Security Threats for Next Steps in Signaling (NSIS)

“…The underlying requirements for signaling in the context of NSIS are defined in [1] and a separate security threats document [2]; other related requirements can be found in [3] and [4] for QoS/Mobility and middlebox communication, respectively. This framework does not replace or update these requirements.…”

“…The routing of the messages should follow exactly the same path as the associated data flow (but see Section 5.1.1 on this point). Note that securing messages sent this way raises some interesting security issues (these are discussed in [2]). In addition, it is a matter of the protocol design what should be used as the source address of the message (the flow source or signaling source).…”

“…We have assumed that, apart from being resistant to denial of service attacks against itself, the main role of the NTLP will be to provide message design is discussed in the security properties document [6] and also influences many parts of the threat analysis [2]. Therefore, this framework does not mandate the use of any specific channel security protocol; instead, this has to be integrated with the design of the NTLP as a whole.…”

“…Further work on this and other security design will depend on a refinement of the NSIS threats work begun in [2].…”

Next Steps in Signaling (NSIS): Framework

“…The underlying requirements for signaling in the context of NSIS are defined in [1] and a separate security threats document [2]; other related requirements can be found in [3] and [4] for QoS/Mobility and middlebox communication, respectively. This framework does not replace or update these requirements.…”

“…The routing of the messages should follow exactly the same path as the associated data flow (but see Section 5.1.1 on this point). Note that securing messages sent this way raises some interesting security issues (these are discussed in [2]). In addition, it is a matter of the protocol design what should be used as the source address of the message (the flow source or signaling source).…”

“…We have assumed that, apart from being resistant to denial of service attacks against itself, the main role of the NTLP will be to provide message design is discussed in the security properties document [6] and also influences many parts of the threat analysis [2]. Therefore, this framework does not mandate the use of any specific channel security protocol; instead, this has to be integrated with the design of the NTLP as a whole.…”

“…Further work on this and other security design will depend on a refinement of the NSIS threats work begun in [2].…”

Next Steps in Signaling (NSIS): Framework

“…The application-specific protocols are referred to as NSIS Signalling Layer Protocols (NSLPs), and are defined in separate documents. The NSIS framework [29] and the accompanying threats document [30] provide important background RFC 5971 GIST October 2010…”

GIST: General Internet Signalling Transport

Beyond QoS signaling: A new generic IP signaling framework