1、 International Telecommunication Union ITU-T H.235.1TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/2005) SERIES H: AUDIOVISUAL AND MULTIMEDIA SYSTEMSInfrastructure of audiovisual services Systems aspects H.323 security: Baseline security profile ITU-T Recommendation H.235.1 ITU-T H-SERIES RECOM
2、MENDATIONS AUDIOVISUAL AND MULTIMEDIA SYSTEMS CHARACTERISTICS OF VISUAL TELEPHONE SYSTEMS H.100H.199 INFRASTRUCTURE OF AUDIOVISUAL SERVICES General H.200H.219 Transmission multiplexing and synchronization H.220H.229 Systems aspects H.230H.239 Communication procedures H.240H.259 Coding of moving vide
3、o H.260H.279 Related systems aspects H.280H.299 Systems and terminal equipment for audiovisual services H.300H.349 Directory services architecture for audiovisual and multimedia services H.350H.359 Quality of service architecture for audiovisual and multimedia services H.360H.369 Supplementary servi
4、ces for multimedia H.450H.499 MOBILITY AND COLLABORATION PROCEDURES Overview of Mobility and Collaboration, definitions, protocols and procedures H.500H.509 Mobility for H-Series multimedia systems and services H.510H.519 Mobile multimedia collaboration applications and services H.520H.529 Security
5、for mobile multimedia systems and services H.530H.539 Security for mobile multimedia collaboration applications and services H.540H.549 Mobility interworking procedures H.550H.559Mobile multimedia collaboration inter-working procedures H.560H.569 BROADBAND AND TRIPLE-PLAY MULTIMEDIA SERVICES Broadba
6、nd multimedia services over VDSL H.610H.619 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. H.235.1 (09/2005) i ITU-T Recommendation H.235.1 H.323 security: Baseline security profile Summary This Recommendation provides authentication and integrity protection, or a
7、uthentication-only for H.225.0 RAS and call signalling, H.225.0, and tunnelled H.245 using password-based HMAC-SHA1-96 hash protection of H.225.0 RAS and Call Signalling messages by using secure password-based cryptographic techniques. The security profile is applicable to H.323 terminal-to-gatekeep
8、er, gatekeeper-to-gatekeeper, H.323 gateway-to-gatekeeper and to other H.323 entities in administered environments with symmetric assigned keys/passwords. In earlier versions of the H.235 subseries, this profile was contained in Annex D/H.235. Appendices IV, V, VI to H.235.0 show the complete clause
9、, figure, and table mapping between H.235 versions 3 and 4. Source ITU-T Recommendation H.235.1 was approved on 13 September 2005 by ITU-T Study Group 16 (2005-2008) under the ITU-T Recommendation A.8 procedure. Keywords Authentication, certificate, digital signature, encryption, integrity, key mana
10、gement, multimedia security, security profile. ii ITU-T Rec. H.235.1 (09/2005) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. I
11、TU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for s
12、tudy by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on
13、a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contai
14、n certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express req
15、uirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Ri
16、ght. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intell
17、ectual property, protected by patents, which may be required to implement this Recommendation. However, implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. ITU 2006 All rights reserved. No part of this pub
18、lication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. H.235.1 (09/2005) iii CONTENTS Page 1 Scope 1 2 References. 1 2.1 Normative references 1 2.2 Informative references 2 3 Terms and definitions . 2 4 Symbols and abbreviations. 2 5 Conventions
19、3 6 Overview 5 6.1 Summary of security features. 5 6.2 Applicability of the baseline security profile . 6 6.3 H.323 requirements 7 6.4 Overview of procedures . 7 7 Symmetric-key-based signalling message authentication and integrity (procedure I) . 7 7.1 Computation of the password-based hash 9 7.2 H
20、MAC-SHA1-96 . 9 7.3 Computation and verification of authentication and integrity 9 8 Authentication-only (procedure IA) . 10 9 Usage illustration for procedure I. 11 9.1 RAS message authentication and integrity. 13 9.2 H.225.0 message authentication and integrity 13 9.3 H.245 message authentication
