Security Considerations for Signaling Transport (SIGTRAN) Protocols
RFC 3788
|
| Document |
Type |
|
RFC - Proposed Standard
(June 2004; No errata)
|
|
Last updated |
|
2015-10-14
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
html
bibtex
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 3788 (Proposed Standard)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
Jon Peterson
|
|
Send notices to |
|
(None)
|
Network Working Group J. Loughney
Request for Comments: 3788 Nokia Research Center
Category: Standards Track M. Tuexen, Ed.
Univ. of Applied Sciences Muenster
J. Pastor-Balbas
Ericsson Espana S.A.
June 2004
Security Considerations for
Signaling Transport (SIGTRAN) Protocols
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
Abstract
This document discusses how Transport Layer Security (TLS) and IPsec
can be used to secure communication for SIGTRAN protocols. The main
goal is to recommend the minimum security means that a SIGTRAN node
must implement in order to attain secured communication. The support
of IPsec is mandatory for all nodes running SIGTRAN protocols. TLS
support is optional.
Loughney, et al. Standards Track [Page 1]
RFC 3788 SIGTRAN Security June 2004
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . 3
2. Convention . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Security in Telephony Networks . . . . . . . . . . . . . . . . 4
4. Threats and Goals . . . . . . . . . . . . . . . . . . . . . . 4
5. IPsec Usage . . . . . . . . . . . . . . . . . . . . . . . . . 6
6. TLS Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 7
7. Support of IPsec and TLS . . . . . . . . . . . . . . . . . . . 8
8. Peer-to-Peer Considerations . . . . . . . . . . . . . . . . . 9
9. Security Considerations . . . . . . . . . . . . . . . . . . . 10
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
12.1. Normative References . . . . . . . . . . . . . . . . . . 11
12.2. Informative References . . . . . . . . . . . . . . . . . 11
13. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 12
14. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 13
1. Introduction
1.1. Overview
The SIGTRAN protocols are designed to carry signaling messages for
telephony services. These protocols will be used between
o customer premise and service provider equipment in case of ISDN
Q.921 User Adaptation Layer (IUA) [9].
o service provider equipment only. This is the case for SS7 MTP2
User Adaptation Layer (M2UA) [12], SS7 MTP2 Peer-to-Peer User
Adaptation Layer (M2PA) [15], SS7 MTP3 User Adaptation Layer
(M3UA) [13] and SS7 SCCP User Adaptation Layer (SUA) [16]. The
carriers may be different and may use other transport network
providers.
The security requirements for these situations may be different.
SIGTRAN protocols involve the security needs of several parties, the
end-users of the services, the service providers and the applications
involved. Additional security requirements may come from local
regulation. While having some overlapping security needs, any
security solution should fulfill all of the different parties' needs.
The SIGTRAN protocols assume that messages are secured by using
either IPsec or TLS.
Loughney, et al. Standards Track [Page 2]
RFC 3788 SIGTRAN Security June 2004
1.2. Abbreviations
This document uses the following abbreviations:
ASP: Application Server Process
CA: Certification Authority
DOI: Domain Of Interpretation
ESP: Encapsulating Security Payload
FQDN: Full-Qualified Domain Names
IPsec: IP Security Protocol
IKE: Internet Key Exchange Protocol
ISDN: Integrated Services Digital Network
IUA: ISDN Q.921 User Adaptation Layer
M2PA: SS7 MTP2 Peer-to-Peer User Adaptation Layer
M2UA: SS7 MTP2 User Adaptation Layer
M3UA: SS7 MTP3 User Adaptation Layer
PKI: Public Key Infrastructure
SA: Security Association
SCTP: Stream Control Transmission Protocol
SS7: Signaling System No. 7
SUA: SS7 SCCP User Adaptation Layer
Show full document text