[VOIPSEC] IPSec and VoIP Security
Jon-Olov Vatn
vatn at kth.se
Tue Apr 25 01:48:03 CDT 2006
Hi,
IMS is not designed to use IPSec end-to-end as far as I understand,
but it would be interesting to see if those methods could be used
end-to-end too.
As an alternative I suggest that you have a look at Joachim Orrblad's
master thesis "Alternatives to MIKEY/SRTP to secure VoIP" where he
uses MIKEY to establish the IPSec-ESP security association, and
also implements experimental support for it in Minisip, see
http://www.minisip.org/publications.html
Still, one should note that Orrblad prefers "SRTP" over "IPSec-ESP"
to protect VoIP calls (see he conclusions).
You may also find some more measurements on call setup delays
for MIKEY with both SRTP and IPSec-ESP in Bilien et al
"Secure VoIP: call establishment and media protection" found
on the same page.
BW J-O
DePietro, John wrote:
>Hi Passito,
>
>I suggest you look at the SIP AKA model for IPSEC, based on HTTP AKA. This is utilized in IMS (3GPP IMS, 3GPP2 MMD). This may give you some idea to address your second issue "(key sharing, user permissions and etc)".
>
>-----Original Message-----
>From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]On
>Behalf Of Alexandre Passito
>Sent: Tuesday, April 04, 2006 4:50 PM
>To: Voipsec at voipsa.org
>Subject: [VOIPSEC] IPSec and VoIP Security
>
>
>Hi ALL,
>
>I'd like to start a discussion about using IPSec for end-to-end security in
>VoIP Systems. I have read some papers about the subject and it seens that
>IPSec is not completely suitable for this kind of task due to two reasons:
>damage to some QoS metrics and the problem with management (key sharing,
>user permissions and etc). I'd like to hear some ideas about it, future
>trends and if there are well deployed solutions being tested.
>
>Best regards,
>
>Passito
>
>--
>--
>Alexandre Passito - Estudante de Mestrado
>Universidade Federal do Amazonas (UFAM)
>Departamento de Ciência da Computação (DCC)
>--
>Alexandre Passito - M.Sc. Student
>Federal University of Amazonas (UFAM)
>Computer Science Department (DCC)
>--
>E-mail: passito at dcc.ufam.edu.br
>Web: www.dcc.ufam.edu.br/~passito
>Manaus - AM - Brasil
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>"This email message and any attachments are confidential information of Starent Networks, Corp. The information transmitted may not be used to create or change any contractual obligations of Starent Networks, Corp. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this e-mail and its attachments by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify the sender immediately -- by replying to this message or by sending an email to postmaster at starentnetworks.com -- and destroy all copies of this message and any attachments without reading or disclosing their contents. Thank you."
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
More information about the Voipsec
mailing list