1

Access Authentication to IMS Systems in Next Generation Networks

Authors: Silke Holtmanns, Son Phan-Anh

ICN’07 IEEE

Speaker: Wen-Jen Lin

2

Outline

• What’s TISPAN?– TISPAN_NGN Synergy

• Authentication approaches of TISPAN• Terminology• NBA Message Flow• IRG implementation• Usage scenario with RGW/AGW and AGCF• Limitations of Approaches• Conclusion• Reference

3

What’s TISPAN?

• TISPAN– TTelecommunication and IInternet converged

SServices and PProtocols for AAdvanced NNetworking

– A standardization body of the European Telecommunications Standards Institute (ETSI)

– Focuses on developing or driving 3GPP standards for fixed networks and migration from switched circuit networks to packet-based networks with an architecture that can serve in both

• TISPAN IMS Release 1 is based upon the 3GPP IMS Release 6

4

TISPAN_NGN Synergy

SERVICES

ARCHITECTURE

PROTOCOLS

NUMBERING &ROUTEING

QoS

TESTING

Tis

pan

_NG

N

F-M

MS

Tel

eco

m E

qu

ipm

ent

Iden

tity

Etc… as needed

NETWORK MANAGEMENT

EM

TE

L (

EM

erg

ency

TE

Lec

om

mu

nic

atio

n)

DT

M (

Dyn

amic

asy

nch

ron

ou

s T

ran

sfer

t M

od

e)

SECURITY

Projects8 Working Groups

OS

A (

Op

en S

ervi

ce A

cces

s)

5

Authentication approaches of TISPAN

1. NASS-bundled Authentication (NBA), utilizes the result of access-layer authentication for

IMS-layer

2. IMS Residential Gateway (IRG) acts as an ISIM/UICC-equipped adapter between

legacy terminals and IMS core

3. Residential Gateway (RGW) or Access Gateway (AGW)

For legacy terminals

6

Terminology

• CLF– Connectivity Session Location and Repository Function

• HSS– Home Subscriber Server

• NASS– Network Attachment Subsystem. i.e. Access Network in TISPAN

• RGW– Residential Gateway

• S-CSCF– Serving-CSCF, i.e. SIP registrar in IMS

• Terminal– Laptop / PC or any other SIP and IP supporting device

7

NBA Message FlowTerminal P-CSCF CLF S-CSCF HSSI-CSCF

REGISTER

Location InformationQuery (IP@)

Location InformationResponse (line_id)

REG (P-Access-Network-Info (line_id))Cx-UAR/UAA Messages

REG (line_id)Cx MAR

S-CSCF compares the line_id with the stored line_id_ref

200 OK200 OK

200 OK

8

IRG implementation

9

15. 401WWW-Authenticate

IMS registration flows with IRGUA1 UA2 S-CSCF HSS

SIPB2BUA

P-CSCFISIM

1. REGISTER

2. 401 WWW-Authenticate

3. REGISTER

4. REGISTER5. REGISTER

6. Diameter MAR

7. Diameter MAA

8. 401 WWW-Authenticate9. 401 WWW-Authenticate

10. REGISTER

11. REGISTER

12. 20013. 200

14. REGISTER

16. REGISTER 17. REGISTER

18. REGISTER19. 200

20. 200

Gm

IRG

Integrity and confidentiality protection

10

Usage scenario with RGW/AGW and AGCF

Control Subsystem(AGCF with

MGC)

IP transport(Access and

Core Network)

Legacy User

Equipment(terminals,

PBXs)RGW

(R-MGF)

AGW(A-MGF)

Single operator’s security domain

Operator’s PremisesCustomer’s Premises

Scope of ES 283 002 with H.248,

1UA, GRE interfaces

Mw

Support thousands of

terminals

I/S-CSCF

11

Limitations of Approaches

• Lacking of support for mobility• IP address binding solutions do not work well• More than one physical terminals with different

public-IDS (care-of-addresses) can share the same fix line but they all must share the same IMS private-ID and basically shares the same subscription

• Becomes to personalized services, pose a technical and a privacy challenge.

12

Conclusion

• In the long term, the IMS-AKA is the solution that provides full set of security services and flexibility for IMS access for fixed NGN networks.

13

Reference

• TISPAN– http://www.etsi.org/tispan

• 3GPP– http://www.3gpp.org/

• Access Authentication to IMS Systems in Next Generation Networks, Silke Holtmanns, Son Phan-Anh, ICN’07 IEEE

• Wiki, B2BUA

– http://en.wikipedia.org/wiki/B2BUA