SAMSON - Strong Authenticated Mail Service Over NGN

[20.09.2010 - 11.02.2011]

SAMSON
is a service prototype developed in order to validate the concepts at the base of the .post platform. The .post platform will be an electronic platform regulated by the UPU – Universal Postal Union – that will offer the opportunity for the operators of the postal sector to develop innovative business models in a special space made secure from SPAM and cybercriminal activity. The .post platform shall also “provide authentication capabilities for individuals and businesses that want to be absolutely certain they are dealing with legitimate parties”.

The objectives of our thesis were:

  • A survey about the eID system and the secured mail services.
  • The proposal of an architecture prototype of the .post platform.
  • The integration of an eID system for the subscribers’ authentication.
  • The development of a service enabling the exchange of secure messages over an NGN.
  • Taking part to a conference in order to share our results.

Architecture prototype

The security is the main topic of the .post platform and therefore we have been immediately persuaded that only a new technology as the IMS could offer the required level of security and trust. The IMS networks are well protected from different security threats with the implementation of dedicated services for the authentication, the authorization, the integrity and confidentiality as well as for the availability. Thus, we have chosen the IMS technology as the core of the .post platform.

The SuisseID has been chosen as the eID system for the authentication of the subscribers gaining access to the .post platform. We have also exploited the capability of the SuisseID to provide an esignature legally acknowledged in order to guarantee the integrity and the non-repudiation of the messages sent through the .post platform.

The access to the .post platform is done with a dedicated Client – the SAMSON Client – installed in a Security Dongle. The Security Dongle is an HW device that stores besides the SAMSON Client, a software ISIM and the SuisseID token. The ISIM stores the subscriber’s credentials needed to access the .post platform and the functions for the establishment of the IPSec tunnels protecting the IMS signaling traffic from and to the UE. The SuisseID token provides the digital certificate for the authentication of the subscriber and the Qualified Signature Certificate for the e-signature of the messages.

We have tested the SAMSON Client in collaboration with Ericsson and Swisscom and the following results have been achieved:

  • Authentication with the SuisseID token
  • Registration using the IMS-AKA mechanism
  • Signature of the SIP MESSAGE requests
  • Integrity verification of the incoming

We have analyzed some alternatives in order to develop the .post platform using the STORK platform instead of the IMS network. Our position toward this solution is exposed in the paper that we have submitted to the ICIN 2011 Conference (Berlin, 4-7 October) with the hope to have the opportunity to expose the results achieved by the SAMSON project.

Successful login

 

Author: Andrea Vaccani
Advisor: Prof. Jean-Frédéric Wagen (EIA-FR), Reto Caduff (Ericsson AG), Farah Abdallah (UPU)

Andrea Vaccani (1986) graduated from the University of Applied Sciences Western Switzerland with a Master of Science in Engineering, ICT. The SAMSON service prototype, aiming to secure the exchange of the instant messages in IMS networks, was developed in the context of his Master Thesis in collaboration with Ericsson, the UPU, KOBIL and Swisscom. During the Master education he managed the IMS network at the College of Engineering and Architecture of Fribourg and he improved the capabilities of the mobile terminals currently used in the ICT laboratory.

People interested to SAMSON are welcome to get in touch with the project’s team:
Andrea Vaccani, Jean-Frédéric Wagen, Antoine Delley