The Study, Based On The Tnc Ims Network Security Mechanisms

IP Multimedia Subsystem is proposed by 3GPP to support the IP multimedia services, with the characteristics of using SIP protocol, independence of the access approach, separation of bearer, control, service separation. It provides a common platform for multimedia services,and a basis for the fixed and mobile network convergence, the Internet and telecommunication network convergence. At the trend of network convergence, breaking the previous closed communication network, IMS inherits the openness and interconnectivity of IP network. Therefore security becomes one of the main subjects to be studied in the IMS network.First,the paper gives a deep study of the IMS security architecture, indicates the existing security risks. The IMS security architecture, including access security and network domain security, doesn't consider the user equipment itself. So the user equipment with low security is subject to attacks, when it has accessed to the IMS network and become a part of the network. As a result, it is concluded that IMS network has to constitute the network access security policy, which the access user equipments must comply with.Second, the paper proposes a new mechanism based on TNC and its SIP signaling flows in the study of the access flows. After the user equipment registered successfully, the new security mechanism begins the security evaluation. The user equipment collects security information, and transmits through the new defined SIP request message to the IMS network. Then IMS network evaluates user equipments according to the network access security policy. Only complying with the security policy, the user equipment can access to the IMS network properly, Or else, it should be quarantined with the failure list and remedial measures.Third, the function modules and expansion of SIP protocol are achieved on the base of oSIP stack. oSIP is not a complete SIP protocol stack. So it expands the new defined SIP CLIENT and header fields, and completes the functions of all modules, which are designed according to the hierarchical structure of SIP protocol. By a multi-threaded programming, it synchronizes the message listening, the timer time-out monitoring and the event handling, and avoids the multi-threaded operation of the same transaction at the same time with mutex.Finally, the paper achieves the TNC-based IMS security mechanisms and a simulation test in a Linux environment. On the base of SIP protocol expansion and functional modules, it completes SIP CLIENT and message callbacks, which embody different actions of IMS members. After that, the paper builds a simulation environment, and carries out a simulation test, which effectively confirms the correctness of SIP expansion and the feasibility of the new security mechanism.