datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Security Considerations for Signaling Transport (SIGTRAN) Protocols
RFC 3788

Document type: RFC - Proposed Standard (June 2004)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3788 (Proposed Standard)
Responsible AD: Jon Peterson
Send notices to: <lyong@ciena.com>

Network Working Group                                        J. Loughney
Request for Comments: 3788                         Nokia Research Center
Category: Standards Track                                 M. Tuexen, Ed.
                                      Univ. of Applied Sciences Muenster
                                                        J. Pastor-Balbas
                                                    Ericsson Espana S.A.
                                                               June 2004

                      Security Considerations for
                Signaling Transport (SIGTRAN) Protocols

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document discusses how Transport Layer Security (TLS) and IPsec
   can be used to secure communication for SIGTRAN protocols.  The main
   goal is to recommend the minimum security means that a SIGTRAN node
   must implement in order to attain secured communication.  The support
   of IPsec is mandatory for all nodes running SIGTRAN protocols.  TLS
   support is optional.

Loughney, et al.            Standards Track                     [Page 1]
RFC 3788                    SIGTRAN Security                   June 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.2.  Abbreviations  . . . . . . . . . . . . . . . . . . . . .  3
   2.  Convention . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Security in Telephony Networks . . . . . . . . . . . . . . . .  4
   4.  Threats and Goals  . . . . . . . . . . . . . . . . . . . . . .  4
   5.  IPsec Usage  . . . . . . . . . . . . . . . . . . . . . . . . .  6
   6.  TLS Usage  . . . . . . . . . . . . . . . . . . . . . . . . . .  7
   7.  Support of IPsec and TLS . . . . . . . . . . . . . . . . . . .  8
   8.  Peer-to-Peer Considerations  . . . . . . . . . . . . . . . . .  9
   9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 10
   10. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
   11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
   12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
       12.1. Normative References . . . . . . . . . . . . . . . . . . 11
       12.2. Informative References . . . . . . . . . . . . . . . . . 11
   13. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 12
   14. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 13

1.  Introduction

1.1.  Overview

   The SIGTRAN protocols are designed to carry signaling messages for
   telephony services.  These protocols will be used between

   o  customer premise and service provider equipment in case of ISDN
      Q.921 User Adaptation Layer (IUA) [9].

   o  service provider equipment only.  This is the case for SS7 MTP2
      User Adaptation Layer (M2UA) [12], SS7 MTP2 Peer-to-Peer User
      Adaptation Layer (M2PA) [15], SS7 MTP3 User Adaptation Layer
      (M3UA) [13] and SS7 SCCP User Adaptation Layer (SUA) [16].  The
      carriers may be different and may use other transport network
      providers.

   The security requirements for these situations may be different.

   SIGTRAN protocols involve the security needs of several parties, the
   end-users of the services, the service providers and the applications
   involved.  Additional security requirements may come from local
   regulation.  While having some overlapping security needs, any
   security solution should fulfill all of the different parties' needs.

   The SIGTRAN protocols assume that messages are secured by using
   either IPsec or TLS.

Loughney, et al.            Standards Track                     [Page 2]
RFC 3788                    SIGTRAN Security                   June 2004

1.2.  Abbreviations

   This document uses the following abbreviations:

   ASP: Application Server Process

   CA: Certification Authority

   DOI: Domain Of Interpretation

   ESP: Encapsulating Security Payload

   FQDN: Full-Qualified Domain Names

   IPsec: IP Security Protocol

   IKE: Internet Key Exchange Protocol

   ISDN: Integrated Services Digital Network

   IUA: ISDN Q.921 User Adaptation Layer

   M2PA: SS7 MTP2 Peer-to-Peer User Adaptation Layer

[include full document text]