Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download I-CSCF - Computer Science and Engineering
Document related concepts
Network tap wikipedia , lookup
Computer network wikipedia , lookup
Internet protocol suite wikipedia , lookup
Deep packet inspection wikipedia , lookup
Airborne Networking wikipedia , lookup
Computer security wikipedia , lookup
TV Everywhere wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Zero-configuration networking wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Transcript
IP Multimedia Subsystem IMS Rajkiran Velluri Rahul Allawadhi Rahul Parey Santosh Kandukuri History of IMS IMS first appeared in release 5 of the evolution from 2G to 3G networks for W-CDMA networks (UMTS), when SIP-based multimedia domain was added to NGN networks. Support for older GSM and GPRS networks is also provided. In 3GPP release 6, interworking with WLAN was added. 3GPP release 7 adds support for fixed networks, together with TISPAN which allowed adopted a more generalized model able to address a wider variety of network and service requirements. This overall architecture is based upon the concept of cooperating subsystems sharing common components. This subsystem-oriented architecture enables the addition of new subsystems over the time to cover new demands and service classes. . "Early IMS" was defined for IPv4 networks, and provides a migration path to IPv6 Cellular Networks 1G - Used analog transmission and provided only circuit switched voice telephony 2G - Fully digital. Offered both voice & CS data services 2.5G - Addition of Packet Switched Data services to 2G Networks. 3G - Provide (or try to) all services over PS (including voice telephony) IP Multimedia Subsystem (IMS) The IP Multimedia subsystem standard defines a generic architecture for offering VoIP and multimedia services. Internationally recognized standard first specified by the 3GPP ( 3rd generation Partnership Project) Supports multiple access types: GSM, WCDMA, CDMA2000, Wireline broadband access and WLAN. Established with the aim of allowing UMTS network to provide all of its services over IP on an end-to-end basis. Concept of the IP Multimedia Subsystem (IMS) The IP Multimedia Subsystem is an open, standardized, NGN multi-media architecture for mobile and fixed IP-based services. It's a VoIP implementation based on a 3GPP variant of SIP (Session Initiation Protocol), and runs over the standard Internet protocol. It's used by Telcos in NGN networks (which combine voice and data in a single packet switched network),to offer network controlled multimedia services. The aim of IMS is not only to provide new services but to provide all the services, current and future, that the Internet provides. In addition, users have to be able to execute all their services when roaming as well as from their home networks. To achieve these goals the IMS uses open standard IP protocols, defined by the IETF. Concept of the IP Multimedia Subsystem (IMS) So, a multi-media session between 2 IMS users, between an IMS user and a user on the Internet, and between 2 users on the Internet is established using exactly the same protocol. Moreover, the interfaces for service developers are also based in IP protocols. This is why the IMS truly merges the Internet with the cellular world; it uses cellular technologies to provide ubiquitous access and Internet technologies to provide appealing services. IMS concept The IMS concept was introduced to address the following network and user requirements: • Deliver person-to-person real-time IP-based multimedia communications (e.g. voice or video telephony) as well as person-to-machine communications (e.g. gaming service). • Fully integrate real-time with non-real-time multimedia communications (e.g. live streaming and chat). Enable different services and applications to interact (e.g. combined use of presence and instant messaging). • Easy user setup of multiple services in a single session or multiple simultaneous synchronized sessions. IMS solution overview Source: Alcatel IMS Standards 3GPP and 3GPP2 3rd Generation Partnership Project 3rd Generation Partnership Project 2 Have both defined the IP Multimedia Subsystem (IMS) The harmonization effort has kept the definitions as similar as possible. IETF - Internet Engineering Task Force Provide the definitions for SIP, SDP and other protocols underlying IMS IMS is driving some of the work in IETF OMA - Open Mobile Alliance Defining services for IMS architecture, e.g. Instant Messaging, Push-to-Talk