END-TO-END SECURITY ESTABLISHMENT THROUGH OPERATORS: SIP EXPERIMENT Afsaneh Yaghoobian, Maryline Laurent CNRS Samovar UMR 5157, TELECOM SudParis, 9 rue Charles Fourier, 91011 Evry, France Maryline.Laurent@it-sudparis.eu Kourosh Teimoorzadeh, Jean-Philippe Wary SFR, 1 Place Carpeaux, 92915 Paris La Défense, France Keywords: Mutual Authentication, Secure Communications, C2C security, Multi-capacity Device, SIP. Abstract: This paper proposes to experiment a secure multimedia session establishment in a fully open environment like Internet. Users equipped with multi-capacity devices can benefit from the authentication support of their operators to mutually authenticate, and secure their exchanges. Multi-operator crossed authentication can also take place under a previously signed agreement. In this paper, a SIP experiment with integration of SIM-based authentication is successfully conducted, thus demonstrating the feasibility of the end-to-end security establishment approach through operators. 1 INTRODUCTION Until recent years, most of the multimedia applications and devices were proprietary with their own session protocol and security systems. Now, with the growing trend towards IP convergence (voice, data, video) and interoperability, the mobile phones can chat with computers whatever their access network and technology. This openness to media, networks and technology brings a number of security issues, like impersonation, theft of personal data, and man in the middle. This paper is focusing on end-to-end mutual authentication and multimedia data flow security. In (Wary and Laurent, 2009), we proposed an approach to benefit from each original network authentication procedure provided by the operators (e.g. a cellular network operator, an Internet Service Provider…) in order to support mutual authentication between two subscribers. Subscribers are only assumed to be equipped with multi-capacity devices (3G, Bluetooth, ad hoc, Internet…) and to have Internet connectivity. They benefit from the high-level security offered by their operators to establish a secure channel. This solution is independent of the underlying technology in use. It is also adapted to multi-operator crossed authentication through signed agreement in between. In (Wary and Laurent, 2009), concepts were fully described, but no instantiation of them was proposed. In this paper, we demonstrate the feasibility of this secure approach by integrating a SIM-based authentication into the most famous multimedia session establishment: SIP (for Session Initiation Protocol). The advantage of this secure SIP approach over the standardised IMS (IP Multimedia Subsystem) AKA authentication is that users are not required to subscribe any IMS service. They can initiate any SIP service from any service provider. They can make use of the authentication service currently provided by their own operators. SIP users only have to agree on using a compatible SIP software client. This paper is organized as follows. Section 2 introduces the mutual and flexible authentication approach as described in (Wary and Laurent, 2009), and section 3 the SIP protocol standard with flows. Section 4 presents our technical choices for the selection of the authentication method, and the integration of the authentication procedure into SIP exchanges. Section 5 details our SIP experiment. Finally, section 6 gives conclusions, and discusses