1 / 13

Access Authentication to IMS Systems in Next Generation Networks

This paper discusses various authentication approaches utilized in the TISPAN (Telecommunication and Internet converged Services and Protocols for Advanced Networking) framework, particularly focusing on the integration with IMS (IP Multimedia Subsystem). Key topics include TISPAN's role in network standardization, the NBA (NASS-bundled Authentication) method, and the implementation of the IMS Residential Gateway (IRG). The paper highlights message flow scenarios and potential limitations such as mobility support issues, presenting a comprehensive overview of authentication strategies for enhancing security in next-generation network environments.

dotty
Télécharger la présentation

Access Authentication to IMS Systems in Next Generation Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Authentication to IMS Systems in Next Generation Networks Authors: Silke Holtmanns, Son Phan-Anh ICN’07 IEEE Speaker: Wen-Jen Lin

  2. Outline • What’s TISPAN? • TISPAN_NGN Synergy • Authentication approaches of TISPAN • Terminology • NBA Message Flow • IRG implementation • Usage scenario with RGW/AGW and AGCF • Limitations of Approaches • Conclusion • Reference

  3. What’s TISPAN? • TISPAN • Telecommunication andInternet convergedServices and Protocols for Advanced Networking • A standardization body of the European Telecommunications Standards Institute (ETSI) • Focuses on developing or driving 3GPP standards for fixed networks and migration from switched circuit networks to packet-based networks with an architecture that can serve in both • TISPAN IMS Release 1 is based upon the 3GPP IMS Release 6

  4. TISPAN_NGN Synergy 8 Working Groups Projects SERVICES ARCHITECTURE PROTOCOLS NUMBERING & DTM (Dynamic asynchronous Transfert Mode) EMTEL (EMergency TELecommunication) ROUTEING Tispan_NGN OSA (Open Service Access) Telecom Equipment Identity F-MMS QoS TESTING SECURITY NETWORK MANAGEMENT Etc… as needed

  5. Authentication approaches of TISPAN • NASS-bundled Authentication (NBA), • utilizes the result of access-layer authentication for IMS-layer • IMS Residential Gateway (IRG) • acts as an ISIM/UICC-equipped adapter between legacy terminals and IMS core • Residential Gateway (RGW) or Access Gateway (AGW) • For legacy terminals

  6. Terminology • CLF • Connectivity Session Location and Repository Function • HSS • Home Subscriber Server • NASS • Network Attachment Subsystem. i.e. Access Network in TISPAN • RGW • Residential Gateway • S-CSCF • Serving-CSCF, i.e. SIP registrar in IMS • Terminal • Laptop /PC or any other SIP and IP supporting device

  7. Terminal P-CSCF CLF I-CSCF S-CSCF HSS Location Information Query (IP@) REGISTER Location Information Response (line_id) REG (P-Access-Network-Info (line_id)) Cx-UAR/UAA Messages REG (line_id) Cx MAR 200 OK 200 OK 200 OK NBA Message Flow S-CSCF compares the line_id with the stored line_id_ref

  8. IRG implementation

  9. UA1 UA2 S-CSCF HSS SIP B2BUA P-CSCF IMS registration flows with IRG IRG ISIM 1. REGISTER 2. 401 WWW-Authenticate Gm 3. REGISTER 4. REGISTER 5. REGISTER Integrity and confidentiality protection 6. Diameter MAR 7. Diameter MAA 8. 401 WWW-Authenticate 9. 401 WWW-Authenticate 10. REGISTER 11. REGISTER 12. 200 13. 200 14. REGISTER 15. 401 WWW-Authenticate 16. REGISTER 17. REGISTER 18. REGISTER 19. 200 20. 200

  10. Usage scenario with RGW/AGW and AGCF Customer’s Premises Operator’s Premises Support thousands of terminals Single operator’s security domain Legacy User Equipment (terminals, PBXs) Control Subsystem (AGCF with MGC) AGW (A-MGF) IP transport (Access and Core Network) Scope of ES 283 002 with H.248, 1UA, GRE interfaces RGW (R-MGF) Mw I/S-CSCF

  11. Limitations of Approaches • Lacking of support for mobility • IP address binding solutions do not work well • More than one physical terminals with different public-IDS (care-of-addresses) can share the same fix line but they all must share the same IMS private-ID and basically shares the same subscription • Becomes to personalized services, pose a technical and a privacy challenge.

  12. Conclusion • In the long term, the IMS-AKA is the solution that provides full set of security services and flexibility for IMS access for fixed NGN networks.

  13. Reference • TISPAN • http://www.etsi.org/tispan • 3GPP • http://www.3gpp.org/ • Access Authentication to IMS Systems in Next Generation Networks, Silke Holtmanns, Son Phan-Anh, ICN’07 IEEE • Wiki, B2BUA • http://en.wikipedia.org/wiki/B2BUA

More Related