[20.09.2010 - 11.02.2011]
is a service prototype developed in order to validate the concepts at the base of the .post platform
. The .post platform will be an electronic platform regulated by the UPU
– Universal Postal Union – that will offer the opportunity for the
operators of the postal sector to develop innovative business models in a
special space made secure from SPAM and cybercriminal activity. The
.post platform shall also “provide authentication capabilities
for individuals and businesses that want to be absolutely certain they are dealing with legitimate parties
The objectives of our thesis were:
- A survey about the eID system and the secured mail services.
- The proposal of an architecture prototype of the .post platform.
- The integration of an eID system for the subscribers’ authentication.
- The development of a service enabling the exchange of secure messages over an NGN.
- Taking part to a conference in order to share our results.
The security is the main topic of the .post platform and therefore we
have been immediately persuaded that only a new technology as the IMS
could offer the required level of security and trust. The IMS
networks are well protected from different security threats with the
implementation of dedicated services for the authentication
, the authorization
, the integrity
as well as for the availability
. Thus, we have chosen the IMS
technology as the core of the .post platform.
The SuisseID has been chosen as the eID system for the
authentication of the subscribers gaining access to the .post platform.
We have also exploited the capability of the SuisseID to provide an
esignature legally acknowledged in order to guarantee the integrity
and the non-repudiation of the messages sent through the .post
The access to the .post platform is done with a dedicated Client – the SAMSON Client – installed in a Security Dongle. The Security Dongle is an HW device that stores besides the SAMSON Client, a software ISIM and the SuisseID
token. The ISIM stores the subscriber’s credentials needed to
access the .post platform and the functions for the establishment of
the IPSec tunnels protecting the IMS signaling traffic from and to
the UE. The SuisseID token provides the digital certificate for the
authentication of the subscriber and the Qualified Signature
Certificate for the e-signature of the messages.
We have tested the SAMSON Client in collaboration with Ericsson and Swisscom and the following results have been achieved:
- Authentication with the SuisseID token
- Registration using the IMS-AKA mechanism
- Signature of the SIP MESSAGE requests
- Integrity verification of the incoming
We have analyzed some alternatives in order to develop the .post platform using the STORK
platform instead of the IMS network. Our position toward this
solution is exposed in the paper that we have submitted to the ICIN 2011 Conference (Berlin, 4-7 October) with the hope to have the opportunity to expose the results achieved by the SAMSON project.
Author: Andrea Vaccani
Advisor: Prof. Jean-Frédéric Wagen (EIA-FR), Reto Caduff (Ericsson AG), Farah Abdallah (UPU)
Andrea Vaccani (1986) graduated from the University of Applied Sciences Western Switzerland with a Master of Science in Engineering, ICT. The SAMSON service
prototype, aiming to secure the exchange of the instant messages in IMS
networks, was developed in the context of his Master Thesis in
collaboration with Ericsson, the UPU, KOBIL and Swisscom.
During the Master education he managed the IMS network at the College
of Engineering and Architecture of Fribourg and he improved the
capabilities of the mobile terminals currently used in the ICT
People interested to SAMSON are welcome to get in touch with the project’s team: