Title: Access Authentication to IMS Systems in Next Generation Networks
1Access Authentication to IMS Systems in Next
Generation Networks
- Authors Silke Holtmanns, Son Phan-Anh
- ICN07 IEEE
- Speaker Wen-Jen Lin
2Outline
- Whats TISPAN?
- TISPAN_NGN Synergy
- Authentication approaches of TISPAN
- Terminology
- NBA Message Flow
- IRG implementation
- Usage scenario with RGW/AGW and AGCF
- Limitations of Approaches
- Conclusion
- Reference
3Whats TISPAN?
- TISPAN
- Telecommunication and Internet converged Services
and Protocols for Advanced Networking - A standardization body of the European
Telecommunications Standards Institute (ETSI) - Focuses on developing or driving 3GPP standards
for fixed networks and migration from switched
circuit networks to packet-based networks with an
architecture that can serve in both - TISPAN IMS Release 1 is based upon the 3GPP IMS
Release 6
4TISPAN_NGN Synergy
8 Working Groups
Projects
SERVICES
ARCHITECTURE
PROTOCOLS
NUMBERING
DTM (Dynamic asynchronous Transfert Mode)
EMTEL (EMergency TELecommunication)
ROUTEING
Tispan_NGN
Telecom Equipment Identity
OSA (Open Service Access)
F-MMS
QoS
TESTING
SECURITY
NETWORK MANAGEMENT
Etc as needed
5Authentication approaches of TISPAN
- NASS-bundled Authentication (NBA),
- utilizes the result of access-layer
authentication for IMS-layer - IMS Residential Gateway (IRG)
- acts as an ISIM/UICC-equipped adapter between
legacy terminals and IMS core - Residential Gateway (RGW) or Access Gateway (AGW)
- For legacy terminals
6Terminology
- CLF
- Connectivity Session Location and Repository
Function - HSS
- Home Subscriber Server
- NASS
- Network Attachment Subsystem. i.e. Access Network
in TISPAN - RGW
- Residential Gateway
- S-CSCF
- Serving-CSCF, i.e. SIP registrar in IMS
- Terminal
- Laptop / PC or any other SIP and IP supporting
device
7NBA Message Flow
S-CSCF compares the line_id with the stored
line_id_ref
8IRG implementation
9IMS registration flows with IRG
IRG
ISIM
1. REGISTER
2. 401 WWW-Authenticate
Gm
3. REGISTER
4. REGISTER
5. REGISTER
6. Diameter MAR
Integrity and confidentiality protection
7. Diameter MAA
8. 401 WWW-Authenticate
9. 401 WWW-Authenticate
10. REGISTER
11. REGISTER
12. 200
13. 200
14. REGISTER
15. 401 WWW-Authenticate
16. REGISTER
17. REGISTER
18. REGISTER
19. 200
20. 200
10Usage scenario with RGW/AGW and AGCF
Operators Premises
Customers Premises
Support thousands of terminals
Single operators security domain
Legacy User Equipment (terminals, PBXs)
Control Subsystem (AGCF with MGC)
IP transport (Access and Core Network)
AGW (A-MGF)
Scope of ES 283 002 with H.248, 1UA, GRE
interfaces
RGW (R-MGF)
Mw
I/S-CSCF
11Limitations of Approaches
- Lacking of support for mobility
- IP address binding solutions do not work well
- More than one physical terminals with different
public-IDS (care-of-addresses) can share the same
fix line but they all must share the same IMS
private-ID and basically shares the same
subscription - Becomes to personalized services, pose a
technical and a privacy challenge.
12Conclusion
- In the long term, the IMS-AKA is the solution
that provides full set of security services and
flexibility for IMS access for fixed NGN networks.
13Reference
- TISPAN
- http//www.etsi.org/tispan
- 3GPP
- http//www.3gpp.org/
- Access Authentication to IMS Systems in Next
Generation Networks, Silke Holtmanns, Son
Phan-Anh, ICN07 IEEE - Wiki, B2BUA
- http//en.wikipedia.org/wiki/B2BUA