ITU - International Telecommunication Union Provides protocol definitions used by IMS H.248 for media control Q.1912.SIP for SIP – ISUP interworking (in conjunction with IETF) ETSI - European Telecommunications Standards Institute TISPAN - TISPAN is merger of TIPHON (VoIP) and SPAN (fixed networks) Agreement on reuse of 3GPP/3GPP2 IMS in comprehensive NGN plans ANSI - American National Standards Institute Provides protocol definitions used by IMS ATIS - Alliance for Telecommunications Industry Solutions Addressing end-to-end solutions over wireline and wireless Nearing agreement to use 3GPP/3GPP2 IMS IMS GOALS Support of real-time IP- based multimedia communication services (VoIP, Video Conferencing e.t.c). This implies that IMS will replace the CS domain of a UMTS network, providing all the traditional CS services over IP, in PS domain Provide ability of interactions between services, so that users may combine different services in one session, e.g. group conferencing. Characteristics of IMS Takes the concept of horizontal architecture a step further where service enablers and common functions can be reused for multiple applications Well integrated with existing voice and data networks adopting many of the key benefits of the IT domain Horizontal architecture specifies interoperability and roaming, and provides bearer control, charging and security IMS enables services to be delivered in a standardized, well structured manner The horizontal architecture enables operators to avoid the problems associated with charging, presence, group and list management, routing and provisioning. Advantages of IMS Advantages over other existing systems: The core network is independent of a particular access technology Integrated mobility for all network applications Easier migration of applications from fixed to mobile users Faster deployment of new services based on standardized architecture An end to unique or customized applications New applications such as presence information, videoconferencing, Push to talk over cellular (POC), multiparty gaming, community services and content sharing. Evolution to combinational services, for example by combining instant messaging and voice User profiles are stored in a central location Advantages of IMS Advantages over free VoIP: It's possible to run free VoIP applications over the regular Internet. Then why do we need IMS, if all the power of the Internet is already available for 3G users? Quality of Service : The network offers no guarantees about the amount of bandwidth a user gets for a particular connection or about the delay the packets experience. Consequently, the quality of a VoIP conversation can vary dramatically throughout its duration. Charging of multimedia services : Videoconferences can transfer a large amount of information, but the telecom operator can't charge separately for this data. Some business models might be more beneficial for the user (for instance: a fixed price per message, not per byte); others might charge extra for better QoS. Integration of different services : an operator can use services developed by third parties, combine them, integrate them with services they already have, and provide the user with a completely new service. For example: if voicemail and text-to-speech is combined, a voice version of incoming text messages can be provided for blind users. IMS SERVICES & ARCHITECTURE These basic services can be controlled by external Application Servers (AS) so as to provide various applications. For example, IMS does not offer a conferencing or chat room service! It provides - point-to-point and point to multipoint transmission facilities. - Group management facilities - The ability for an external AS to control the group communication IMS SERVICES & ARCHITECTURE To maximize flexibility IMS organizes ITS functionality in three layers. IMS SERVICES & ARCHITECTURE Transport & Endpoint Layer Initiates & terminates the signaling needed to setup & control sessions, provides bearer services between the endpoints. Media gateways are provided to convert from/to analog/digital voice telephony formats to/from IP packets using RTP. IMS signaling is based on SIP on top of IPv6 The session control layer provides functionality that allows endpoints to be registered with the network and sessions to be setup between them. It also contains the functions that control the media gateways and servers so as to provide the requested services The application server layer allows sessions to interact with various