温馨提示:
1. 部分包含数学公式或PPT动画的文件,查看预览时可能会显示错乱或异常,文件下载后无此问题,请放心下载。
2. 本文档由用户上传,版权归属用户,汇文网负责整理代发布。如果您对本文档版权有争议请及时联系客服。
3. 下载前请仔细阅读文档内容,确认文档内容符合您的需求后进行下载,若出现内容与标题不符可向本站投诉处理。
4. 下载文档时可能由于网络波动等原因无法下载或下载错误,付费完成后未能成功下载的用户请联系客服处理。
网站客服:3074922707
ISO_IEC_TR_16166_2010E
Reference numberISO/IEC TR 16166:2010(E)ISO/IEC 2010 TECHNICAL REPORT ISO/IECTR16166First edition2010-08-01 Information technology Telecommunications and information exchange between systems Next Generation Corporate Networks(NGCN)Security of session-based communications Technologies de linformation Tlinformatique Rseaux dentreprise de prochaine gnration(NGCN)Scurit des communications sur la base de sessions ISO/IEC TR 16166:2010(E)PDF disclaimer This PDF file may contain embedded typefaces.In accordance with Adobes licensing policy,this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing.In downloading this file,parties accept therein the responsibility of not infringing Adobes licensing policy.The ISO Central Secretariat accepts no liability in this area.Adobe is a trademark of Adobe Systems Incorporated.Details of the software products used to create this PDF file can be found in the General Info relative to the file;the PDF-creation parameters were optimized for printing.Every care has been taken to ensure that the file is suitable for use by ISO member bodies.In the unlikely event that a problem relating to it is found,please inform the Central Secretariat at the address given below.COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2010 All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized in any form or by any means,electronic or mechanical,including photocopying and microfilm,without permission in writing from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel.+41 22 749 01 11 Fax +41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2010 All rights reserved ISO/IEC TR 16166:2010(E)ISO/IEC 2010 All rights reserved iii Contents Page Foreword.vIntroduction.vi1 Scope.12 References.13 Terms and definitions.33.1 External definitions.33.2 Other definitions.44 Abbreviations.45 Background.56 General principles.56.1 Threats and counter-measures.56.2 Threats to session level security.66.3 Authorisation.76.4 Security and mobile users.86.5 Security and NGN.86.6 Security and software status.86.7 Call recording and audit.87 Signalling security.87.1 Security of access to session level services.97.2 Securing a SIP signalling hop.97.2.1 TLS for securing SIP signalling.107.2.2 IPsec for security SIP signalling.107.2.3 The role of SIP digest authentication.107.3 Ensuring that all SIP signalling hops are secured.117.4 End-to-end signalling security.127.4.1 End-to-end security using S/MIME.127.4.2 Near end-to-end security using SIP Identity.137.5 Authenticated identity delivery.137.5.1 P-Asserted-Identity(PAI).147.5.2 Authenticated Identity Body(AIB).147.5.3 SIP Identity.147.5.4 Authenticated response identity.157.6 NGN considerations.167.7 Public Switched Telephony Network(PSTN)interworking.178 Media security.188.1 SRTP.188.2 Key management for SRTP.188.2.1 Key management on the signalling path.188.2.2 Key management on the media path.208.3 Authentication.218.3.1 Authentication with key management on the signalling path.218.3.2 Authentication with DTLS-SRTP.228.3.3 Authentication with ZRTP.228.4 Media recording.228.5 NGN considerations.239 Use of certificates.2410 User interface considerations.24ISO/IEC TR 16166:2010(E)iv ISO/IEC 2010 All rights reserved 11 Summary of requirements,recommendations and standardisation gaps.2511.1 Requirements on NGNs.2511.2 Recommendations on enterprise networks.2511.3 Standardisation gaps.26 ISO/IEC TR 16166:2010(E)ISO/IEC 2010 All rights reserved v Foreword ISO(the International Organization for Standardization)and IEC(the International Electrotechnical Commission)form the specialized system for worldwide standardization.National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity.ISO and IEC technical committees collaborate in fields of mutual interest.Other international organizations,governmental and non-governmental,in liaison with ISO and IEC,also take part in the work.In the field of information technology,ISO and IEC have established a joint technical committee,ISO/IEC JTC 1.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives,Part 2.The main task of the joint technical committee is to prepare International Standards.Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting.Publication as an International Standard requires approval by at least 75%of the national bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.ISO and IEC shall not be held responsibl