Chapter 12 - Security in the IMS

IMS security is divided into access security (specified in 3GPP TS [28]) and network security (specified in 3GPP TS [29]). Access security (which we describe in Section ) includes authentication of users and the network, and protection of the traffic between the IMS terminal and the network. Network security (which we describe in Section ) deals with traffic protection between network nodes, which may belong to the same or to different operators. | Chapter 12 Security in the IMS IMS security is divided into access security specified in 3GPP TS 28 and network security specified in 3GPP TS 29 . Access security which we describe in Section includes authentication of users and the network and protection of the traffic between the IMS terminal and the network. Network security which we describe in Section deals with traffic protection between network nodes which may belong to the same or to different operators. The IMS started originally supporting IPsec for both access and network security we described IPsec in Section . Later support for TLS was added to both access and network we described TLS in Section . In addition HTTP Digest Access Authentication and the HTTP Digest Access Authentication using Authentication and Key Agreement AKA are also supported see Section . Early deployments of IMS used a simplified customized security solution which leveraged authentication at the GPRS level specified in the Technical Report 3GPP TR 20 . Finally a variation of the early IMS security solution has been customized for the fixed IMS access in the so-called NASS-IMS bundled authentication. We expect new security mechanisms to be added in later IMS releases. The following sections address all of these security aspects. Access Security A user accessing the IMS first needs to be authenticated and then authorized to use IMS before they can use any IMS services. The authentication and authorization may generally lead to the establishment of IPsec security associations between the IMS terminal and the P-CSCF a TLS connection between them or it may lead to a link between the specific IP-CAN and the IMS. This process is piggybacked to the current IMS registration process. The S-CSCF armed with the authentication vectors downloaded from the HSS Home Subscriber Server authenticates and authorizes the user. The S-CSCF delegates the role of establishing the access security .

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.