AS entities. In this layer multiple sessions may be coordinated to provide single application. IMS SERVICES & ARCHITECTURE - Support a wide range of services, both telephony & non-telephony oriented. All these services are provided over IP, end-to-end. Some of them are the followings: Voice & video telephony Instant Messaging Chat Rooms Video Conferencing Multiparty Gaming BROADVIEW OF IMS ARCHITECTURE BROADVIEW OF IMS ARCHITECTURE The IP Multimedia Core Network Subsystem is a collection of different functions, linked by standardized interfaces. A function is not a node (hardware box) : an implementer is free to combine 2 functions in 1 node, or to split a single function into 2 or more nodes. Each node can also be present multiple times in a network, for load balancing or organizational issues. BROADVIEW OF IMS ARCHITECTURE Access Network The user can connect to an IMS network using various methods, all of which are using the standard Internet Protocol (IP). Direct IMS terminals can register directly into an IMS network. Fixed access, mobile access and wireless access are all supported. BROADVIEW OF IMS ARCHITECTURE Access Network BROADVIEW OF IMS ARCHITECTURE User Database The HSS (Home Subscriber Server) is the master user database that supports the IMS network entities that are actually handling the calls/sessions. It contains the subscription-related information, performs authentication and authorization of the user, and can provide information about the physical location of user. A SLF (Subscriber Location Function) is needed when multiple HSSs are used. BROADVIEW OF IMS ARCHITECTURE BROADVIEW OF IMS ARCHITECTURE 1) 2) 3) Call/Session Control Several types of SIP servers, collectively known as CSCF, they are used to process SIP signaling packets in the IMS. P-CSCF (Proxy-CSCF) I-CSCF (Interrogating-CSCF) S-CSCF (Serving-CSCF) BROADVIEW OF IMS ARCHITECTURE Call/Session Control 1) A P-CSCF (Proxy-CSCF) It is a SIP proxy that is the first point of contact for the IMS terminal. It can be located either in the visited network or in the home network. It has terminal which will discover its P-CSCF with either DHCP, or it's assigned in the PDP Context (in GPRS). BROADVIEW OF IMS ARCHITECTURE Call/Session Control 2) I-CSCF (Interrogating-CSCF) It is a SIP proxy located at the edge of an administrative domain. Its IP address is published in the DNS records of the domain, so that remote servers can find it, and use it as an entry point for all SIP packets to this domain. The I-CSCF queries the HSS using the DIAMETER Cx and Dx interfaces to retrieve the user location, and then route the SIP request to its assigned S-CSCF. It can also be used to hide the internal network from the outside world, in which case it's called a THIG (Topology Hiding Interface Gateway). BROADVIEW OF IMS ARCHITECTURE Call/Session Control 3) S-CSCF (Serving-CSCF) It is the central node of the signaling plane. It's a SIP server, but performs session control as well. It's always located in the home network. The S-CSCF uses DIAMETER Cx and Dx interfaces to the HSS to download and upload user profiles. It has no local storage of the user. BROADVIEW OF IMS ARCHITECTURE BROADVIEW OF IMS ARCHITECTURE Application Servers Application servers (AS) host and execute services, and interfaces with the S-CSCF using SIP. Depending on the actual service, the AS can operated in SIP proxy mode, SIP US mode or SIP B2BUA mode. An AS can be located in the home network or in an external thirdparty network. BROADVIEW OF IMS ARCHITECTURE BROADVIEW OF IMS ARCHITECTURE Media Servers A MRF (Media Resource Function) provides a source of media in the home network. It's used for Playing of announcements, Multimedia conferencing, Text-to-speech conversation (TTS) and speech recognition, Real time transcoding of multimedia data. Each MRF is further divided into : 1) A MRFC (Media Resource Function Controller) is a signalling plane node that acts as a SIP User Agent to the S-CSCF, and which controls the MRFP with a H.248 interface 2) A MRFP (Media Resource Function Processor) is a media plane node that implements all media-related functions. BROADVIEW OF IMS ARCHITECTURE BROADVIEW OF IMS ARCHITECTURE Breakout Gateway A BGCF (Breakout Gateway Control Function) is a SIP server that includes routing functionality based on telephone numbers. It's only used when calling from the IMS to a phone in a circuit switched network, such as the PSTN or the PLMN. BROADVIEW OF IMS ARCHITECTURE BROADVIEW OF IMS ARCHITECTURE PSTN