1 / 21

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr. 47 th FITCE Congress London 2008. “ Securing IP Multimedia Subsystem (IMS) infrastructures: protection against attacks ” M. Tsagkaropoulos.

soleil
Télécharger la présentation

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 “Securing IP Multimedia Subsystem (IMS) infrastructures: protection against attacks”M. Tsagkaropoulos Dept. Of Electrical and Computer Engineering Wireless Telecommunications Laboratory University of Patras Patras 26500 Greece Email: mtsagaro@ece.upatras.gr “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  2. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 Agenda • NGN Networks • IMS Architecture • IMS Security Framework • Vulnerabilities in IMS • Security Mechanisms & enhancements • Conclusions “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  3. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 NGN Vision (1) • Transition to an “All-IP” network infrastructure. • Convergence among network and services. • Support of heterogeneous access technologies (e.g. WLANs, WiMAX, xDSL, etc). • Unified control architecture to manage application and services. “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  4. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 NGN Vision (2) • Seamless handovers across both homogeneous and heterogeneous wireless technologies. • Mobility, nomadicity and QoS support on or above IP layer. • Provisioning of triple-play services creating a service bundle of unifying video,voice and Internet. “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  5. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 Convergence Realization • Common service delivery platform on fixed, mobile/wireless, broadcast and IP-based networks • IP Multimedia Subsystem (IMS) • Originally standardized by 3GPP and 3GPP2 in the mobile world • Extended for fixed domain ETSI (TISPAN, NGN), ITU-T “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  6. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 IP Multimedia Subsystem (IMS) • Goal • Access, Security, Mobility, QoS, Charging, Service Platform Integration • Extended Functionalities • IMS is the central point of control multiple applications and services • Handling of different user profiles • Service Discovery “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  7. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 IMS Architecture • Signaling Plane • Proxy Call/Session Control Function • Interrogating (I-CSCF) • Serving CSCF (S-CSCF) • Media Gateway Function • Application Plane • Application Servers • Presence, Instant Messaging • Home Subscriber Subsystems • Media Server “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  8. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 IMS Security Architecture “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  9. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 IMS Vulnerabilities • Denial of Service • SQL Injection • Eavesdropping • Tearing down sessions • Registration hijacking • Session hijacking • Impersonating a server • Man in the middle “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  10. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 IMS Existing Security Plane • Authentication & Key Agreement between IM subscriber and home network • Security Mechanism Agreement between IM client and visited network • Integrity Protection and Confidentiality • Network Domain Security between different Domains (?) • Existing GPRS/UMTS Access Security “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  11. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 Security Mechanisms IPSec & TLS IPSec & TLS Authentication &Authorization Authentication &Authorization None None • BYE&CANCEL attacks • Eavesdropping • Registration& SessionHijacking • Man-In-the-Middle attacks • SIP Message flooding • SQL Injection IDS “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  12. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 IMS Security Target • Handling Protocol Vulnerabilities • Protection against Attacks • SPAM Handling “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  13. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 IDS Use Cases P-CSCF Detection IDS Attacks Detection Detection Invite flooding Detection Register Flooding Detection Malformed Msg Detection SQL injection “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  14. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 Testing Tools • Traffic Generator • SIPp: SIP Traffic generator • Seagull: IMS Traffic Generator • IMS Client • Ericsson Service Development Studio (SDS) • UCT IMS Client • Attacker • Developed C++ Tool for specific attacks • IMS Core • FOKUS’s Open Source IP Multimedia Subsystem (IMS) Core “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  15. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 IDS Process Delay “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  16. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 Future Work • Extended Functionalities of IDS System • Optimize processing load • Interaction with deployed services • Stand alone implementation at Application Servers • Definition of relationships/dependencies among partners • ... “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  17. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 Conclusions • IMS Deployment towards NGN vision • Identification of IMS vulnerabilities • Enhanced IMS security framework • Integration of Intrusion Detection System • Experimental Testbed • Future steps “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  18. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 Questions “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

  19. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr 47th FITCE Congress London 2008 Thank you for your attention UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering WirelessTelecommunication Laboratory Michail Tsagkaropoulos mailto: mtsagaro@ece.upatras.gr http://www.wltl.ee.upatras.gr/cones “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos

More Related