ECPI Capstone Project 480

Professor Elizabeth McCarthy

by

Sergio Cedillo

IMS stands for IP Multimedia Subsystem (IMS) which is a Service Delivery Architecture.

IP Multimedia Subsystem (IMS) is an architecture that enables wireline, wireless and cable operators to offer a new generation of rich multimedia services

Standardization of IMS architecture would provide Internet Protocol (IP)-based mobile and fixed multimedia services

IMS could allow operators who own different types of networks with varying architectures to offer the same services to all of their customers.

IMS is a key element of 3G cellular architecture.

It is an architectural framework for delivering everywhere access to all services that internet provides from cellular networks.

This is the IMS vision.

The Implementation of IMS is critical in order to enhance the cellular telecommunications experience for both the client and service provider and to keep up with fast paced business. The difference of having IMS in the 3G architecture and not having it greatly weighs in favor of the IMS realization.

Services provided by internet can be accessed from cellular communications with the existing circuit switched (CS) and packet switched (PS) technology.

Grow and protect subscriber base, increase ARPU (Average Revenue Per User)

Faster time to market with new services

Have quality of service(QoS), proper charging protocols, and the integration of different services.

Interoperability with other networks and other country's networks.

Adds call session control to the packet network (GPRS)

enables peer-to-peer real-time services - such as voice, video – over a packet-switched domain

scalable common service control (based on SIP) gives the ability to manage parallel user services

Rich service creation environment - Media Mixing

Ability to pick and mix various multimedia flows in single or multiple sessions

Can handle real-time voice, video, data

Connectivity Network Independence

Provides access to IP based services independent of the underlying connectivity technology (mobile / fixed)

IMS is based upon an open standard with a strong evolutionary advantage

IMS architecture & Session initiated protocol (SIP) may be easily extended to provide for new services - Integrated service model

Open charging model

Shared Resources• Media server resources

• Common user data

• Single user profile across applications

• Integrated applications

Session Control• Common Session Control (SIP)

• Provides common service policies

• Leverages investments across

multiple

applications

Access Network Agnostic• Eliminates multiple service solutions

• Network transparency

• Consistent services across networks

Converged Applications• Across Networks

• Reduced development costs and time

• Voice, Video and data services

• Write once / use many

Transport

Control

Applications

DSL Mobile PSTN

Voice

Video

HostedServices

Web Content

MP3

Win Media

Text

Data

SIP

Access

CMTS

AccessNetwork

OtherNetworks

Web Portal

Application

Servers

Session

ControlCentralized Database

Media

Control &

Gateways

Media

ServerAccess

Layer

Session

Control

Layer

Application

Layer

Open Industry Standard Support

for a Variety of Applications:

• Speed Applications to market

Common Session Control Element to

Provide Service Interworking

• Predictable interactions between multiple

services

Common Subscriber

Database with Open

Interfaces

Service Consistency Across Wireless,

Wireline and VoIP Endpoints:

•Retain ownership of the subscriber and their

services

•Ability to provide differentiated services

Distributed Session Control

• IMS flexibility and scalability reduce OPEX

• Support mobility/portability

Common support for CoS,

QoS, security, scalability,

reliability, and performance

Common OAM&P Environment

• Ease integration into OSS/BSS/NMS

Common

OAM&P,Billing,

etc.

Capable of Interworking

with the PSTN (i.e.

legacy IN-based

services)

“All-IP

Network”

Internet

Mobile Networks

Mobile communications is going IP

Separation of transport and control

Voice-data integration IP-based applications End-to-end IP transport

The Internet is going mobile

Wireless access Terminal and user mobility Global roaming and handover Quality of Service (QoS)

Source: http://www.hindawi.com/journals/wcn/2008/589623.fig3.html

• Application Servers are unaware of the existence of other

AS', and whether these will be linked-in. (Transitional

problems from Legacy to IMS structure).

• The application server decides whether to remain linked-in

for the whole session by adding its address to the Record-

Route SIP header.

• No service or session state will be passed between

application servers unless they use proprietary extensions

i.e. are co-designed.

• Response messages are routed to the AS’s in the reverse

order due to demand overflow.

• If during call handling procedure an AS retargets the SIP

request by changing the Request URI, subsequent filter analysis

in the S-CSCF is stopped and the S-CSCF forwards the request

towards the new target without linking-in the other AS’ specified

by IFC.

IMS & SIP enable a rich feature set of Converged

Services ….. but also open up the network to IP

based vulnerabilities

IMS & SIP vulnerabilities include:

OS level vulnerabilities

IP Layer 3 vulnerabilities

IMS Framework related vulnerabilities

SIP/RTP/H.248/etc. protocol vulnerabilities

VoIP/Video/PoC/etc. Application vulnerabilities

VoIP SPAM

Well known in the data world

New, unique &

real time

sensitive

Application level

vulnerabilities

Compromised mobile phones Zombie hard/soft phones Modified phone with malicious intent

Malicious/Malformed/Spoofed signaling attacks Malicious/Malformed/Spoofed media attacks Spoofed IMS Emergency session attacks Presence update attacks Initiating Conferencing to block the network resources

International community having direct access to the IMS core network Charging fraud - Signaling directly to avoid charging

Misconfigured/partially configured UEs and/or Network elements

Non-GPRS access such as WLAN or BB can be attacked directly from the internet without a subscription

SPAM which there is no solution at this time.

