Secure Signaling in Next Generation Networks with NSIS

Bless, Roland; Röhricht, Martin

doi:10.1109/icc.2009.5199441

Cited by 6 publications

(6 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The rather delicate NATFW NSLP operation which consists in opening pinholes on firewall and performs NAT binding, undermines the main purpose of these devices and carries a risk from authentication point of view to prevent unauthorized access. In order to manage critical resources (such as the opening of pinholes on firewall), GIST protocol does not have appropriate mechanisms to verify the identity of a given host (authentication), if authorized to use a particular service (authorization), and finally starting its credit once it actually uses this service (Accounting) [8], [9]. Security within NSIS is therefore limited to already existing channel security mechanisms like TLS or IPsec as provided by the NTLP layer.…”

Section: Nsis Framework and Natfw Nslp Protocolmentioning

confidence: 99%

Authentic NATFW NSLP Signaling in Next Generation Networks

Zerrouki¹,

Yahiaoui²,

Loudini³

2014

Procedia Computer Science

View full text Add to dashboard Cite

Today, the Session Initiation Protocol (SIP) is widely used as the primary signaling protocol for multimedia communications over the Internet. It is also considered as the basic protocol of IMS (IP Multimedia Subsystem) of Next Generation Network architectures. However, security devices such as firewalls and NATs (Network Address Translation) prevent their traversal for SIP protocol. This issue has prompted several research works that led to a multitude of solutions such as NATFW NSLP. Nevertheless, the approach adopted by the latter weakens the NATs and firewalls from security point of view. Therefore, to prevent unauthenticated users and unauthorized access, authentication and authorization mechanisms should be included in this protocol. In this work, we proposed the HMAC authentication mechanism that we have integrated in NATFW NSLP protocol, and with a test platform, we evaluated its performance metrics.

show abstract

Section: Nsis Framework and Natfw Nslp Protocolmentioning

confidence: 99%

Authentic NATFW NSLP Signaling in Next Generation Networks

Zerrouki¹,

Yahiaoui²,

Loudini³

2014

Procedia Computer Science

View full text Add to dashboard Cite

show abstract

“…While a large number of works within the communication field focus on extensions to protocol mechanisms assuring authentication and authorization features [11,12,13], the most noteworthy research works are those investigating access control and trust management issues, as outlined in the following.…”

Section: Related Workmentioning

confidence: 99%

“…is used to denote a parameter whose value is not specified and in ProviderA access rules, the symbol '∩' denotes the conjunction (logical AND) of constraints, as explained in [13]. Table 1 Alice represents the Distinguished Name (DN) of the principal specified in the first three credentials for the roles issued by ProviderD, ProviderC and ProviderB.…”

Section: Rtml Credentials and Access Rulesmentioning

confidence: 99%

Extending Resource Access in Multi-Provider Networks Using Trust Management

Colombo¹,

Martinelli²,

Mori³

et al. 2011

IJCNC

View full text Add to dashboard Cite

show abstract

“…The latter is required if authorization decisions depend on a user identity rather than on a node identity. Therefore, the NSIS framework provides an optional so-called Session Authorization Object [13] that provides a means to authenticate NSIS signaling messages on a per user or per session basis [14] at NSLP level. The object may carry authentication tokens and can be used for integrity protection of NSLP messages, too.…”

Section: B Authenticated Setup Of Virtual Linksmentioning

confidence: 99%

Authenticated Quality-of-Service Signaling for Virtual Networks

Bless¹,

Röhricht²,

Werle³

2012

JCM

View full text Add to dashboard Cite

Abstract-While virtual networks have been subjected to detailed analysis, prototypes are usually constructed and instantiated manually or by means of dedicated control protocols that mostly neglect security considerations. As the instantiation and maintenance of virtual networks requires virtual network operators to gain access to existing network resources, a proper sender authentication builds an important aspect for control protocols. In this work, we present a Virtual Link Setup Protocol (VLSP) that is designed as a modular extension to a standardized state-of-the-art signaling protocol suite. We use these signaling protocols to combine an authenticated and on-demand setup of virtual links with the establishment of Quality-of-Service guarantees in the underlying substrate. The solution presented in this paper is not limited to a specific set of virtualization techniques or tunneling mechanisms. We describe the design and implementation of VLSP and evaluate its signaling performance, as well as the overhead that is associated with the instantiation of the virtual links and the authenticity checks.

show abstract

Secure Signaling in Next Generation Networks with NSIS

Cited by 6 publications

References 18 publications

Authentic NATFW NSLP Signaling in Next Generation Networks

Authentic NATFW NSLP Signaling in Next Generation Networks

Extending Resource Access in Multi-Provider Networks Using Trust Management

Authenticated Quality-of-Service Signaling for Virtual Networks

Contact Info

Product

Resources

About