21、and integrity. 14 9.4 Direct-routed scenario 15 10 Back-end-service support . 15 11 H.235 version 1 compatibility 15 12 Multicast behaviour 15 13 List of secured signalling messages 15 13.1 H.225.0 RAS 15 13.2 H.225.0 call signalling 15 13.3 H.245 call control . 16 14 Usage of sendersID and generalI
22、D. 16 15 List of object identifiers 17 ITU-T Rec. H.235.1 (09/2005) 1 ITU-T Recommendation H.235.1 H.323 Security: Baseline security profile 1 Scope This Recommendation provides authentication and integrity protection, or authentication-only for H.225.0 RAS and call signalling, H.225.0 and tunnelled
23、 H.245 messages using password-based HMAC-SHA1-96 hash protection of H.225.0 RAS and Call Signalling messages by using secure password-based cryptographic techniques. The security profile is applicable to H.323 terminal-to-gatekeeper, gatekeeper-to-gatekeeper, H.323 gateway-to-gatekeeper and to othe
24、r H.323 entities. 2 References 2.1 Normative references The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations
25、and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published.
26、 The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T Recommendation H.225.0 (2003), Call signalling protocols and media stream packetization for packet-based multimedia communication systems. ITU-T Recommendation H
27、.235 version 1 (1998), Security and encryption for H-series (H.323 and other H.245-based) multimedia terminals. ITU-T Recommendation H.235 version 2 (2000), Security and encryption for H-series (H.323 and other H.245-based) multimedia terminals. ITU-T Recommendation H.235.0 (2005), H.323 security: F
28、ramework for security in H-series (H.323 and other H.245-based) multimedia systems. ITU-T Recommendation H.235.2 (2005), H.323 security: Signature security profile. ITU-T Recommendation H.235.4 (2005), H.323 security: Direct and selective routed call security. ITU-T Recommendation H.235.6 (2005), H.
29、323 security: Voice encryption profile with native H.235/H.245 key management. ITU-T Recommendation H.245 version 10 (2003), Control protocol for multimedia communication. ITU-T Recommendation H.323 (2003), Packet-based multimedia communications systems. ITU-T Recommendation H.323 Annex F (1999), Si
30、mple endpoint types. ITU-T Recommendation Q.931 (1998), ISDN user-network interface layer 3 specification for basic call control. ITU-T Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ISO/IEC 7498-2:1989, Information processing systems Open
31、 Systems Interconnection Basic Reference Model Part 2: Security Architecture. 2 ITU-T Rec. H.235.1 (09/2005) ITU-T Recommendation X.803 (1994) | ISO/IEC 10745:1995, Information technology Open Systems Interconnection Upper layers security model. ITU-T Recommendation X.810 (1995) | ISO/IEC 10181-1:19
32、96, Information technology Open Systems Interconnection Security frameworks for open systems: Overview. ITU-T Recommendation X.811 (1995) | ISO/IEC 10181-2:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework. ISO/IEC 10118-3:2004,
33、Information Technology Security techniques Hash-functions Part 3: Dedicated hash-functions. 2.2 Informative references FIPSPUB180-2 Federal Information Processing Standard FIPS PUB 180-2, Secure Hash Standard, U. S. Department of Commerce, Technology Administration, National Institute of Standards a
34、nd Technology, 1 August 2002. OIW Stable Implementation Agreements for Open Systems Interconnection Protocols: Part 12 OS Security; Output from the December 1994 Open Systems Environment Implementors Workshop (OIW); http:/nemo.ncsl.nist.gov/oiw/agreements/stable/OSI/12s_9412.txt. RFC2104 IETF RFC 21
35、04 (1997), HMAC: Keyed-Hashing for Message Authentication. WEBOIDs http:/www.alvestrand.no/objectid/top.html. 3 Terms and definitions For the purposes of this Recommendation, the definitions given in clauses 3/H.323, 3/H.225.0 and 3/H.245 apply along with those in this clause. Some of the terms used
36、 in this Recommendation are also as defined in ITU-T Recs X.800 | ISO/IEC 7498-2, X.803 | ISO/IEC 10745, X.810 | ISO/IEC 10181-1 and X.811 | ISO/IEC 10181-2. This Recommendation uses the following terms for provisioning the security services. 3.1 authentication and integrity: This is a combined secu
