“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.

Slides:

Advertisements

Similar presentations

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Advertisements

All rights reserved © 2005, Alcatel Grid services over IP Multimedia Subsystem  Antoine Pichot, Olivier Audouin, Alcatel  GridNets ’06.

Company LOGO Interworked WiMAX-3G Cellular Data Networks: An Architecture for Mobility Management and Performance Evaluation 指導教授：童曉儒教授學生：許益晨 IEEE TRANSACTIONS.

1 Requirements Catalog Scott A. Moseley Farbum Scotus.

SEAMLESS MOBILITY Is it where the future of telecom headed?

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

IMS Workshop- Summary James Rafferty August

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

SIP and the application of SIP as used in 3GPP Keith Drage - Lucent Technologies.

EMC/QX/R-04:063 Uen Rev A CDG IR Team IP MultiMedia Subsystem (IMS) New Service Possibilities Alain Bouvier CDG.

Fixed Mobile Convergence T Research Seminar on Telecommunications Business Johanna Heinonen.

One-Pass GPRS and IMS Authentication Procedure for UMTS

IMS – The future of Fixed Mobile Convergence EduCause Walt Magnussen Ph.D. 12 October, 2010.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균

 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.

IMS- The Inevitable Choice for Telecom Operators Viet-Dung DAM The 2 nd VNTelecom Seminar Telecom Paris Tech, 05/ /05/2009.

SIP-IMS CONFORMANCE TESTING STANDARDIZATION WORK PLAN VICE-CHAIRMAN OF ITU-T SG11 MARTIN BRAND.

1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.

E J B J A V A X M L C O R B A M P L S D i f f S e r v I P V P N Q o S I P v 6 G P R S U M T S An Analysis.

Agenda Introduction to 3GPP Introduction to SIP IP Multimedia Subsystem Service Routing in IMS Implementation Conclusions.

Copyright© 2005 NTT DoCoMo, Inc. All rights reserved Localized Mobility Management for 3GPP All IP Network ~ with New Access Technology~ Katsutoshi Nishida.

IMS – IP Multimedia Subsystem SINDHUJA GADDE UIN :

Colombo, Sri Lanka, 7-10 April 2009 Multimedia Service Delivery on Next Generation Networks Pradeep De Almeida, Group Chief Technology Officer Dialog Telekom.

6. Next Generation Networks A. Transition to NGN B

Arslan Munir and Ann Gordon-Ross+

UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.

1 Integrating 3G and WLAN Services in NTP SIP-based VoIP Platform Dr. Quincy Wu National Telecommunications Program Office

19/09/2015 NGN related standardization issues: Service Platform TTA (Korea) GSC-9, Seoul 1 SOURCE: KT TITLE:NGN related standardization issues:

Support Services & IP Multimedia Subsystem (IMS)

Authors: Jiann-Liang Chenz, Szu-Lin Wuy,Yang-Fang Li, Pei-Jia Yang,Yanuarius Teofilus Larosa th International Wireless Communications and Mobile.

Ben-Gurion University of the Negev Analyzing the Integration of Innovative Telecommunication Technologies Project Number P Yossi Twizer Supervisor:

June 2006 Roles of Session Border Controllers in IMS Networks CANTO - June 2006.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

Completing the Convergence Puzzle: A Survey and A Roadmap IEEE Wireless Communications ‧ June 2009 DJAMAL-EDDINE MEDDOUR, USMAN JAVAID, AND NICOLAS BIHANNIC,

IP Multimedia Subsystems By Vamsee K Pemmaraju. Agenda IMS Example IMS Example Overview Overview Basic Principles Basic Principles Architecture Architecture.

SIP Extensions for Enhanced Location Based Services in 3G Networks International SIP 2004, Paris Pavitra Krishnaswamy Application-Ready.

1 Multimedia Services Service provider Service client Service registry Publish Find/discovery Bind Multimedia Services Framework and architecture.

Greg Pisano Director, Market Development Brooktrout Technology.

Evolution towards the Next Generation Network

September 28, 2006 Page 1 3GPP2 MMD Status for IMS Workshop - draft - Jack Nasielski

CP-a Emergency call stage 2 requirements - A presentation of the requirements from 3GPP TS Keith Drage.

1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.

INTRODUCTION. 1.1 Why the Internet Protocol Multimedia Subsystem 1.2 Where did it come from?

Dr. Kalyani Bogineni “The Operator Perspective” June 27, 2005 Evolving to Future Wireless Telecommunications Technology Seoul, South Korea.

1 BRUSSELS - 14 July 2003 Full Security Support in a heterogeneous mobile GRID testbed for wireless extensions to the.

Deb Barclay GPP2 All IP Emergency Calls SDO Emergency Services Coordination Workshop Washington DC

1 Access Authentication to IMS Systems in Next Generation Networks Authors: Silke Holtmanns, Son Phan-Anh ICN’07 IEEE Speaker: Wen-Jen Lin.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt Ericsson IMS CANTO 2005, St. Kitts Antonio Gómez Business Unit Systems.

Colombo, Sri Lanka, 7-10 April 2009 FORUM ON NEXT GENERATION STANDARDIZATION (Colombo, Sri Lanka, 7-10 April 2009) Session Moderator Ghassem Koleyni An.

Emergency Services Workshop, 21th-24 th of October, Vienna, Austria Page 1 IP-Based Emergency Applications and Services for Next Generation Networks PEACE.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt Ambient Networks Media Delivery in the 3GPP Framework Author: Outi Koski Supervisor: Heikki Hämmäinen.

