110 likes | 296 Vues
S40-20081201-005. 3GPP2 TSG-S WG4. Femto AP IMS Registration Security. Source: QUALCOMM Incorporated Contact(s): Anand Palanigounder ( apg@qualcomm.com ) Recommendation: Discuss and adopt. Femto AP IMS registration.
E N D
S40-20081201-005 3GPP2 TSG-S WG4 Femto AP IMS Registration Security Source: QUALCOMM IncorporatedContact(s): Anand Palanigounder (apg@qualcomm.com) Recommendation: Discuss and adopt
Femto AP IMS registration • IMS based Femto APs (FAPs) use SIP to register themselves to the S-CSCF in the IMS domain • S-CSCF uses 3rd party SIP registration procedures to register the FAP to the MFIF (MAP Femto Interworking Function) • In this contribution, we analyze various options for securely registering the FAP to IMS domain and propose a method
FAP security assumptions • Assumptions: • FAP mutually authenticates itself to SeGW located in operators network and establishes a secure tunnel (e.g., IPSec ESP) • The IPSec tunnel termination is assumed to be secure • Additional assumptions: • The only open IP route from the FAP to the operator’s network shall be through the SeGW. For example, the only IP traffic to the operator’s network shall be through the technology specific link-layer protocols(e.g., PPP, MIP, etc) • Any SIP messages originating at the Femto AP shall use IPSec tunnel (inner) address assigned by the SeGW • this tunnel inner address space is assumed to be under the control of the operator • The inner IP address of the SIP client shall be equal to the outer IPSec source address assigned to the Femto AP by the SeGW • Additional assumptions prevent a malicious entity (e.g., UE) from masquerading as the FAP to the operator’s network • Otherwise, many attacks are possible, e.g. • Attack on the operators network infrastructure (e.g., OA&M, etc) • Send spoofed SIP messages (e.g., INVITE or BYE)
Authentication methods for SIP Registration in Common IMS • IMS AKA • SIP Digest (with or without TLS) • GPRS IMS Bundled Authentication (GRPS access only) • NASS IMS Bundled Authentication (TISPAN) • Trusted Node Authentication or TNA (used by ICS) • All above methods and how they co-exist in Common IMS is defined by 3GPP in TS 33.203 (Rel-8) • We discuss suitability of each of the above method for registering FAP using IMS registration
IMS identities for FAP authentication • IMS requires identities such as IMPI/IMPUs for registration • Possible Options • Option 1: IMPI/IMPUs are configured for each FAP by operator (e.g. using Femto network management system or FMS) • Option 2: IMPI/IMPU are derived using available information at the FAP (using the FAP’s device identity and the home network realm or domain information) • Both options meet the requirements for FAP IMS registration • Deriving IMPU/IMPI does not require that the operator configure the IMPI/IMPUs for each FAP • However, HSS can still maintain IMS profiles related to FAPs
IMS AKA • Requires configuration of AKA and it’s related parameters at both the HSS and the FAP • Requires double secure tunnel (IPSec over IPSec) • AKA is not supported for FAP authentication – so this is an additional requirement for FAPs
SIP Digest • Requires configuration of digest password between HSS and the FAP • TLS is not needed as there is already secure tunnel between SeGW and the FAP • No issue with double secure tunnel (TLS over IPSec)
GPRS/NASS IMS Bundled authentication • Relies on the presence of P-CSCF • for removing presence of any “integrity-protected” flag and inserting it when SIP REGISTER is received over GPRS/NASS network interface • P-CSCF procedure • SIP Register does not contain Authorization header AND SIP REGISTER message received over GPRS/NASS network interface (e.g. SeGW) then use this method • Requires that IP address assigned to FAP by the operator network (e.g. tunnel inner address) needs to be made available to CSCF (either through HSS and/or from femto system) • Needs further standardization – SeGW needs to populate the assigned IP address into the HSS/AAA for retrieval by the S-CSCF
Trusted Node Authentication • Trusted node is a node either fully under operator’s control or has been verified by the operator to be trusted before access is allowed (e.g., authentication, etc) • Trusted node (i.e., FAP) inserts “integrity-protected” flag (e.g., with value “auth-done”) • SIP REGISTER sent to I/S-CSCF • P-CSCF must not be present between the trusted node and the I/S-CSCF • Otherwise, the P-CSCF may remove the integrity protected flag • Since FAP is already authenticated by the home network (e.g. using FAP device authentication), the S-CSCF can treat FAP as a trusted node • i.e, the SIP received from the known SeGW. • Preferable method for FAP IMS registration
Conclusion • IMS FAP registration can use trusted node authentication method; FAP/SeGW is considered a trusted subsystem since • it’s already authenticated to operator’s network (SeGW) • This method is efficient for FAP IMS registration as it does not require any additional configurations at the FAP for SIP registration • The IMPI/IMPU can be derived from FAP device identity and home domain • No need to perform any special IMS configuration at the FAP • Once the FAP has successfully registered using TNA, it can provide network services (e.g. circuit switched services, etc) to mobiles using the IMS/SIP as a transport • Note that an AT is still required to be authenticated before the network provides service (e.g., CAVE for 1x CS service)
Proposal • Adopt trusted node authentication for FAP IMS registration • Use derived IMPI/IMPU at the FAP for registration