Access Authentication to IMS Systems in Next Generation Networks

1. Access Authentication to IMS Systems in Next Generation Networks Authors: Silke Holtmanns, Son Phan-Anh ICN’07 IEEE Speaker: Wen-Jen Lin

2. Outline • What’s TISPAN? • TISPAN_NGN Synergy • Authentication approaches of TISPAN • Terminology • NBA Message Flow • IRG implementation • Usage scenario with RGW/AGW and AGCF • Limitations of Approaches • Conclusion • Reference

3. What’s TISPAN? • TISPAN • Telecommunication andInternet convergedServices and Protocols for Advanced Networking • A standardization body of the European Telecommunications Standards Institute (ETSI) • Focuses on developing or driving 3GPP standards for fixed networks and migration from switched circuit networks to packet-based networks with an architecture that can serve in both • TISPAN IMS Release 1 is based upon the 3GPP IMS Release 6

4. TISPAN_NGN Synergy 8 Working Groups Projects SERVICES ARCHITECTURE PROTOCOLS NUMBERING & DTM (Dynamic asynchronous Transfert Mode) EMTEL (EMergency TELecommunication) ROUTEING Tispan_NGN OSA (Open Service Access) Telecom Equipment Identity F-MMS QoS TESTING SECURITY NETWORK MANAGEMENT Etc… as needed

5. Authentication approaches of TISPAN • NASS-bundled Authentication (NBA), • utilizes the result of access-layer authentication for IMS-layer • IMS Residential Gateway (IRG) • acts as an ISIM/UICC-equipped adapter between legacy terminals and IMS core • Residential Gateway (RGW) or Access Gateway (AGW) • For legacy terminals

6. Terminology • CLF • Connectivity Session Location and Repository Function • HSS • Home Subscriber Server • NASS • Network Attachment Subsystem. i.e. Access Network in TISPAN • RGW • Residential Gateway • S-CSCF • Serving-CSCF, i.e. SIP registrar in IMS • Terminal • Laptop /PC or any other SIP and IP supporting device

7. Terminal P-CSCF CLF I-CSCF S-CSCF HSS Location Information Query (IP@) REGISTER Location Information Response (line_id) REG (P-Access-Network-Info (line_id)) Cx-UAR/UAA Messages REG (line_id) Cx MAR 200 OK 200 OK 200 OK NBA Message Flow S-CSCF compares the line_id with the stored line_id_ref

8. IRG implementation

9. UA1 UA2 S-CSCF HSS SIP B2BUA P-CSCF IMS registration flows with IRG IRG ISIM 1. REGISTER 2. 401 WWW-Authenticate Gm 3. REGISTER 4. REGISTER 5. REGISTER Integrity and confidentiality protection 6. Diameter MAR 7. Diameter MAA 8. 401 WWW-Authenticate 9. 401 WWW-Authenticate 10. REGISTER 11. REGISTER 12. 200 13. 200 14. REGISTER 15. 401 WWW-Authenticate 16. REGISTER 17. REGISTER 18. REGISTER 19. 200 20. 200

10. Usage scenario with RGW/AGW and AGCF Customer’s Premises Operator’s Premises Support thousands of terminals Single operator’s security domain Legacy User Equipment (terminals, PBXs) Control Subsystem (AGCF with MGC) AGW (A-MGF) IP transport (Access and Core Network) Scope of ES 283 002 with H.248, 1UA, GRE interfaces RGW (R-MGF) Mw I/S-CSCF

11. Limitations of Approaches • Lacking of support for mobility • IP address binding solutions do not work well • More than one physical terminals with different public-IDS (care-of-addresses) can share the same fix line but they all must share the same IMS private-ID and basically shares the same subscription • Becomes to personalized services, pose a technical and a privacy challenge.

12. Conclusion • In the long term, the IMS-AKA is the solution that provides full set of security services and flexibility for IMS access for fixed NGN networks.

13. Reference • TISPAN • http://www.etsi.org/tispan • 3GPP • http://www.3gpp.org/ • Access Authentication to IMS Systems in Next Generation Networks, Silke Holtmanns, Son Phan-Anh, ICN’07 IEEE • Wiki, B2BUA • http://en.wikipedia.org/wiki/B2BUA