ITU-T H 235 3-2005 H 323 security Hybrid security profile (Study Group 16)《H 323 安全框架 混合安全模式》.pdf

1、 International Telecommunication Union ITU-T H.235.3TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/2005) SERIES H: AUDIOVISUAL AND MULTIMEDIA SYSTEMSInfrastructure of audiovisual services Systems aspects H.323 security: Hybrid security profile ITU-T Recommendation H.235.3 ITU-T H-SERIES RECOMME

2、NDATIONS AUDIOVISUAL AND MULTIMEDIA SYSTEMS CHARACTERISTICS OF VISUAL TELEPHONE SYSTEMS H.100H.199 INFRASTRUCTURE OF AUDIOVISUAL SERVICES General H.200H.219 Transmission multiplexing and synchronization H.220H.229 Systems aspects H.230H.239 Communication procedures H.240H.259 Coding of moving video

3、H.260H.279 Related systems aspects H.280H.299 Systems and terminal equipment for audiovisual services H.300H.349 Directory services architecture for audiovisual and multimedia services H.350H.359 Quality of service architecture for audiovisual and multimedia services H.360H.369 Supplementary service

4、s for multimedia H.450H.499 MOBILITY AND COLLABORATION PROCEDURES Overview of Mobility and Collaboration, definitions, protocols and procedures H.500H.509 Mobility for H-Series multimedia systems and services H.510H.519 Mobile multimedia collaboration applications and services H.520H.529 Security fo

5、r mobile multimedia systems and services H.530H.539 Security for mobile multimedia collaboration applications and services H.540H.549 Mobility interworking procedures H.550H.559Mobile multimedia collaboration inter-working procedures H.560H.569 BROADBAND AND TRIPLE-PLAY MULTIMEDIA SERVICES Broadband

6、 multimedia services over VDSL H.610H.619 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. H.235.3 (09/2005) i ITU-T Recommendation H.235.3 H.323 security: Hybrid security profile Summary The purpose of this Recommendation is to describe an efficient and scalable, P

7、KI-based hybrid security profile for version 2 or higher of ITU-T Rec. H.235.0. The hybrid security profile contained herein takes advantage of the security profiles in ITU-T Recs H.235.1 and H.235.2 by deploying digital signatures from ITU-T Rec. H.235.2 and deploying the baseline security profile

8、from ITU-T Rec. H.235.1. In earlier versions of the H.235 sub-series, this profile was contained in Annex F/H.235. Appendices IV, V, VI to H.235.0 show the complete clause, figure, and table mapping between H.235 versions 3 and 4. Source ITU-T Recommendation H.235.3 was approved on 13 September 2005

9、 by ITU-T Study Group 16 (2005-2008) under the ITU-T Recommendation A.8 procedure. Keywords Authentication, certificate, digital signature, encryption, integrity, key management, multimedia security, security profile. ii ITU-T Rec. H.235.3 (09/2005) FOREWORD The International Telecommunication Union

10、 (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to sta

11、ndardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is

12、covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to i

13、ndicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achie

14、ved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL

15、PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether as

16、serted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementors are cautioned th

17、at this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. ITU 2006 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. H.235.3 (09/2005) iii CO

18、NTENTS Page 1 Scope 1 2 References. 1 2.1 Normative references 1 2.2 Informative references 2 3 Terms and definitions . 2 4 Symbols and abbreviations. 2 5 Conventions 3 6 Overview 4 6.1 H.323 requirements 6 6.2 Authentication and integrity. 7 7 Procedure IV. 7 8 Security association for concurrent c

19、alls 9 9 Key update 10 10 Usage of elliptic curve techniques 11 11 Illustration examples. 11 12 Multicast behaviour 14 13 List of secure signalling messages 14 13.1 H.225.0 RAS 14 13.2 H.225.0 call signalling (single administrative domain) 14 13.3 H.225.0 call signalling (multi-administrative domain