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 9: Σύγκλιση Σταθερών και Κινητών Επικοινωνιών (Fixed-Mobile Convergence) Διδάσκων: Βασίλειος Σύρης Τμήμα:

Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.

September 28, 2006 Page 1 3GPP2 MMD Status for IMS Workshop Jack Nasielski

Authors: Jiann-Liang Chenz, Szu-Lin Wuy, Yang-Fang Li, Pei-Jia Yang,

Intelligent Interconnects in the VoIP Peering Environment John Longo VP Product Marketing & Management, NextPoint.

Page 1TTT - May 12, GPP IMS Standardization Update Bell Labs Innovations Lucent Technologies Room 9C Lucent Ln. Naperville, IL E Mail.

S Postgraduate Course in Radio Communications. Interoperability between 3G and WLAN using IMS Antti Keurulainen,

Thursday, 12 July Quality of Service Provisioning within IMS-WLAN Interworking Higher Institute of Industry Postgraduate Department Prepared by:

1 Implementation of IMS-based S-CSCF with Presence Service Jenq-Muh Hsu and Yi-Han Lin National Chung Cheng University Department of Computer Science &

Internet Telephony 1 Reference Architecture of R00.

1 TAC2000/ IP Telephony Lab An Architecture for IMS-based Anti-SPIT Services Dr. Quincy Wu National Chi Nan University, Taiwan

Accelerating IMS Deployment

IP Multimedia Subsystem & W-CSCF

Standardization activities on NGN in CCSA

3GPP and SIP-AAA requirements

Discussion Issues on IMS-based NGN

Presentation transcript:

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 “ Securing IP Multimedia Subsystem (IMS) infrastructures: protection against attacks ” M. Tsagkaropoulos Dept. Of Electrical and Computer Engineering Wireless Telecommunications Laboratory University of Patras Patras Greece

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Agenda  NGN Networks  IMS Architecture  IMS Security Framework  Vulnerabilities in IMS  Security Mechanisms & enhancements  Conclusions

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 NGN Vision (1) Transition to an “All-IP” network infrastructure. Convergence among network and services. Support of heterogeneous access technologies ( e.g. WLANs, WiMAX, xDSL, etc ). Unified control architecture to manage application and services.

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 NGN Vision (2) Seamless handovers across both homogeneous and heterogeneous wireless technologies. Mobility, nomadicity and QoS support on or above IP layer. Provisioning of triple-play services creating a service bundle of unifying video,voice and Internet.

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Converged Network Concept IP Network Management Control Signalling AP WiMAX UMTS/ WCDMA, HSDPA, LTE AP WLAN AAA Application Policing Server Farm Internet

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Convergence Realization Common service delivery platform on fixed, mobile/wireless, broadcast and IP- based networks IP Multimedia Subsystem (IMS) –Originally standardized by 3GPP and 3GPP2 in the mobile world –Extended for fixed domain ETSI (TISPAN, NGN), ITU-T

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 IP Multimedia Subsystem (IMS) Goal –Access, Security, Mobility, QoS, Charging, Service Platform Integration Extended Functionalities –IMS is the central point of control multiple applications and services –Handling of different user profiles –Service Discovery

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 IMS Architecture Signaling Plane –Proxy Call/Session Control Function –Interrogating (I-CSCF) –Serving CSCF (S-CSCF) –Media Gateway Function Application Plane –Application Servers Presence, Instant Messaging –Home Subscriber Subsystems Media Server

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 IMS Security Architecture

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 IMS Vulnerabilities Denial of Service SQL Injection Eavesdropping Tearing down sessions Registration hijacking Session hijacking Impersonating a server Man in the middle

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 IMS Existing Security Plane Authentication & Key Agreement between IM subscriber and home network Security Mechanism Agreement between IM client and visited network Integrity Protection and Confidentiality Network Domain Security between different Domains (?) Existing GPRS/UMTS Access Security

IDS “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Security Mechanisms BYE&CANCEL attacks Eavesdropping Registration& Session Hijacking Man-In-the-Middle attacks SIP Message flooding SQL Injection IPSec & TLS Authentication &Authorization None

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Proposed Security Architecture P-CSCF S-CSCF ISC Mw HSS Cx Gm IMS Client (Alice) Application Servers Farm IMS Core I-CSCF IDS Internet (IP connectivity) User List Blacklist Attack Detection SER SIP Server Detection Rules IDS

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 IMS Security Target Handling Protocol Vulnerabilities Protection against Attacks SPAM Handling

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 IDS Use Cases Detection Register Flooding Detection Invite flooding Detection SQL injection Detection Malformed Msg IDS P-CSCF Detection Attacks Detection

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Testing Tools Traffic Generator –SIPp: SIP Traffic generator –Seagull: IMS Traffic Generator IMS Client –Ericsson Service Development Studio (SDS) –UCT IMS Client Attacker –Developed C++ Tool for specific attacks IMS Core –FOKUS’s Open Source IP Multimedia Subsystem (IMS) Core

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 IDS Process Delay Number of SIP messages Processing Delay (ms) 100,2 503,8 1004,2

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Future Work Extended Functionalities of IDS System Optimize processing load Interaction with deployed services Stand alone implementation at Application Servers Definition of relationships/dependencies among partners...

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Conclusions IMS Deployment towards NGN vision Identification of IMS vulnerabilities Enhanced IMS security framework Integration of Intrusion Detection System Experimental Testbed Future steps

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Questions

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos 47 th FITCE Congress London 2008 Thank you for your attention UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunication Laboratory Michail Tsagkaropoulos mailto: