP access network. See Annex N of this document. It is recommended to maintain a clear separation between WICs and regular IMS UEs. A user accessing IMS from a WIC should be assigned a separate subscription in the HSS with a unique IMPI and SIP Digest password. In this way a compromised password will have an isolated impact and only affect the WIC. The entities that have access to the IMPI and SIP Digest password, and thus needs to be trusted by the operator, are the user, the browser, the WWSF, and the IMS core network. (The WWSF is included here since it has the ability to inject rogue JavaScript code into the WIC). SIP Digest should therefore only be used when the WWSF is controlled by the operator or a 3rd party trusted by the operator. X.2.2.2 Requirements No requirements have been identified. X.2.2.3 Procedures Figure X.2.3-1 shows the registration flow. In this figure SIP over secure WebSocket is used between the WIC and the eP-CSCF. Other protocols (e.g. HTTP RESTful or JSON over WebSocket) can also be used as long as it is able to relay the digest challenge, challenge-response, and auth-info values. The solution Solution 1.1 requires that the IMPU and SIP Digest password are made available to the JavaScript in the WIC. The IMPI can be omitted from the initial SIP Register request, and if that is the case the S-CSCF will try to determine its value from the registering IMPU. This requires that IMPUs are not shared between IMS users (see Annex N). NOTE 1: It is assumed that the credentials are entered by the user via the web GUI or retrieved from the WWSF over HTTPS. Note that the latter option requires that WWSF has authenticated the user previously. NOTE 2: Unless the SIP Digest password or the intermediate hash value H(A1) (see RFC 2617 [12]) is stored in the WIC, the password needs to be re-obtained each time a re-registration is performed. If the password is entered manually and if re-registrations occur often, this will result in a negative user experience. This can be avoided by storing the SIP Digest password or H(A1) in the WIC after the initial registration procedure. Ensuring the confidentiality of the SIP Digest password or H(A1) during storage is at the discretion of the implementation and is outside the scope of 3GPP.
Image of page 129
Image of page 130
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern