4 Knowledge Base

 

 TelecomTrainning.net > Knowledge Base
 Viewing KB Article
Good Morning, - Please register or - log-in to your account.
Search
Search   Saved Questions   Ask a question
Keywords 
 
Available categories
LTE
100 of Questions in LTE
CCNA Certification
CCNA Sample Q & A (1000 + Q &A)
(Network +) Certification
(Network +) Sample Q & A (1000 + Q &A)
Networking
General/Interview Q& A on Networking
Home Networking
General/Interview Q& A on Networking
VOIP, SIP & Asterisk
Q & A on VOIP,Ethereal, SIP & Asterisk
Telecom Test Equipments
Q & A on Telecom Test Equipment
PSTN / Wireline
General / Interview Q & A on PSTN / Wireline
LTE, Wireless, 3G ,Diameter and HSS
General/Interview Q & A on LTE, Wireless, 3G ,Diameter and HSS
Telecom General
Any Q & A in Telecom in General

Top Questions
Friends, Describe Secure storage and distribution of A-Keys?
what is the difference between E1 signal & Ethernet signal ?
How do I monitor SS7 Traffic in spectra2?
Can you tell me about PBGT?
Explain me the difference between a repeater, bridge and router? Relate this to the OSI model.
What is the difference between BRI & PRI ?
Guys what is the purpose of Umbrella Cell Approach in GSM ?
how can we explain media gateway in MSc?
What is GGSN?
What is the difference between Electrical-tilt and Mechanical-tilt of an antenna?
What is BSC?
What is demarc point?
Can any one explain me how sms flow will work using ss7 network ?( from physical layer to application layer)
why cellphone towers are painted in red and white?
Explain SLTA and SLTM messages in MTP3?
Hi guys what is WAP?
wat is the difference betweem MSC & GMSC, & MSS & GCS?
what is EDAp? what is the functions of EDAP?
What is a circuit id?
what is sdh?

Explain me about Authentication in SIP?
stephenraj 16-July-2008 01:01:40 PM

Comments


SIP provides a stateless, challenge-based mechanism for authentication that is based on authentication in HTTP. Any time that a proxy server or UA receives a request (with the exceptions given in Section 22.1), it MAY challenge the initiator of the request to provide assurance of its identity. Once the originator has been identified, the recipient of the request SHOULD ascertain whether or not this user is authorized to make the request in question

So, to summarize:

* SIP Authentication is done with an authentication username and authentication realm.
* The server challenges the user with a realm and a "nonce"
* If the user has a username within this realm, it calculates a response based on a number of data, including a "secret"
* The authentication username doesn't have to be the same as the SIP user name
* The authentication realm doesn't have to be the same as the SIP domain
* Many SIP user agents have broken implementations where you can't set authentication username and realm


* The best solution would be for a user agent to have one setting for SIP username and domain, and then a set of settings for authentication to various realms. ''How do I authententicate within this realm?".
* Today many clients are bound to have the same username/password for all realms, which is not a very good way of handling security.
Posted by sagitraz


A User Agent presents credentials to the Proxy Server. The Proxy Server may turn to a third party to verify that the User Agent is who they say they are. This often uses the method of Certificates of Authentication common on the World Wide Web.
• Requires the User Agent and verifier to have a shared secret
• Keys are regenerated on time and address so to prevent third parties from attacking with cached credentials
• SIP signals a requirement for TLS by responding to an invite with 401 Authentication Required or 407 Proxy Authorization Required
Posted by yogendra

Q&A Rating

Q&A Rating
Rate This Question and Answer

Related Questions
Is IP, SNMP are Network Layer Protocols?
What command to view the configuration in NVRAM?
 
What is the key concept of the smart card in GSM systems is to associated?
 


Search questions via popularity
Top viewed questions  Top emailed questions  Most printed questions  Most saved questions
 
Copyright © Telecom Training, All Rights Reserved