Gateways A PSTN/CS gateway interfaces with PSTN circuit switched (CS) networks. A SGW (Signalling Gateway) interfaces with the signalling plane of the CS. It transforms lower layer protocols as SCTP into MTP, to pass ISUP from the MGCF to the CS network. A MGCF (Media Gateway Controller Function) does call control protocol conversion between SIP and ISUP, and interfaces with the SGW over SCTP. A MGW (Media Gateway) interfaces with the media plane of the CS network, by converting between RTP and PCM. BROADVIEW OF IMS ARCHITECTURE Charging Definitions: Offline charging is applied to users who pay for their services periodically whereas Online charging is applied to usera who pay credit-based charging which is used for prepaid services. Offline Charging : All the SIP network entities involved in the session use the DIAMETER Rf interface to send accounting information to a CCF (Charging Collector Function) located in the same domain. CCF collects all this information, and build a CDR (Charging Data Record), which is send to the billing system (BS) of the domain. Online charging : The S-CSCF talks to a SCF (Session Charging Function), which looks like a regular SIP application server. The SCF can signal the S-CSCF to terminate the session when the user runs out of credits during a session. The AS and MRFC use the DIAMETER Ro interface towards a ECF (Event Charging Function), that also communicates with the SCF. BROADVIEW OF IMS ARCHITECTURE Advantages: Advantages over existing systems The core network is independent of a particular access technology Integrated mobility for all network applications Easier migration of applications from fixed to mobile users Faster deployment of new services based on standardized architecture New applications such as presence information, videoconferencing, Push to talk over cellular (POC), multiparty gaming, community services and content sharing. User profiles are stored in a central location BROADVIEW OF IMS ARCHITECTURE Advantages: Advantages over free VoIP Quality of Service : The network offers no guarantees about the amount of bandwidth a user gets for a particular connection or about the delay the packets experience. Charging of multimedia services : Videoconferences can transfer a large amount of information. Some business models might be more beneficial for the user, others might charge extra for better QoS. Integration of different services : an operator can use services developed by third parties, combine them, integrate them with services they already have, and provide the user with a completely new service. BROADVIEW OF IMS ARCHITECTURE Issues Benefits need to be further articulated in terms of actual savings. IMS is "operator friendly" which means that it provides the operator with comprehensive control of content at the expense of the consumer. IMS uses the 3GPP variant of SIP, which needs to interoperate with the IETF SIP. IMS is an optimization of the network, and investments for such optimization are questionable. BROADVIEW OF IMS ARCHITECTURE Associated Protocols RFC 1889 Real-time Transport Protocol (RTP) RFC 2327 Session Description Protocol (SDP) RFC 2748 Common Open Policy Server protocol (COPS) RFC 2782 a DNS RR for specifying the location of services (SRV) RFC 2806 URLs for telephone calls (TEL) RFC 2915 the naming authority pointer DNS resource record (NAPTR) RFC 2916 E.164 number and DNS RFC 3261 Session Initiation Protocol (SIP) RFC 3262 reliability of provisional responses (PRACK) RFC 3263 locating SIP servers RFC 3264 an offer/answer model with the Session Description Protocol RFC 3310 HTTP Digest Authentication using Authentication and Key Agreement (AKA) RFC 3311 update method RFC 3312 integration of resource management and SIP RFC 3319 DHCPv6 options for SIP servers RFC 3320 signalling compression (SIGCOMP) RFC 3323 a privacy mechanism for SIP RFC 3324 short term requirements for network asserted identity RFC 3325 private extensions to SIP for asserted identity within trusted networks RFC 3326 the reason header field RFC 3327 extension header field for registering non-adjacent contacts (path header) RFC 3329 security mechanism agreement RFC 3455 private header extensions for SIP RFC 3485 SIP and SDP static dictionary for signaling compression RFC 3574 Transition Scenarios for 3GPP Networks RFC 3588 DIAMETER base protocol RFC 3589 DIAMETER command codes for 3GPP release 5 (informational) RFC 3608 extension header field for service route discovery during registration RFC 3680 SIP event package