Securing the Next Steps In Signalling (NSIS) protocol suite
International Journal of Internet Protocol Technology
Securing a path-coupled NAT/firewall signaling protocol
IPOM'07 Proceedings of the 7th IEEE international conference on IP operations and management
NSIS: a new extensible IP signaling protocol suite
IEEE Communications Magazine
Hi-index | 0.00 |
The IETF working group Next Steps in Signaling (NSIS) develops signaling protocols for Quality-of-Service (QoS) reservations or dynamic NAT and firewall (NAT/FW) configuration. QoS signaling allows for on-demand resource reservations in order to provide guaranteed quality-of-service for real-time oriented services in IP-based next generation networks whereas NAT/FW signaling allows for establishing pinholes in firewalls or bindings in NAT devices. QoS signaling must be secured to allow for a reliable accounting and NAT/FW configuration is a sensitive operation per se. This paper presents an approach that provides an integrity protection of NSLP signaling messages by extending an NSLP Session Authorization Object. A worked example for secure QoS signaling in a Kerberos-secured domain is given.