6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry
Introduction The IP Multimedia Subsystem (IMS) is a next-generation multimedia communication framework that encompasses mobile, fixed, packet-switching, and traditional circuit- switching communication systems. It has been proposed by the Third Generation Partnership Project (3GPP) and uses the Voice over Internet Protocol (VoIP) framework, especially the Session Initiation Protocol (SIP) standard. Selected Topics in Information Security – Bazara Barry
Introduction The goal of the IMS is to provide a wide spectrum of services with ease and consistency. These services include videoconferencing, Push-to-Talk (PTT),Text-to- Speech (TTS), instant messaging (IM), content sharing, and multipart gaming. To achieve this goal, IMS uses an open standard IP protocol and extension of SIP. Selected Topics in Information Security – Bazara Barry
Introduction It was driven originally by the 3GPP to boost the packet- switched services and attract more users to the packet- switched domain. To do so, it adds three important features in the GSM- based packet-switched network: 1.It requires QoS in a session 2.It adds a flexible charging mechanism. 3.It provides integrated to users. Selected Topics in Information Security – Bazara Barry
IMS architecture IMS goals also include a seamless handover of calls between fixed-line and mobile networks. Service providers can serve users irrespective of their location, access technology, or type of phone and Internetworking with existing phone systems is also allowed. Selected Topics in Information Security – Bazara Barry
IMS architecture IMS terminals can register directly into an IMS network when they roam in another network or country (the visited network). An IMS terminal can be a mobile phone or a fixed IP device attached to a Universal Integrated Circuit Card (UICC) with a user profile. The UICC is a removable smart card that contains a small data store for subscription information, authentication keys, a phonebook, and messages. These devices can use IPv6 and run SIP User Agents. Fixed access, mobile access, and wireless access are all supported. Selected Topics in Information Security – Bazara Barry
Core network The core network provides call control and handles mobility. It also takes care of high-level security, such as location updating and authentication. User database The Home Subscriber Service (HSS) is the central user database supporting IMS network entities that actually are handling the calls/sessions. It contains the user profiles, performs authentication and authorization of the user, and can provide information about the user’s physical location Selected Topics in Information Security – Bazara Barry
Call/Session Control Several types of SIP servers (proxies) collectively known as the Call/Session Control Function (CSCF), are employed to process SIP signaling packets in the IMS. A Proxy-CSCF (P-CSFC) is the first point-of-contact SIP server (in the signaling plane) when the UA tries to get into the system. It can be placed either in the visited network (in full IMS networks) or in the home network (when the visited network is not yet IMS compliant). Selected Topics in Information Security – Bazara Barry
Call/Session Control An Interrogating-CSCF (I-CSCF) is a SIP proxy located at the edge of an administrative domain. Its IP address is published in the DNS of the domain, so that remote servers can find it, and can use it as an entry point for all SIP packets to the domain. A Serving-CSFC (S-CSCF) is a SIP server, but performs session control as well and is located in the home network. It processes SIP registrations, which allows it to bind the user location (e.g., the IP address of the terminal) and the SIP address. Selected Topics in Information Security – Bazara Barry
Application Servers and interfaces An Application Server (AS) is a SIP component that offers value-added services like instant messaging and that resides either in the user’s home network or in a third party location. The I-CSCF or S-CSCF may use the Cx or Dx interface to assign an S-CSCF to a user, to download the authentication vector of the user, which is stored in the HSS, or to authorize the user to roam in a visited network. Selected Topics in Information Security – Bazara Barry
Simplified architecture Selected Topics in Information Security – Bazara Barry
Communication flow Selected Topics in Information Security – Bazara Barry
IMS security architecture All the UAs are authenticated before they are allowed to get into the system. The HSS is the central component for the security policy. It gives commands for what kinds of security algorithm is used and provides correct authentication information for all the users. Each UA or has built-in authentication information in the UICC. Selected Topics in Information Security – Bazara Barry
IMS security issues IMS was from its inception designed to be secure to eliminate many of the vulnerability issues that plague existing packet-based communication systems. The security of IMS has been especially fortified with the built- in security functions of IPv6. However, it is expected to take a substantial amount of time to fully migrate from the existing IPv4-based network to IPv6. Hence 3GPP came up with a compromise solution called early IMS. Selected Topics in Information Security – Bazara Barry
IMS security issues Full IMS security includes the security architecture that implements IPv6 and IPSec among IMS components. All user terminals (collectively called UE) have security keys and can encrypt messages as well as include digital signatures for secure authentication. These characteristics protect from eavesdropping, tampering with messages, and IP spoofing. Full IMS security also is designed to block potential replay attacks since the encryption is based on the random numbers generated by HSS that are valid for a certain period of time. Selected Topics in Information Security – Bazara Barry
References 1.T. Porter, Practical VoIP Security. Rockland, MA: Syngress, 2006, Ch 16.