for registrations RFC 3824 using E164 numbers with SIP Session Initiation Protocol -SIP SIP is the core protocol for initiating, managing and terminating sessions in the Internet These sessions may be text, voice, video or a combination of these SIP sessions involve one or more participants and can use unicast or multicast communication. Session Initiation Protocol - SIP Provides call control for multi-media services initiation, modification, and termination of sessions terminal-type negotiation and selections call holding, forwarding, forking, transfer media type negotiation (also mid-call changes) using Session Description Protocol (SDP) Provides personal mobility support Independent of transport protocols (TCP, UDP, SCTP,…) ASCII format SIP headers Separation of call signalling and data stream Application types/examples: Interactive Voice over IP (VoIP) Multimedia conferences (multi-party, e.g. voice & video) Instant messaging Presence service Support of location-based services SIP in IMS Mandatory existence of P-CSCF as first point of contact Network initiated call release (e.g. due to missing coverage or administrative reasons) Proxies are able to send BYE Network Control of Media Types P/S-CSCF checks the SDP in the SIP body If SDP contains invalid parameters (e.g. not supported codecs), P/S-CSCF rejects the SIP request by sending a 488 (“not acceptable here”) response that contains a SDP body indicating parameters that would be acceptable by the network Network Hiding (Encryption of Route and Via Headers) SIP in IMS Additional Signaling Information For example Cell-ID, Mobile Network/Country Code, Charging-IDs Information transported P-header based solution Compression SIP Compression is mandatory as radio interface is a scarce resource Compression / decompression of SIP will be performed by the UE and the P-CSCF Authentication & Integrity protection S-CSCF performs the Authentication using AKA P-CSCF checks the integrity of messages received via the air interface via IPsec ESP SIP based session management SIP Architecture Location Server User Agent Proxy Server Redirect Server Registrar Server Proxy Server User Agent SIP Entities User Agent User Agent Client User Agent Server Proxy Server Redirect Server Registrar Server SIP Message Types Requests – Sent from client to server INVITE ACK REFER OPTIONS BYE CANCEL REGISTER SUBSCRIBE NOTIFY MESSAGE SIP Message Types (Contd.) Responses – Sent from server to the client Success Redirection Forwarding Request failure Server failure Global failure SIP Session Establishment and Call Termination SIP Call Redirection Call Proxying Instant messaging based on SIP SIMPLE – IM protocol based on SIP SIP promises interoperability between various IM vendors SIP has unique user tracking features. SIP addressing IMS – Security Challenges Contents Security Evolution of a new Architecture / Protocol – Today: Advanced Mobile OSs Cellular Viruses – Tomorrow: Additional IMS Services ???? 3GPP IMS Security Specifications Mobile to Mobile Security GSM-SIP Security Third Party Involvement increases Today Cellular Viruses SKULLS – infects by Bluetooth Mosquito – constantly sends SMSs to premium service Reasons for threat increase: – Smart Phone OS are sophisticated, Open Platforms – Multi Connectivity: MMS, Bluetooth, Phone browsers (HTTP), Infra Red, Mail Reasons for threat reduction: – Phones not “Always connected” – Phones don’t have server applications (like Microsoft RPC – Blaster worm) – Signature Mechanisms are being developed – Infection paths for attachments are not fully automatic: MMS, Bluetooth– question asked before opening attachment Tommorrow IMS IMS Increases GPRS/UMTS Connectivity: – Mobile to Mobile – Mobile to ADSL/Cables – GPRS/UMTS Mobile to CDMA-2000 Mobile IMS introduces new protocols IMS – always connected – IMS should not introduce “server” like application on the Mobile phones, that are constantly listening for input IMS involves third parties - supplying content IMS is a clear “umbrella” type standard for Cellular Multi Media: easier to protect, but ….. much easier to attack IMS operator backbone – new “hacking targets” 3GPP IMS Security Specifications UMTS Security is designed in Multi layers – Attachment level security – Network level security (IP, PDP Context) – IMS service level security (GSM-SIP Security) Network Level uses IETF well known security: IKE & IPSEC – Authentication – Encryption (optional) – Data Integrity GSM-SIP security IMS - Mobile 2 Mobile Security 3GPP did not account for