Research On Security Of 3GPP IMS Network

With the continuous innovations of modern network technology and driving from consumers'market demands, the future telecommunication network will develop in the direction of convergence. Currently, research on network convergence is mainly based on IMS (IP Multimedia Subsystem) network. IMS network is based on SIP protocol, so it has the potential of converging different kinds of networks. Moreover, the IMS network is not correlated with the access types. Currently, research on IMS network has become a hot spot. IMS-based convergence schemes can provide uniform service for the fixed, mobile and Internet users, which best reduces complexity of the network architecture and operating costs of telecommunication operators. However, the convergence network also brings the security problem of originally networks as well as some new security threats.This dissertation focuses on research of 3GPP IMS network security, which includes access network security and network domain security. In our research work, we emphasize on access authentication scheme of mobile, fixed and Internet users in the convergence network. The main contents and innovations of this dissertation are listed as following:1. We did a state-of-the-art review of the history and current status of IMS network. We introduce the 3GPP IMS network architecture, including main components and interfaces of IMS. Then we concentrate on the 3GPP IMS network security mechanism, which includes mechanisms of IMS network access security and IMS network domain security. This is the basis of research work presented in this dissertation.2. We proposed an optimized and amendment scheme called ESAKA, which improves the efficiency of IMS AKA and achieves authentication of UE to S-CSCF and secure transferring of messages among networks. We analyzed the access authentication scheme of mobile users accessing into IMS network through the UMTS packet-switch domain, and discovered that during the process, both packet-switch domain and IMS will perform AKA(Authentication and Key Agreement) for users independently. These two operations are very similar and the costs of the communication are high. It is very inefficient because almost all involved steps in the two-pass authentication are duplicated. Moreover, Analyses of the IMS AKA protocol disclosed the vulnerability and masquerade attack to the protocol. 3. We proposed two access authentication schemes for fixed network users, respectively called USD and MP schemes. The new schemes can resolve the security problems between UE and P-CSCF efficiently and provides service of distinguishing for different fixed network users. We did research on the different mechanisms for fixed network users accessing to IMS networks, in which the NASS and RACS architectures are analyzed independently. To solve the problem that the standard ISIM-based authentication mechanism of IMS is only intended for mobile users and cannot be directly used by fixed users on stationary devices without SIM cards, we analyze three different approaches for fixed users accessing IMS networks. These approaches are introduced by TISPAN; they are NBA, IRG and AGCF.4. Based on the architecture of IMS network domain security, we did research on IPSec protocol, which includes IKE, AH and ESP protocols. Then we analyzed how to use IPSec protocol to provide IMS network domain security in NDS/IP environment.5. We propose AACN access authentication scheme which is based on MAA architecture for convergence network users. The new scheme could resolve security problems for different access network users in convergence network effectively. According to the development trends of NGN and telecommunication networks, we analyze the potential security problems after converging fixed, mobile and Internet networks based on IMS architecture.