Access Authentication to IMS Systems in Next Generation Networks

1
Access Authentication to IMS Systems in Next
Generation Networks

• Authors Silke Holtmanns, Son Phan-Anh
• ICN07 IEEE
• Speaker Wen-Jen Lin

2
Outline

• Whats TISPAN?
• TISPAN_NGN Synergy
• Authentication approaches of TISPAN
• Terminology
• NBA Message Flow
• IRG implementation
• Usage scenario with RGW/AGW and AGCF
• Limitations of Approaches
• Conclusion
• Reference

3
Whats TISPAN?

• TISPAN
• Telecommunication and Internet converged Services
  and Protocols for Advanced Networking
• A standardization body of the European
  Telecommunications Standards Institute (ETSI)
• Focuses on developing or driving 3GPP standards
  for fixed networks and migration from switched
  circuit networks to packet-based networks with an
  architecture that can serve in both
• TISPAN IMS Release 1 is based upon the 3GPP IMS
  Release 6

4
TISPAN_NGN Synergy
8 Working Groups
Projects
SERVICES
ARCHITECTURE
PROTOCOLS
NUMBERING
DTM (Dynamic asynchronous Transfert Mode)
EMTEL (EMergency TELecommunication)
ROUTEING
Tispan_NGN
Telecom Equipment Identity
OSA (Open Service Access)
F-MMS
QoS
TESTING
SECURITY
NETWORK MANAGEMENT
Etc as needed
5
Authentication approaches of TISPAN

• NASS-bundled Authentication (NBA),
• utilizes the result of access-layer
  authentication for IMS-layer
• IMS Residential Gateway (IRG)
• acts as an ISIM/UICC-equipped adapter between
  legacy terminals and IMS core
• Residential Gateway (RGW) or Access Gateway (AGW)
• For legacy terminals

6
Terminology

• CLF
• Connectivity Session Location and Repository
  Function
• HSS
• Home Subscriber Server
• NASS
• Network Attachment Subsystem. i.e. Access Network
  in TISPAN
• RGW
• Residential Gateway
• S-CSCF
• Serving-CSCF, i.e. SIP registrar in IMS
• Terminal
• Laptop / PC or any other SIP and IP supporting
  device

7
NBA Message Flow
S-CSCF compares the line_id with the stored
line_id_ref
8
IRG implementation
9
IMS registration flows with IRG
IRG
ISIM
1. REGISTER
2. 401 WWW-Authenticate
Gm
3. REGISTER
4. REGISTER
5. REGISTER
6. Diameter MAR
Integrity and confidentiality protection
7. Diameter MAA
8. 401 WWW-Authenticate
9. 401 WWW-Authenticate
10. REGISTER
11. REGISTER
12. 200
13. 200
14. REGISTER
15. 401 WWW-Authenticate
16. REGISTER
17. REGISTER
18. REGISTER
19. 200
20. 200
10
Usage scenario with RGW/AGW and AGCF
Operators Premises
Customers Premises
Support thousands of terminals
Single operators security domain
Legacy User Equipment (terminals, PBXs)
Control Subsystem (AGCF with MGC)
IP transport (Access and Core Network)
AGW (A-MGF)
Scope of ES 283 002 with H.248, 1UA, GRE
interfaces
RGW (R-MGF)
Mw
I/S-CSCF
11
Limitations of Approaches

• Lacking of support for mobility
• IP address binding solutions do not work well
• More than one physical terminals with different
  public-IDS (care-of-addresses) can share the same
  fix line but they all must share the same IMS
  private-ID and basically shares the same
  subscription
• Becomes to personalized services, pose a
  technical and a privacy challenge.

12
Conclusion

• In the long term, the IMS-AKA is the solution
  that provides full set of security services and
  flexibility for IMS access for fixed NGN networks.

13
Reference

• TISPAN
• http//www.etsi.org/tispan
• 3GPP
• http//www.3gpp.org/
• Access Authentication to IMS Systems in Next
  Generation Networks, Silke Holtmanns, Son
  Phan-Anh, ICN07 IEEE
• Wiki, B2BUA
• http//en.wikipedia.org/wiki/B2BUA