| Nowadays, communication environment has undergone tremendouschanges. The form of communication changed from simple telegraph andtelephone communications to the diversified communications, whichincludingvoice,dataandmultimediacommunications.Theuniversalsolutionused by telecom operators is a business corresponds to a business network,and the solution led to a number of business networks exist side by side.Network integration is aimed at a unified network for the informationcommunication.This can give users unifiedexperience whiletheyenjoyingawide range of communications services. Along with the elevatedcorresponding ability and multiform communications service, the emphasisof the communications research focus on the realization of convergedtechnology. The technology can integrate the fixed network and the mobilenetwork's core network into a new network, and the new one is compatiblewiththeoldinthesametime.Underthis tendency, IPMultimediaSubsystem(IMS) as new generation core network has gradually become the hotspot ofresearch in recent years. IMS network, based on IPtechnique, puts forward aschemetointegratethefixednetworkandthemobilenetwork's corenetwork.The appearance of the IMS has already been seemed as an important milestoneofthecommunicationsnetwork.Authentication is an operation to identify the entities. Entity mustproduce their identity to authenticate themselves. There're two methods totake between two entities authenticating. The first one is knowledge proof,offering a secret logo that only the entity knows. The other is throughcredible third-party agencies. Telecom networks are now generally usedknowledge proof method, which can prove itself not exposed key. If the twosides share a key K, the certifier is able to judge the entity by verify theencryption results are correct or not. The encryption results are provided byentity used K and a random that made by certifier. Authentication is atwo-way operation in the 3G network. It means network take certificationoperation with users, and in the same time, the operation is taking by theusers. The two operations are taken in the same session. By authenticating,users can confirm the credibilityof the network, and network can also verifytheuserlegalstatus.To realize the IMS converged technology, the precondition is it cansatisfy the multiform access requirements in both of the fixed network andthe mobile network. Multiform access requirements mean multiform accessterminals using multiform access authentication algorithm. All of thesecompel IMS core network to consult one algorithm from multiform accessauthentication algorithm, and verify user's authority effectively.Authentication agreement is one of the keystone of IMS network, alsoreflectstheemphasessignificanceofthispaper.In this paper, it implements the function of IMS server based on 3GPPR5 standard. It also brings forward a mature solution for consultingmultiform access authenticationalgorithm arousedbythe IMS multi-networkconvergedtechnology.Concreteworkofthispaperisasfollows:First, analyze the background and the inevitability of the IMS network'sbirth, from the side of the communications network's developmentaltendency, users'requirements of realtime multimedia service incommunications system, the combat between the network operators changedfrommonopolytocompetition,andsoon.Second, analyze the IMS system in detail. The core characteristics ofIMSareappliedSIPprotocolasbasalsignalingprotocolandaccessirrelevant.In this paragraph, the first step descript the concept of IMS and the servicesprovided bythe system, showingthe advantage of IMS system bycomparingwith existing communications network, introducing the development ofinternational standard, and measuring the maturity of IMS product. Then,analyze the system topology and mainly functional entities, which are CallSession Control Function (CSCF), Multimedia Resource Function (MRF),and Media Gateway and Control Function (MGCF). Thirdly, researching theSIPprotocol at length, including network elements of SIP, the mechanism ofprotocol realization, the method of requiring answer, the format of messageand like that. And go into the particulars of the IMS network registrationprocessinfinal.The emphases of this paper are researching the theory of IMSauthentication and explaining the realization of S-CSCF register andauthentication function in IMS. Starting from IMS security system, dig theauthentication's conception and aim, and the causes of authenticationconsultation. Analyzing the AKA arithmetic used in 3G network, the HTTPDigest arithmetic usually used in Internet, the Early IMS arithmetic used inearlyIMS network and NBAarithmetic usually used in WLAN, accordingtothe character of existing communications network's authentication function.According to the 3GPP and ETSI, it studiesonekindofauthenticationconsultedmechanism which can resolve above four kinds of authentication algorithm.The mechanism supports irrespective access function of IMS system andenhances the safety of the entire system. Improving the HTTP Digestarithmetic, in order to support IPSec, makes the security further enhanced.Combining the above research and communications system status in quo,descriptiontherealizingof IMS S-CSCFregister andauthenticationfunction,from the sides of the character of the authentication arithmetic, processing ofregistermessage,managingthelocationmessageandotherwise.In the last of the paper, introducing the MILENAGE arithmetic sets used asstandard IMS user authentication algorithm in brief. Explain every functionin the sets, and analyzing the characteristic and implementingof the Rijndaelarithmetic which is the core algorithm of the sets. Kernel function is the keyof the whole algorithm set design. Since its implementation needs to berepeated several times to produce a complete output of authenticationfunction,therefore,it not onlyneedpowerful encryptioncapabilities, but alsothe speed. The design of MILENAGE carries out on a strictly one-wayencryption kernel function. The Rijndael algorithm has been adopted as thecore algorithm, because it is a powerful encryption algorithm. The Rijndaelhas the characters of high speed and efficient almost in every platform, verysuitable for the realization of the smart card, free to use, able to resist theadjacentchannelattacks,andhastheinputandoutputinterfaceinneed.The solution mentioned in this paper is completed by author during thecourse of training in an internal telecommunications company. The authortook part in the entire process, that make the solution to come true, includingthe requirement analyzing, designing, coding and testing. During therealizing period of the project, the quantityof effective code achieved 15,000lines. The requirement, analysis and design documents finally accumulatemorethan800pages. Becauseofthecompanysecurity,thecodeinthispaperhas alreadybeen processed, and it shows in pseudo code. But it doesn't thinkthiscaninfluencethedemonstrationofauthenticationagreementalgorithm.Now, the system based on this solution passed China Mobile's Initialperiod test. The system is being used commercially in Hungarian branch ofthe German Telecom, and run well. All of these are the affirmation of ourwork,andtheconfirmationofthepaperresult.Because the soft and hard environment in our university can not satisfythe application program, we can not see the eventual effect of the programwith our own eyes. But it is believed that in the near future the codes whichare running in the switchboard will be running in national even in the worldcommunication network providing users with better richer and newerexperiences. |
PDF Full Text Request