Secure authentication
398 views
Skip to first unread message
Teresa Reis
Jul 21, 2011, 6:23:31 AM7/21/11
to mobicents-public
Hi,
Finally I have my full media service build, with Mobicents JAIN SLEE and Android (with Mobicents sip api).
Now I’m passing this service to a real IMS system, bus this requires full authentication according to the IMS specification:
SIP REGISTER -> 401 ->SIP RESPONSE with (Authentication Headers) ->200 OK
So I need some resource that allows me to build this header, and I check SIPDigestAuthenticate (http://docs.jboss.org/mobicents/jain-slee/2.4.0.CR1/resources/diameter-cx-dx/javadoc/net/java/slee/resource/diameter/cxdx/events/avp/class-use/SIPDigestAuthenticate.html).
My question, is there an example with this library?
Is there other ways to add secure authentication header (MD5) in sip packages?
Thanks in advance,
ziza
yulian_o
Jul 21, 2011, 10:47:39 AM7/21/11
to mobicents-public
Hello
Use:
WWWAuthenticateHeader
wwwHeader=headerFactory.createWWWAuthenticateHeader(sipScheme);
wwwHeader.setAlgorithm(algorithm);
wwwHeader.setQop("auth,auth-int");
wwwHeader.setRealm(realm);
wwwHeader.setNonce(nonce);
if(confidentialityKey!=null)
wwwHeader.setParameter("ck", confidentialityKey);
if(integrityKey!=null)
wwwHeader.setParameter("ik", integrityKey);
currResponse.addHeader(wwwHeader);
Where sipScheme should be "Digest"
Algorithm depending on what you are using : MD5 , AKAv1-MD5 , AKAv2-
MD5
Where AKAv1-MD5 , AKAv2-MD5 are used by IMS systems and are not
supported by standart sip clients.
confidentiality key and integrity key should be used with AKAv1-MD5 or
AKAv2-MD5 only
realm is realm you want to use for authentication
nonce can be created in following way :
if(nonce==null)
{
java.util.Date time = new java.util.Date();
nonce=((SipURI)
((ContactHeader)getServerTransactionCMP().getRequest().getHeader(ContactHeader.NAME)).getAddress().getURI()).getHost()
+ ":" + String.valueOf(time.getTime()) + ":" +
java.util.UUID.randomUUID().toString();
byte[] result=digest.digest(nonce.getBytes());
nonce = bytesToHexString(result);
}
Where getServerTransactionCMP().getRequest() is initial request,and
bytesToHexString(value) is :
protected String bytesToHexString(byte[] bytes)
{
StringBuilder sb = new StringBuilder(bytes.length * 2);
Formatter formatter = new Formatter(sb);
for (byte b : bytes)
{
formatter.format("%02x", b);
}
return sb.toString();
}
nonce should be stored for validation.
Best regards
Yulian Oifa
Use:
WWWAuthenticateHeader
wwwHeader=headerFactory.createWWWAuthenticateHeader(sipScheme);
wwwHeader.setAlgorithm(algorithm);
wwwHeader.setQop("auth,auth-int");
wwwHeader.setRealm(realm);
wwwHeader.setNonce(nonce);
if(confidentialityKey!=null)
wwwHeader.setParameter("ck", confidentialityKey);
if(integrityKey!=null)
wwwHeader.setParameter("ik", integrityKey);
currResponse.addHeader(wwwHeader);
Where sipScheme should be "Digest"
Algorithm depending on what you are using : MD5 , AKAv1-MD5 , AKAv2-
MD5
Where AKAv1-MD5 , AKAv2-MD5 are used by IMS systems and are not
supported by standart sip clients.
confidentiality key and integrity key should be used with AKAv1-MD5 or
AKAv2-MD5 only
realm is realm you want to use for authentication
nonce can be created in following way :
if(nonce==null)
{
java.util.Date time = new java.util.Date();
nonce=((SipURI)
((ContactHeader)getServerTransactionCMP().getRequest().getHeader(ContactHeader.NAME)).getAddress().getURI()).getHost()
+ ":" + String.valueOf(time.getTime()) + ":" +
java.util.UUID.randomUUID().toString();
byte[] result=digest.digest(nonce.getBytes());
nonce = bytesToHexString(result);
}
Where getServerTransactionCMP().getRequest() is initial request,and
bytesToHexString(value) is :
protected String bytesToHexString(byte[] bytes)
{
StringBuilder sb = new StringBuilder(bytes.length * 2);
Formatter formatter = new Formatter(sb);
for (byte b : bytes)
{
formatter.format("%02x", b);
}
return sb.toString();
}
nonce should be stored for validation.
Best regards
Yulian Oifa
yulian_o
Jul 21, 2011, 10:49:05 AM7/21/11
to mobicents-public
Digest should be created as :
MessageDigest digest = MessageDigest.getInstance("MD5");
Best regards
Yulian Oifa
MessageDigest digest = MessageDigest.getInstance("MD5");
Best regards
Yulian Oifa
yulian_o
Jul 21, 2011, 10:56:10 AM7/21/11
to mobicents-public
Btw calculation of the response both on clients and servers should be
calculated as described here :
http://en.wikipedia.org/wiki/Digest_access_authentication
Best regards
Yulian oifa
calculated as described here :
http://en.wikipedia.org/wiki/Digest_access_authentication
Best regards
Yulian oifa
Reply all
Reply to author
Forward
0 new messages