it in the design, GSMA identified the problem: IMS introduces Mobile to Mobile traffic. GPRS was not intended for that The problem : difficult to control M2M traffic IMS- New Protocols- New Threats IPv6 – IMS is a main driver of IPv6 deployment • IPv6 Land attack • Cisco IOS IPv6 heap overflow attack Diameter, SCTP (Cx interface) Internal CSCF to HSS traffic – less vulnerable, but data is very sensitive Testing Typologies 1. Functional Testing • check the correct handling of the system end-to-end functionalities verifing protocols and procedures 2. Conformance Test check the functional blocks compatibility • typically carry out in test plant 3. Load & Capacity testing • check the performances declared by supplier • check the correct working in limit load conditions 4. Live Testing check the correct handling of the system’s functionalities in a real context Scope of Testing Verify the IMS core-network through the usage of a set of reference end-to-end scenarios (including roaming users) and the analysis of signalling on the network interfaces that are involved: Gm, Cx, Mw, Mi, Mj, Mk, Mg, Mn, Rf, Go. Verify the procedures conformity to the standard Reduce the time to market of new network solutions P-CSCF discovery End-to-End Methodology HSS DNS RNC ULTRAN P-CSCF GGSN BSS GERAN Um Cx Gm Gn SGSN DHCP Iu-PS UE IMS network configuration only for testing P-CSCF discovery procedure. Cx S-CSCF I-CSCF Mw Mw Session Initiation & Control between different network operator End-to-End Methodology HSS Um UE1 Originating Network Cx I-CSCF P-CSCF1 Terminating Network Mw Mw Um Um Mw P-CSCF2 S-CSCF2 S-CSCF1 Mw Mw IMS configuration requiring two user located in different home network to test interoperability in case of Session setup and control procedures. UE2 Type of Intrusions and General annoyances. Virus – Spread from computer to computer SPAM – Unwanted email Denial of Service Attack – send thousands of requests to a critical machine. How most attacks work. A vendor either finds or has an error in code reported. This code involves a vulnerability. The vendor alerts their users as to vulnerability and the patch (a computer word for a fix). Hackers learn of these vulnerability and write a program that exploits it. Some system managers ignore the patch. They start scanning networks for computers that have not applied the patch. The fun begins. Scanning All computers have a network address. TAMU for example uses the addresses 128.194.000.001 to 128.194.254.254 (about 65,000) computers A computer program is written that starts at 1 and goes to 65,000 sequentially. Any time that it finds a vulnerable computer it takes over the computer. User may not even know that it is happening. Protecting yourself and your computer Passwords PASSWORD protection – this is first and formost. NEVER use easy to guess passwords. NEVER share a password. NEVER write your password on a sticky next to the screen All passwords should include letters and numbers. Protection by IMS, Campus and Internet Virus Protection On most computers or filtered at server. Firewall for critical computers – both TAMU and four in Physical Plant SPAM filters - one on campus and one at Physical Plant. Intrusion detection – Campus and through CERT (Computer Emergency Response Team at CMU University http://www.cert.org/) Security Components Internet Web Server EMAIL Server PPFS4 SPAM Filter Campus LAN Tracy Vaughn Les Swick AssetWorks Server Bubba McCartney Other Security TIPS Virus Protection – Set for frequent update NEVER open attachments from unknown addresses (I don’t open attachments from most known addresses) Most virus notices are hoaxes. “Do not ignore this warning – your mouse could explode” – Check with IMS Use email rules (example) NEVER unsubscribe from a SPAM email More applications are moving to WEB access for convenience. Be sure to work with IMS on security issues before you put info online Web Applications Camera security http://165.91.187.68 Door Access UPS power Voice Mail Server All Web Applications are reviewed by Lauri Brender for Info Security and Lee McCleskey for general security before we will put them online. 