37、rity service part of the baseline profile that supports message integrity in conjunction with user authentication. The user may ensure authentication by correctly applying a shared secret key procedure. Both security services are provided by the same security mechanism. 3.2 authentication-only: This
38、 security service offered by the baseline security profile as an option supports authentication of selected fields only, but does not provide full message integrity. The authentication-only security profile is applicable for signalling messages traversing NAT/firewall devices. The user may ensure au
39、thentication by correctly applying a shared secret key procedure. When using symmetric key techniques, the security services authentication/integrity only apply on a hop-by-hop basis. 4 Symbols and abbreviations This Recommendation uses the following abbreviations: ASN.1 Abstract Syntax Notation One
40、 EP Endpoint EPID Endpoint Identifier ITU-T Rec. H.235.1 (09/2005) 3 GK Gatekeeper GKID Gatekeeper Identifier GRQ Gatekeeper Request HMAC Hashed Message Authentication Code ICV Integrity Check Value ITU International Telecommunication Union LRQ Location Request MAC Message Authentication Code NAT Ne
41、twork Address Translation OID Object Identifier RAS Registration, Admission and Status RTP Real-Time Protocol SHA Secure Hash Algorithm TCP Transmission Control Protocol UTC Universal Time Clock VoIP Voice over Internet Protocol 5 Conventions In this Recommendation the following conventions are used
42、: “shall“ indicates a mandatory requirement. “should“ indicates a suggested but optional course of action. “may“ indicates an optional course of action rather than a recommendation that something take place. This Recommendation defines a baseline security profile. The baseline security profile provi
43、des basic security by simple means using secure password-based cryptographic techniques. The baseline security profile may be used in conjunction with the security profiles such as H.235.3, H.235.4, H.235.5, H.235.6 and H.235.7. This Recommendation uses H.235 fields for provisioning authentication/i
44、ntegrity security services upon H.323 signalling messages. Different object identifiers (see clause 15) determine which security service is actually selected and which protocol version of this Recommendation is being used. Procedure I specifies how to implement the security services by certain secur
45、ity mechanisms such as symmetric (keyed hashing) techniques. The object identifiers are referenced through a symbolic reference in the text (e.g., “A“), see also clause 5/H.235.0. While the message integrity service also always provides message authentication, the reverse is not always true. In prac
46、tice, combined authentication and integrity service exploit the same key material without introducing a security weakness. Moreover, all hop-by-hop security information is put into the CryptoHashedToken element. This information is re-computed at every hop. This Recommendation applies certain symmet
47、ric cryptographic techniques for the purpose of authentication and integrity. This text uses the term password and shared secret when applying symmetric techniques. 4 ITU-T Rec. H.235.1 (09/2005) Generally, what password, session key and shared secret all have in common is that they are used in symm
48、etric cryptography among two (or more) entities. The difference between a password and a session key/shared secret is how the keys are actually applied, e.g., passwords for authentication and authorization, session keys for encryption. The term “shared secret“ is kind of neutral as it does not actua
49、lly refer to any specific usage. The password (could be viewed also as a shared secret) is used for the authentication/integrity for RAS and H.225.0, as this item could be entered by the user. A password typically is an alphanumeric character string that users can memorize. The password usually has a longer-term lifetime; the password is known a priori and may be defined as part of the overall user subscription process. Some algorithm (e.g., piping the password through a hash algorithm) may t