Control Servers

• Signaling Weaknesses

• Mgt Vulnerabilities

Access Network

/ Internet

User Device

• Worms/Viruses

• OS Vulnerabilities

• Network

Impersonation

Access

• Eavesdropping

• Man-in-the-

Middle Attacks

• Session

Hijacking

Network

Attachment

• Weak

Authentication

• Policy Mis-

configuration

• IP Attacks

Application

Servers

• Un-patched

App/OS

Exploits

• Authentication

& Authorization

Flaws

Back-End

Systems

• Location

Misdirection

• Information

Storage

• Weak App-to-

App

Authentication

Web Servers

• Inadequate Input

Validation

• Authorization

Flaws

• Insecure Sessions

Proxy Servers

• User

Impersonation

• SIP Parameter

Manipulation

• Denial of

Service

Third Party Application

Access

• Malicious Applications

• Authentication &

Authorization Flaws

• Insecure Partner

Networks

PSTN

Core

Network

Possible Security Threats to IMS

Zombie attackers

Spoofed Packets

Spammer

P/S/I CSCFSLF/PDF/IBCF/IWF

MGCF

MRFC

BGCF

SGF

MGW

MRFP

T-MGF

MMD core

SIP Server Call Server

Media Gateway

HSS Apps Chrg

IP-IP GW

ABGF

IBGF

Both Network & Subscribers

can be attacked

Human attackers

Attack Types:

• Flood Denial of Service

• Signaling

• Media

• Distributed DoS

• Stealth DoS

• Target individual or

group of users

• Blended attacks

• Recruit zombies and

use them to launch an

attack

• SPAM

• SPAM over Internet

Telephony (SPIT)

15

DSLEthernet

Home Shopping

Eth.DTV Tuner

Second Line

VoIP

Residential

Gateway

Live Content

Video on Demand

Games Console

Notebook

PDA

Cable

Home

Security

Fiber

802.11b/g

Router

Set-top Box

Antenna

WirelineCable/DSL

IMS Core Network

EV-DOHRPD

EV-DOeHRPD

UMTS LTE WiMAX Satellite

IMS - IP Multimedia SubsystemUMTS - Universal Mobile Telecommunications Service EV-DO - Evolution – Data Optimized HRPD - High Rate Packet Data

eHRPD – enhanced High Rate Packet DataLTE - Long Term EvolutionWiMAX - Worldwide Mobility for Internet Access)

Wireline Wireless

Image

SMS

MMS

Presence

Active

phonebook

Push-To-Talk

Text

Voice

Voice

Sharing

Video

Person-to-Persondominates traffic growth

Movies

Photos

Internet

Text/Pictures

SMS/MMS

HTTP

Streaming

Download

Video

Music

Ring tonePerson-to-Contentknown usability patterns

Enterprise

LAN

Call Center Server

w/ Voip Gateway

Agents on

IP Phones

PSTN

Agent on

Soft PhoneCustomer

Customer

RTP

H.323 T1/E1

ISDN/CAS

• All Agents in single location

• Uses all-in-one system to handle all calls

• Signaling and Media combined in one system

Signaling

Gateway

Enterprise

LAN

Application

ServerAgents on

IP Phones

PSTN

Agent on

Soft PhoneCustomer

Customer

Web

Customer

Email

Customer

Remote

Agent

Internet

MRF

RTP

RTP

Media GW

SIP/

VoiceXML

MSCML

• Improved Scalability: Separate Application from Media

• Ability to add new media such as video as needs evolve

• Fast development using SIP + XML

IMS Access Independent is an answer to future business needNeeds careful inter-operation scenariosUnique Profile is essentialSeamless Services (Next Step)This interconnection of IMs opens new services for the

subscribers of these networksWith these modification PacketCable can support SIP based

(intelligent) end usersThere is no need anymore to pass through PSTN for

interconnection to cellular networksCellular Users can benefit high quality and large bandwidth of

PacketCable for their access too.Wireless Cable-Modems can support even seamless vertical

handover between Cellular and PacketCableUsers have more freedom in their end-device selection

The 3G IP Multimedia Subsystem (IMS): Merging the Internet and the Cellular Worlds" by Gonzalo Camarillo, Miguel-Angel García-Martín, John Wiley & Sons, 2006

The IMS: IP Multimedia Concepts and Services" by Miikka Poikselka, Aki Niemi, Hisham Khartabil, Georg Mayer, John Wiley & Sons, 2006

http://en.wikipedia.org/wiki/IP_Multimedia_Subsystem

John F. Koegel Buford, Multimedia Systems, Addison Wesley, 1994.

Borko Furht, Handbook of Multimedia Computing, CRC, 1999.

Ralf Steinmetz and Klara Nahrstedt, Multimedia: Computing, Communications and Applications, 1995.

Miika Poikselka, Georg Mayer, Hisham Khartabil, Aki Niemi: The IMS, Wiley, 2004

G. Camarillo, M. Garcia-Martin, The 3G IP Multimedia Subsystem (IMS) : Merging the Internet and the Cellular Worlds, Wiley, 2004

Gonzalo Camarillo, SIP Demystified, McGraw-Hill, 2002.

IMS Forum – www.imsforum.org

3GPP – www.3GPP.org

Internet Engineering Task Force – www.ietf.org

ETSI TISPAN -http://portal.etsi.org/portal_common/home.asp?tbkey1=TISPAN

IP Multimedia Subsystem. Diss. Motorola, 2005. 17 Oct. 2010, Retrieved October 16, 2010 http://www.motorola.com/networkoperators/pdfs/new/IMS-WhitePaper.pdf

Consumer VoIP and Beyond: Service Provider Challenges and Opportunities. Lucent Technologies Retrieved October 16, 2010 from http://www.kirkleycommunications.com/samples/Lucent_voip.pdf