Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.

Published byLeslie Daniel Modified over 9 years ago

Similar presentations

Presentation on theme: "“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless."— Presentation transcript:

1 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 “ Securing IP Multimedia Subsystem (IMS) infrastructures: protection against attacks ” M. Tsagkaropoulos Dept. Of Electrical and Computer Engineering Wireless Telecommunications Laboratory University of Patras Patras 26500 Greece Email: mtsagaro@ece.upatras.gr

2 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Agenda  NGN Networks  IMS Architecture  IMS Security Framework  Vulnerabilities in IMS  Security Mechanisms & enhancements  Conclusions

3 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 NGN Vision (1) Transition to an “All-IP” network infrastructure. Convergence among network and services. Support of heterogeneous access technologies ( e.g. WLANs, WiMAX, xDSL, etc ). Unified control architecture to manage application and services.

4 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 NGN Vision (2) Seamless handovers across both homogeneous and heterogeneous wireless technologies. Mobility, nomadicity and QoS support on or above IP layer. Provisioning of triple-play services creating a service bundle of unifying video,voice and Internet.

5 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Converged Network Concept IP Network Management Control Signalling AP WiMAX UMTS/ WCDMA, HSDPA, LTE AP WLAN AAA Application Policing Server Farm Internet

6 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Convergence Realization Common service delivery platform on fixed, mobile/wireless, broadcast and IP- based networks IP Multimedia Subsystem (IMS) –Originally standardized by 3GPP and 3GPP2 in the mobile world –Extended for fixed domain ETSI (TISPAN, NGN), ITU-T

7 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 IP Multimedia Subsystem (IMS) Goal –Access, Security, Mobility, QoS, Charging, Service Platform Integration Extended Functionalities –IMS is the central point of control multiple applications and services –Handling of different user profiles –Service Discovery

8 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 IMS Architecture Signaling Plane –Proxy Call/Session Control Function –Interrogating (I-CSCF) –Serving CSCF (S-CSCF) –Media Gateway Function Application Plane –Application Servers Presence, Instant Messaging –Home Subscriber Subsystems Media Server

9 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 IMS Security Architecture

10 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 IMS Vulnerabilities Denial of Service SQL Injection Eavesdropping Tearing down sessions Registration hijacking Session hijacking Impersonating a server Man in the middle

11 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 IMS Existing Security Plane Authentication & Key Agreement between IM subscriber and home network Security Mechanism Agreement between IM client and visited network Integrity Protection and Confidentiality Network Domain Security between different Domains (?) Existing GPRS/UMTS Access Security

12 IDS “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Security Mechanisms BYE&CANCEL attacks Eavesdropping Registration& Session Hijacking Man-In-the-Middle attacks SIP Message flooding SQL Injection IPSec & TLS Authentication &Authorization None

13 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Proposed Security Architecture P-CSCF S-CSCF ISC Mw HSS Cx Gm IMS Client (Alice) Application Servers Farm IMS Core I-CSCF IDS Internet (IP connectivity) User List Blacklist Attack Detection SER SIP Server Detection Rules IDS

14 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 IMS Security Target Handling Protocol Vulnerabilities Protection against Attacks SPAM Handling

15 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 IDS Use Cases Detection Register Flooding Detection Invite flooding Detection SQL injection Detection Malformed Msg IDS P-CSCF Detection Attacks Detection

16 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Testing Tools Traffic Generator –SIPp: SIP Traffic generator –Seagull: IMS Traffic Generator IMS Client –Ericsson Service Development Studio (SDS) –UCT IMS Client Attacker –Developed C++ Tool for specific attacks IMS Core –FOKUS’s Open Source IP Multimedia Subsystem (IMS) Core

17 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 IDS Process Delay Number of SIP messages Processing Delay (ms) 100,2 503,8 1004,2

18 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Future Work Extended Functionalities of IDS System Optimize processing load Interaction with deployed services Stand alone implementation at Application Servers Definition of relationships/dependencies among partners...

19 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Conclusions IMS Deployment towards NGN vision Identification of IMS vulnerabilities Enhanced IMS security framework Integration of Intrusion Detection System Experimental Testbed Future steps

20 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Questions

21 “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47 th FITCE Congress London 2008 Thank you for your attention UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunication Laboratory Michail Tsagkaropoulos mailto: mtsagaro@ece.upatras.gr http://www.wltl.ee.upatras.gr/cones

Download ppt "“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless."

Similar presentations

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
All rights reserved © 2005, Alcatel Grid services over IP Multimedia Subsystem  Antoine Pichot, Olivier Audouin, Alcatel  GridNets ’06.

All rights reserved © 2005, Alcatel Grid services over IP Multimedia Subsystem  Antoine Pichot, Olivier Audouin, Alcatel  GridNets ’06.
Company LOGO Interworked WiMAX-3G Cellular Data Networks: An Architecture for Mobility Management and Performance Evaluation 指導教授: 童曉儒 教授 學生:許益晨 IEEE TRANSACTIONS.

Company LOGO Interworked WiMAX-3G Cellular Data Networks: An Architecture for Mobility Management and Performance Evaluation 指導教授: 童曉儒 教授 學生:許益晨 IEEE TRANSACTIONS.
1 Requirements Catalog Scott A. Moseley Farbum Scotus.

1 Requirements Catalog Scott A. Moseley Farbum Scotus.
SEAMLESS MOBILITY Is it where the future of telecom headed?

SEAMLESS MOBILITY Is it where the future of telecom headed?
SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.
IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.

IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.
World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.
IMS Workshop- Summary James Rafferty August 10. 2006.

IMS Workshop- Summary James Rafferty August
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
SIP and the application of SIP as used in 3GPP Keith Drage - Lucent Technologies.

SIP and the application of SIP as used in 3GPP Keith Drage - Lucent Technologies.
EMC/QX/R-04:063 Uen Rev A CDG IR Team 2004-12-131 IP MultiMedia Subsystem (IMS) New Service Possibilities Alain Bouvier CDG.

EMC/QX/R-04:063 Uen Rev A CDG IR Team IP MultiMedia Subsystem (IMS) New Service Possibilities Alain Bouvier CDG.
Fixed Mobile Convergence T-109.7510 Research Seminar on Telecommunications Business Johanna Heinonen.

Fixed Mobile Convergence T Research Seminar on Telecommunications Business Johanna Heinonen.
One-Pass GPRS and IMS Authentication Procedure for UMTS

One-Pass GPRS and IMS Authentication Procedure for UMTS
IMS – The future of Fixed Mobile Convergence EduCause Walt Magnussen Ph.D. 12 October, 2010.

IMS – The future of Fixed Mobile Convergence EduCause Walt Magnussen Ph.D. 12 October, 2010.
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균

All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균
 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.

 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.
IMS- The Inevitable Choice for Telecom Operators Viet-Dung DAM The 2 nd VNTelecom Seminar Telecom Paris Tech, 05/2009 09/05/2009.

IMS- The Inevitable Choice for Telecom Operators Viet-Dung DAM The 2 nd VNTelecom Seminar Telecom Paris Tech, 05/ /05/2009.
SIP-IMS CONFORMANCE TESTING STANDARDIZATION WORK PLAN VICE-CHAIRMAN OF ITU-T SG11 MARTIN BRAND.

SIP-IMS CONFORMANCE TESTING STANDARDIZATION WORK PLAN VICE-CHAIRMAN OF ITU-T SG11 MARTIN BRAND.

Similar presentations

Ads by Google