Securing the Next Steps In Signalling (NSIS) protocol suite

摘要

The Next Steps In Signalling (NSIS) protocol suite represents an extensible framework for enabling various signalling applications over IP-based networks. The framework consists of two layers that need different types of security protection; the lower layer mainly deals with the discovery of adjacent peers and establishment of channel security to protect the delivery of signalling messages between two peers, while the upper layer provides the signalling application specific functionalities. Different security properties are required at the two layers with stronger authorisation functionality at the signalling application layer. In this paper we examine how various security vulnerabilities can be utilised by an adversary, including eavesdropping, Man-In-The-Middle (MITM) attacks, fraud and Denial of Service (DoS) attacks. Moreover, we describe how to protect against a number of selected security threats and highlight some security challenges that require further research.