20、) 15 14 List of object identifiers 15 Appendix I H.235.3 enabled Gatekeeper Security Processor . 16 I.1 Discovery of a gatekeeper security processor 18 I.2 Gatekeeper security processor operation 19 I.3 Processor token. 20 I.4 GKSP illustration example. 23 I.5 List of object identifiers 28 ITU-T Rec

21、. H.235.3 (09/2005) 1 ITU-T Recommendation H.235.3 H.323 security: Hybrid security profile 1 Scope The purpose of this Recommendation is to describe an efficient and scalable, PKI-based hybrid security profile for version 2 and higher of ITU-T Rec. H.235.0. The hybrid security profile contained here

22、in takes advantage of the security profiles in ITU-T Recs H.235.1 and H.235.2 by deploying digital signatures from ITU-T Rec. H.235.2 and deploying the baseline security profile from ITU-T Rec. H.235.1. 2 References 2.1 Normative references The following ITU-T Recommendations and other references co

23、ntain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate

24、the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of

25、a Recommendation. ITU-T Recommendation H.225.0 (2003), Call signalling protocols and media stream packetization for packet-based multimedia communication systems. ITU-T Recommendation H.235, version 1 (1998), Security and encryption for H-series (H.323 and other H.245-based) multimedia terminals. IT

26、U-T Recommendation H.235, version 2 (2000), Security and encryption for H-series (H.323 and other H.245-Based) multimedia terminals. ITU-T Recommendation H.235.0 (2005), H.323 security: Framework for security in H-series (H.323 and other H.245-based) multimedia systems. ITU-T Recommendation H.235.1

27、(2005), H.323 security: Baseline security profile. ITU-T Recommendation H.235.2 (2005), H.323 security: Signature security profile. ITU-T Recommendation H.235.6 (2005), H.323 security: Voice encryption profile with native H.235/H.245 key management. ITU-T Recommendation H.245 (2005), Control protoco

28、l for multimedia communication. ITU-T Recommendation H.323 (2003), Packet-based multimedia communications systems. ITU-T Recommendation Q.931 (1998), ISDN user-network interface layer 3 specification for basic call control. ITU-T Recommendation X.509 (2005) | ISO/IEC 9594-8:2005, Information technol

29、ogy Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ISO 7498-2:1989, Information processing systems Open Systems Interconnection Basic Refere

30、nce Model Part 2: Security Architecture. 2 ITU-T Rec. H.235.3 (09/2005) ITU-T Recommendation X.803 (1994) | ISO/IEC 10745:1995, Information technology Open Systems Interconnection Upper layers security model. ITU-T Recommendation X.810 (1995) | ISO/IEC 10181-1:1996, Information technology Open Syste

31、ms Interconnection Security frameworks for open systems: Overview. ITU-T Recommendation X.811 (1995) | ISO/IEC 10181-2:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework. IETF RFC 3280 (2002), Internet X.509 Public Key Infrastruct

32、ure Certificate and Certificate Revocation List (CRL) Profile. 2.2 Informative references ISO|IEC 14888-3 ISO/IEC 14888-3:1998, Information technology Security techniques Digital signatures with appendix; Part 3: Certificate-based mechanisms. PKCS PKCS #1 v2.0: RSA Cryptography Standard; RSA Laborat

33、ories; October 1, 1998; http:/ PKCS PKCS #7: Cryptographic Message Syntax Standard, An RSA Laboratories Technical Note, version 1.5, Revised November 1, 1993; http:/ RFC1321 IETF RFC 1321 (1992), The MD5 Message-Digest Algorithm. 3 Terms and definitions For the purposes of this Recommendation, the d

34、efinitions given in clauses 3/H.323, 3/H.225.0 and 3/H.245 apply. Some of the terms used in this Recommendation are also as defined in ITU-T Recs X.800 | ISO 7498-2, X.803 | ISO/IEC 10745, X.810 | ISO/IEC 10181-1, X.811 | ISO/IEC 10181-2 and H.235.0. 4 Symbols and abbreviations This Recommendation u

