Security Considerations for Signaling Transport (SIGTRAN) Protocols
RFC 3788
Document | Type | RFC - Proposed Standard (June 2004; No errata) | |
---|---|---|---|
Authors | Javier Pastor , Michael Tüxen , John Loughney | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3788 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Jon Peterson | ||
Send notices to | (None) |
Network Working Group J. Loughney Request for Comments: 3788 Nokia Research Center Category: Standards Track M. Tuexen, Ed. Univ. of Applied Sciences Muenster J. Pastor-Balbas Ericsson Espana S.A. June 2004 Security Considerations for Signaling Transport (SIGTRAN) Protocols Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). Abstract This document discusses how Transport Layer Security (TLS) and IPsec can be used to secure communication for SIGTRAN protocols. The main goal is to recommend the minimum security means that a SIGTRAN node must implement in order to attain secured communication. The support of IPsec is mandatory for all nodes running SIGTRAN protocols. TLS support is optional. Loughney, et al. Standards Track [Page 1] RFC 3788 SIGTRAN Security June 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . 3 2. Convention . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Security in Telephony Networks . . . . . . . . . . . . . . . . 4 4. Threats and Goals . . . . . . . . . . . . . . . . . . . . . . 4 5. IPsec Usage . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. TLS Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. Support of IPsec and TLS . . . . . . . . . . . . . . . . . . . 8 8. Peer-to-Peer Considerations . . . . . . . . . . . . . . . . . 9 9. Security Considerations . . . . . . . . . . . . . . . . . . . 10 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 12.1. Normative References . . . . . . . . . . . . . . . . . . 11 12.2. Informative References . . . . . . . . . . . . . . . . . 11 13. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 12 14. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 13 1. Introduction 1.1. Overview The SIGTRAN protocols are designed to carry signaling messages for telephony services. These protocols will be used between o customer premise and service provider equipment in case of ISDN Q.921 User Adaptation Layer (IUA) [9]. o service provider equipment only. This is the case for SS7 MTP2 User Adaptation Layer (M2UA) [12], SS7 MTP2 Peer-to-Peer User Adaptation Layer (M2PA) [15], SS7 MTP3 User Adaptation Layer (M3UA) [13] and SS7 SCCP User Adaptation Layer (SUA) [16]. The carriers may be different and may use other transport network providers. The security requirements for these situations may be different. SIGTRAN protocols involve the security needs of several parties, the end-users of the services, the service providers and the applications involved. Additional security requirements may come from local regulation. While having some overlapping security needs, any security solution should fulfill all of the different parties' needs. The SIGTRAN protocols assume that messages are secured by using either IPsec or TLS. Loughney, et al. Standards Track [Page 2] RFC 3788 SIGTRAN Security June 2004 1.2. Abbreviations This document uses the following abbreviations: ASP: Application Server Process CA: Certification Authority DOI: Domain Of Interpretation ESP: Encapsulating Security Payload FQDN: Full-Qualified Domain Names IPsec: IP Security Protocol IKE: Internet Key Exchange Protocol ISDN: Integrated Services Digital Network IUA: ISDN Q.921 User Adaptation Layer M2PA: SS7 MTP2 Peer-to-Peer User Adaptation Layer M2UA: SS7 MTP2 User Adaptation Layer M3UA: SS7 MTP3 User Adaptation Layer PKI: Public Key Infrastructure SA: Security Association SCTP: Stream Control Transmission Protocol SS7: Signaling System No. 7 SUA: SS7 SCCP User Adaptation LayerShow full document text