Secure Signaling in Next Generation Networks With NSIS
Source: Universitat Karlsruhe
The IETF working group Next Steps In Signaling (NSIS) develops signaling protocols for Quality-of-Service (QoS) reservations or dynamic NAT and FireWall (NAT/FW) configuration. QoS signaling allows for on-demand resource reservations in order to provide guaranteed quality-of-service for real-time oriented services in IP-based next generation networks whereas NAT/FW signaling allows for establishing pinholes in firewalls or bindings in NAT devices. QoS signaling must be secured to allow for a reliable accounting and NAT/FW configuration is a sensitive operation per se. This paper presents an approach that provides an integrity protection of NSLP signaling messages by extending an NSLP Session Authorization Object. A worked example for secure QoS signaling in a Kerberos-secured domain is given.