3GPP IP Multimedia Subsystem (Release 5) Cx interface based on Diameter SIP proxies get authorisation and authentication information HSS Home S-CSCF I-CSCF GGSN SGSN RAN UA REGISTER/INVITE REGISTER/INVITE P-CSCF REGISTER/INVITE Visited PS domain SIP-based interfaces SIP proxy servers 3GPP Release 5 Security Packet Switched (PS) domain access security features retained from 3GPP Release 99 specifications IP Multimedia Subsystem (IMS) domain new access security features to be specified to protect the access link to the IMS domain independent of underlying PS domain security features network domain security features to protect signalling links between network elements with the IMS domain IP Multimedia Subsystem: Access Security 1. Distribution of authentication information Draft 3GPP TS 33.203 4. Protection of SIP signalling using agreed session key HSS Home S-CSCF I-CSCF GGSN SGSN RAN UA REGISTER/INVITE REGISTER/INVITE P-CSCF REGISTER/INVITE Visited 3. Session key distribution 2. Mutual authentication and session key agreement IP Multimedia Subsystem: Network Domain Security Draft 3GPP TS 33.210 HSS Home S-CSCF I-CSCF GGSN SGSN RAN UA REGISTER/INVITE REGISTER/INVITE P-CSCF REGISTER/INVITE Visited Per-hop protection of signalling using IPsec/IKE Access Security: Authentication Principles 3GPP authentication protocol (3GPP AKA) based on secret key stored in UA’s tamper-proof subscriber identity module (SIM) and in the HSS Authentication check located in S-CSCF Working assumption is to authenticate only at SIP registrations with on-demand re-authentication requiring re-registration Use SIP authentication rather than an outer layer protocol such as TLS or IKE in order to minimise roundtrips Integration of Authentication Protocol into DIAMETER and SIP Distribution of authentication information to S-CSCF using DIAMETER distribution of authentication vectors for 3GPP AKA Integration of authentication protocol into SIP registration 3GPP AKA protocol between UA and S-CSCF distribution of session key to P-CSCF Possible Information Flow for Authentication and Session Key Establishment (from draft 3GPP TS 33.203) Changed to 407 Proxy Authentication Required Cx-Put Cx-Pull Access Security: Security Mode Establishment between UA and P-CSCF Determines when to start applying protection and which algorithm to use includes secure algorithm negotiation Uses session key derived during authentication Integration into SIP registration with no new roundtrips Access security: Protection of SIP signalling between UA and P-CSCF Integrity protection of SIP signalling between UA and P-CSCF Uses session key derived during authentication Symmetric scheme because of efficiency concerns Candidate mechanisms include modified CMS and ESP IP Multimedia Subsystem: Access Security Documentation High level architecture Protocol detail 3GPP TS 23.228 (SA2) TS 33.203 (SA3) TS 24.228 (CN1) TS 29.228 (CN4) TS 24.229 (CN1) TS 29.229 (CN4) Other specs (e.g. AKA) (SA3) IETF SIPPING WG AAA, PPPEXT, IPsec, … Authentication and Key Agreement Protocol (3GPP AKA) ISIM/UA S-CSCF HSS Authentication vector request Authentication vector response • Three party protocol • Two-pass mutual authentication protocol between UA and S-CSCF Authentication response • Each authentication vector is good for one authentication • Authentication vectors can be distributed Distribution of session in batches to minimise signalling/load on key to P-CSCF HSS Authentication request P-CSCF Other IP Multimedia Subsystem Security Issues (1) Hide caller’s public ID from called party by encrypting remote party ID header at caller’s S-CSCF and decrypting by same S-CSCF is there a requirement to hide caller’s IP addresses that are dynamically assigned? Network configuration hiding mechanism being developed to hide host domain name of CSCFs and number of CSCFs within one operator’s network Other IP Multimedia Subsystem Security Issues (2) Session transfer guidance on security aspects based on GSM call transfer feature authorisation and accounting of transferred leg needs to involve transferring party who has dropped out of session should there be a limit to the number of transferred sessions? should final destination be hidden from calling party? Security aspects of other IP multimedia subsystem services? End-to-end security References Draft 3GPP TS 33.203, Access security for IP-based services (Release 5). Draft 3GPP TS 33.210, Network domain security; IP network layer security (Release 5). J. Arkko and H. Haverinen, “EAP AKA Authentication” draft-arkkopppext-aka-00.txt. V. Torvinen, J. Arkko, A. Niemi, “HTTP Authentication with EAP”, drafttorvinen-http-eap-00.txt (to appear). L. Blunk, J. Vollbrecht, “PPP Extensible Authentication Protocol (EAP)”, RFC 2284. P. Calhoun et al. “DIAMETER NASREQ Extensions”, draft-ietf-aaadiameter-nasreq-06.txt. •Is IMS increasing the threats for cellular security? QUESTIONS???
