1 Access Authentication to IMS Systems in Next Generation Networks Authors: Silke Holtmanns, Son...
-
Upload
judith-arleen-cross -
Category
Documents
-
view
214 -
download
0
Transcript of 1 Access Authentication to IMS Systems in Next Generation Networks Authors: Silke Holtmanns, Son...
1
Access Authentication to IMS Systems in Next Generation Networks
Authors: Silke Holtmanns, Son Phan-Anh
ICN’07 IEEE
Speaker: Wen-Jen Lin
2
Outline
• What’s TISPAN?– TISPAN_NGN Synergy
• Authentication approaches of TISPAN• Terminology• NBA Message Flow• IRG implementation• Usage scenario with RGW/AGW and AGCF• Limitations of Approaches• Conclusion• Reference
3
What’s TISPAN?
• TISPAN– TTelecommunication and IInternet converged
SServices and PProtocols for AAdvanced NNetworking
– A standardization body of the European Telecommunications Standards Institute (ETSI)
– Focuses on developing or driving 3GPP standards for fixed networks and migration from switched circuit networks to packet-based networks with an architecture that can serve in both
• TISPAN IMS Release 1 is based upon the 3GPP IMS Release 6
4
TISPAN_NGN Synergy
SERVICES
ARCHITECTURE
PROTOCOLS
NUMBERING &ROUTEING
QoS
TESTING
Tis
pan
_NG
N
F-M
MS
Tel
eco
m E
qu
ipm
ent
Iden
tity
Etc… as needed
NETWORK MANAGEMENT
EM
TE
L (
EM
erg
ency
TE
Lec
om
mu
nic
atio
n)
DT
M (
Dyn
amic
asy
nch
ron
ou
s T
ran
sfer
t M
od
e)
SECURITY
Projects8 Working Groups
OS
A (
Op
en S
ervi
ce A
cces
s)
5
Authentication approaches of TISPAN
1. NASS-bundled Authentication (NBA), utilizes the result of access-layer authentication for
IMS-layer
2. IMS Residential Gateway (IRG) acts as an ISIM/UICC-equipped adapter between
legacy terminals and IMS core
3. Residential Gateway (RGW) or Access Gateway (AGW)
For legacy terminals
6
Terminology
• CLF– Connectivity Session Location and Repository Function
• HSS– Home Subscriber Server
• NASS– Network Attachment Subsystem. i.e. Access Network in TISPAN
• RGW– Residential Gateway
• S-CSCF– Serving-CSCF, i.e. SIP registrar in IMS
• Terminal– Laptop / PC or any other SIP and IP supporting device
7
NBA Message FlowTerminal P-CSCF CLF S-CSCF HSSI-CSCF
REGISTER
Location InformationQuery (IP@)
Location InformationResponse (line_id)
REG (P-Access-Network-Info (line_id))Cx-UAR/UAA Messages
REG (line_id)Cx MAR
S-CSCF compares the line_id with the stored line_id_ref
200 OK200 OK
200 OK
8
IRG implementation
9
15. 401WWW-Authenticate
IMS registration flows with IRGUA1 UA2 S-CSCF HSS
SIPB2BUA
P-CSCFISIM
1. REGISTER
2. 401 WWW-Authenticate
3. REGISTER
4. REGISTER5. REGISTER
6. Diameter MAR
7. Diameter MAA
8. 401 WWW-Authenticate9. 401 WWW-Authenticate
10. REGISTER
11. REGISTER
12. 20013. 200
14. REGISTER
16. REGISTER 17. REGISTER
18. REGISTER19. 200
20. 200
Gm
IRG
Integrity and confidentiality protection
10
Usage scenario with RGW/AGW and AGCF
Control Subsystem(AGCF with
MGC)
IP transport(Access and
Core Network)
Legacy User
Equipment(terminals,
PBXs)RGW
(R-MGF)
AGW(A-MGF)
Single operator’s security domain
Operator’s PremisesCustomer’s Premises
Scope of ES 283 002 with H.248,
1UA, GRE interfaces
Mw
Support thousands of
terminals
I/S-CSCF
11
Limitations of Approaches
• Lacking of support for mobility• IP address binding solutions do not work well• More than one physical terminals with different
public-IDS (care-of-addresses) can share the same fix line but they all must share the same IMS private-ID and basically shares the same subscription
• Becomes to personalized services, pose a technical and a privacy challenge.
12
Conclusion
• In the long term, the IMS-AKA is the solution that provides full set of security services and flexibility for IMS access for fixed NGN networks.
13
Reference
• TISPAN– http://www.etsi.org/tispan
• 3GPP– http://www.3gpp.org/
• Access Authentication to IMS Systems in Next Generation Networks, Silke Holtmanns, Son Phan-Anh, ICN’07 IEEE
• Wiki, B2BUA
– http://en.wikipedia.org/wiki/B2BUA