Title: Securing the Next Steps In Signalling (NSIS) protocol suite

Authors: Hannes Tschofenig, Xiaoming Fu

Addresses: Siemens AG, Corporate Technology, Otto-Hahn-Ring 6, Munich 81739, Germany. ' Institute for Informatics, University of Goettingen, Lotzestr. 16-18, Goettingen 37083, Germany

Abstract: The Next Steps In Signalling (NSIS) protocol suite represents an extensible framework for enabling various signalling applications over IP-based networks. The framework consists of two layers that need different types of security protection; the lower layer mainly deals with the discovery of adjacent peers and establishment of channel security to protect the delivery of signalling messages between two peers, while the upper layer provides the signalling application specific functionalities. Different security properties are required at the two layers with stronger authorisation functionality at the signalling application layer. In this paper we examine how various security vulnerabilities can be utilised by an adversary, including eavesdropping, Man-In-The-Middle (MITM) attacks, fraud and Denial of Service (DoS) attacks. Moreover, we describe how to protect against a number of selected security threats and highlight some security challenges that require further research.

Keywords: QoS signalling; signalling protocols; Resource Reservation Protocol; RSVP; Next Steps In Signalling; NSIS; General Internet Signalling Transport; GIST; security; AAA services.

DOI: 10.1504/IJIPT.2006.010562

International Journal of Internet Protocol Technology, 2006 Vol.1 No.4, pp.271 - 282

Published online: 01 Aug 2006 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article