[VOIPSEC] An issue of trust?
Dustin D. Trammell
dtrammell at tippingpoint.com
Thu Jun 22 16:52:38 CDT 2006
On Tue, 2006-06-20 at 09:34 -0400, Geoff Devine wrote:
> I struggle with the terminology. The way I (mis?)use the term
> authentication, it can mean both:
>
> Logging In: IKE, Kerberos, SIP digest... I guess this is "session
> authentication"
>
> Per-packet trust mechanism: SHA1, MMH... I guess this is "packet
> authentication"
This would be packet integrity, not authentication (at least with
message digest functions like SHA1). Or are you speaking of something
other than verifying that the data has not changed in transit?
> >From context, it's not always obvious to me which one someone is talking
> about. Are there better terms to distinguish between these two very
> different chunks of security technology?
Yes, your basic three security management principles are referred to as
the AIC triad; Authentication, Integrity, and Confidentiality.
IKE, Kerberos, SIP digest generally fall within Authentication.
Per-packet trust mechanisms like message digests fall within Integrity.
Encryption of data flows such as SIP signaling or RTP media falls within
Confidentiality.
It's important to note that some functions, like cryptographically
signing a message, may provide both Authentication and Integrity
functions. In the case of an encrypt-then-sign function, it may provide
all three.
--
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com
More information about the Voipsec
mailing list