35、ses the following abbreviations: ALG Application Level Gateway ASN.1 Abstract Syntax Notation One BRJ Bandwidth Reject BRQ Bandwidth Request CA Certification Authority CRL Certificate Revocation List DB Database DH Diffie-Hellman DN Distinguished Name EP Endpoint GCF Gatekeeper Confirm GK Gatekeeper

36、 GKID Gatekeeper Identifier GKSP Gatekeeper Security Processor ITU-T Rec. H.235.3 (09/2005) 3 GRJ Gatekeeper Reject GRQ Gatekeeper Request HMAC Hashed Message Authentication Code ICV Integrity Check Value ID Identifier IP Internet Protocol LDAP Lightweight Directory Access Protocol LRQ Location Requ

37、est MCU Multipoint Control Unit MD5 Message Digest 5 NAT Network Address Translation OID Object Identifier PDU Protocol Data Unit PKI Public Key Infrastructure RAS Registration, Admission and Status RCF Registration Confirm RRJ Registration Reject RRQ Registration Request RSA Rivest, Shamir and Adle

38、man encryption algorithm RTP Real-time Transport Protocol SHA Secure Hash Algorithm UDP User Datagram Protocol URQ Unregistration Request VoIP Voice-over-IP 5 Conventions In this Recommendation the following conventions are used: “shall“ indicates a mandatory requirement. “should“ indicates a sugges

39、ted but optional course of action. “may“ indicates an optional course of action rather than a recommendation that something take place. The hybrid security profile uses terms and definitions from ITU-T Recs H.235.1 and H.235.2. While the message integrity service always provides message authenticati

40、on, the reverse is not always true. For the authentication-only mode, the integrity assured only spans a certain subset of message fields. This applies to integrity services realized by asymmetric means (e.g., digital signatures). Thus, in practice, a combined authentication and integrity service us

41、es the same key material without introducing a security weakness. This security profile is applicable in environments with potentially many terminals, where static password/symmetric key assignment is not feasible, e.g., in large-scale or global-scale scenarios. 4 ITU-T Rec. H.235.3 (09/2005) Instea

42、d, this security profile assumes availability of a public-key infrastructure with assigned certificates and private/public-keys, directories, etc. In addition, this security profile deploys symmetric crypto techniques where applicable. This security profile introduces the terms “first“ message and “

43、last“ message sent. Security protection of the first message (and probably also for the last message) is different from security protection of the remaining other messages. The “first message“ sent is understood as a message that flows between two H.323 entities and establishes a security context. I

44、t makes symmetric key material available to both entities and, for example, marks the beginning of a call. For H.225.0 RAS, the first message is the RRQ and the related response message. For H.225.0 call signalling using fast start, the first message is SETUP and CONNECT. The “last message“ terminat

45、es the established security context. The established key material shall be destroyed. For H.225.0 RAS, the last message is the URQ and related response message, while for H.225.0 call signalling the last message is RELEASE-COMPLETE. 6 Overview This Recommendation describes an efficient and scalable,

46、 PKI-based hybrid security profile deploying digital signatures from H.235.2 and deploying the baseline security profile from H.235.1. This Recommendation is suggested as an option. H.323 security entities (terminals, gatekeepers, gateways, MCUs, etc.) may implement this hybrid security profile for

47、improved security or whenever required. The notion of “hybrid“ in this text shall mean that security procedures from the signature profile in ITU-T Rec. H.235.2 are actually applied in a lightweight sense and the digital signatures still conform to the RSA procedures. However, digital signatures are

48、 deployed only where absolutely necessary while highly efficient symmetric security techniques from the baseline security profile in ITU-T Rec. H.235.1 are used otherwise. The hybrid security profile is applicable for scaleable “global“ IP telephony. This security profile overcomes the limitations o

49、f the simple, baseline security profile of H.235.1 when strictly applying it. Furthermore, this security profile overcomes certain drawbacks of H.235.2, such as the need for higher bandwidth and increased performance needs for processing, when strictly applying it. For example, the hybrid security profile does not depend on the (static) administration of mutual shared secrets of the hops in different domains.