Đang chuẩn bị liên kết để tải về tài liệu:
Chapter 12 - Security in the IMS

IMS security is divided into access security (specified in 3GPP TS 33.203 [28]) and network security (specified in 3GPP TS 33.210 [29]). Access security (which we describe in Section 12.1) includes authentication of users and the network, and protection of the traffic between the IMS terminal and the network. Network security (which we describe in Section 12.2) deals with traffic protection between network nodes, which may belong to the same or to different operators. | Chapter 12 Security in the IMS IMS security is divided into access security specified in 3GPP TS 33.203 28 and network security specified in 3GPP TS 33.210 29 . Access security which we describe in Section 12.1 includes authentication of users and the network and protection of the traffic between the IMS terminal and the network. Network security which we describe in Section 12.2 deals with traffic protection between network nodes which may belong to the same or to different operators. The IMS started originally supporting IPsec for both access and network security we described IPsec in Section 11.6 . Later support for TLS was added to both access and network we described TLS in Section 11.3 . In addition HTTP Digest Access Authentication and the HTTP Digest Access Authentication using Authentication and Key Agreement AKA are also supported see Section 11.1 . Early deployments of IMS used a simplified customized security solution which leveraged authentication at the GPRS level specified in the Technical Report 3GPP TR 33.978 20 . Finally a variation of the early IMS security solution has been customized for the fixed IMS access in the so-called NASS-IMS bundled authentication. We expect new security mechanisms to be added in later IMS releases. The following sections address all of these security aspects. 12.1 Access Security A user accessing the IMS first needs to be authenticated and then authorized to use IMS before they can use any IMS services. The authentication and authorization may generally lead to the establishment of IPsec security associations between the IMS terminal and the P-CSCF a TLS connection between them or it may lead to a link between the specific IP-CAN and the IMS. This process is piggybacked to the current IMS registration process. The S-CSCF armed with the authentication vectors downloaded from the HSS Home Subscriber Server authenticates and authorizes the user. The S-CSCF delegates the role of establishing the access security .