Research And Design Of A Security Mechanism For IMS Access Layer

IMS is IP Multimedia Subsystem. It is a definition of a network architecture which can provide multimedia services based on the IP technology. It is an industry recognized key technology framework for the future development of the Internet.Operators using a variety of techniques to ensure the safety of the IMS core network, but they did not provide more security measures in the user access side.With the development of mobile Internet and the popularity of intelligent terminals, the working space of people has been greatly liberated. User groups proposed a scheme that linking the IP-PBX directly to the Internet. It will allow the intelligent terminals to access the Internet through more channels. Using smart mobile terminals people can work anywhere, anytime.The devices of IMS access layer will lose several security mechanisms of the core network. The introduction of an open Internet environment makes it face more security threats.The one-way authentication led to the "counterfeit server attacks". Communication contents leak due to the lack of security measures. For those confidential communications which are protected by key, Security agencies and law enforcement authorities can not effectively monitor. These are three security issues need to be addressedBased on the research of IMS network, a security model for IMS access side is porposed on the basis of the existing framework of the SIP protocol.By extending the SIP header fields based on the original SIP protocol framework, these security issues are addressed separately from three aspects.1. By using a reverse HTTP digest authentication protocol, two-way authentication between the terminal and the server is completed.2. By using the DH key exchange algorithm, independent session key consultation between terminals is achieved.3. By proposing a two-stage DH key exchange algorithm, lawful interception for secure communication between terminals is carried out.The security model is implemented on the basis of the relevant open source library. Test results show that the security model can effectively adress the security issues. The average delay time of ten thousand tests is acceptable.