1. 1 Access Authentication to IMS Systems in Next Generation Networks Authors: Silke Holtmanns, Son Phan-Anh ICN’07 IEEE Speaker: Wen-Jen Lin

2. 2 Outline What’s TISPAN? –TISPAN_NGN Synergy Authentication approaches of TISPAN Terminology NBA Message Flow IRG implementation Usage scenario with RGW/AGW and AGCF Limitations of Approaches Conclusion Reference

3. 3 What’s TISPAN? TISPAN –TI SPA N –Telecommunication and Internet converged Services and Protocols for Advanced Networking –A standardization body of the European Telecommunications Standards Institute (ETSI) –Focuses on developing or driving 3GPP standards for fixed networks and migration from switched circuit networks to packet-based networks with an architecture that can serve in both TISPAN IMS Release 1 is based upon the 3GPP IMS Release 6

4. 4 TISPAN_NGN Synergy SERVICES ARCHITECTURE PROTOCOLS NUMBERING & ROUTEING QoS TESTING Tispan_NGN F-MMS Telecom Equipment Identity Etc… as needed NETWORK MANAGEMENT EMTEL (EMergency TELecommunication) DTM (Dynamic asynchronous Transfert Mode) SECURITY Projects 8 Working Groups OSA (Open Service Access)

5. 5 Authentication approaches of TISPAN 1.NASS-bundled Authentication (NBA), utilizes the result of access-layer authentication for IMS-layer 2.IMS Residential Gateway (IRG) acts as an ISIM/UICC-equipped adapter between legacy terminals and IMS core 3.Residential Gateway (RGW) or Access Gateway (AGW) For legacy terminals

6. 6 Terminology CLF –Connectivity Session Location and Repository Function HSS –Home Subscriber Server NASS –Network Attachment Subsystem. i.e. Access Network in TISPAN RGW –Residential Gateway S-CSCF –Serving-CSCF, i.e. SIP registrar in IMS Terminal –Laptop / PC or any other SIP and IP supporting device

7. 7 NBA Message Flow TerminalP-CSCFCLFS-CSCFHSSI-CSCF REGISTER Location Information Query (IP@) Location Information Response (line_id) REG (P-Access-Network-Info (line_id)) Cx-UAR/UAA Messages REG (line_id) Cx MAR S-CSCF compares the line_id with the stored line_id_ref 200 OK

8. 8 IRG implementation

9. 9 15. 401 WWW-Authenticate IMS registration flows with IRG UA1UA2S-CSCFHSS SIP B2BUA P-CSCF ISIM 1. REGISTER 2. 401 WWW-Authenticate 3. REGISTER 4. REGISTER 5. REGISTER 6. Diameter MAR 7. Diameter MAA 8. 401 WWW-Authenticate 9. 401 WWW-Authenticate 10. REGISTER 11. REGISTER 12. 200 13. 200 14. REGISTER 16. REGISTER 17. REGISTER 18. REGISTER 19. 200 20. 200 Gm IRG Integrity and confidentiality protection

10. 10 Usage scenario with RGW/AGW and AGCF Control Subsystem (AGCF with MGC) IP transport (Access and Core Network) Legacy User Equipment (terminals, PBXs) RGW (R-MGF) AGW (A-MGF) Single operator’s security domain Operator’s PremisesCustomer’s Premises Scope of ES 283 002 with H.248, 1UA, GRE interfaces Mw Support thousands of terminals I/S-CSCF

11. 11 Limitations of Approaches Lacking of support for mobility IP address binding solutions do not work well More than one physical terminals with different public-IDS (care-of-addresses) can share the same fix line but they all must share the same IMS private-ID and basically shares the same subscription Becomes to personalized services, pose a technical and a privacy challenge.

12. 12 Conclusion In the long term, the IMS-AKA is the solution that provides full set of security services and flexibility for IMS access for fixed NGN networks.

13. 13 Reference TISPAN –http://www.etsi.org/tispanhttp://www.etsi.org/tispan 3GPP –http://www.3gpp.org/http://www.3gpp.org/ Access Authentication to IMS Systems in Next Generation Networks, Silke Holtmanns, Son Phan-Anh, ICN’07 IEEE Wiki, B2BUA –http://en.wikipedia.org/wiki/B2BUAhttp://en.wikipedia.org/wiki/B2BUA