Study Program Master Telecommunications and Internet Technologies

Course Application Prototyping

LECTURE NOTE 4
Version: Datum: 2.2 12.03.2010

IP MULTIMEDIA SUBSYSTEM (IMS)
Identities, Authentication and Registration

Dipl.-Ing. Franz Edler

Part 4: IMS Identities, Authentication and Registration

CONTENTS:
1. Overview................................................................................................................................ 3 1.1. Content of the course ....................................................................................................... 3 1.2. Structure of the course ..................................................................................................... 3 1.3. Preconditions and further readings and exercises.............................................................. 3 1.4. Questions and exercises ................................................................................................... 4 1.5. Target audience................................................................................................................ 4 2. IMS Identities......................................................................................................................... 5 2.1. The Public User Identity (IMPU) ..................................................................................... 5 2.2. The Private User Identity (IMPI)...................................................................................... 5 2.3. Relationship between Private and Public User Identities .................................................. 6 2.4. The Public Service Identity .............................................................................................. 6 2.5. The Universal Integrated Circuit Card (UICC) ................................................................. 7 2.5.1. Subscriber Identity Module (SIM)............................................................................. 7 2.5.2. Universal Subscriber Identity Module (USIM) .......................................................... 7 2.5.3. IMS Subscriber Identity Module (ISIM).................................................................... 7 3. IMS registration.................................................................................................................... 10 3.1. The simple SIP registration ............................................................................................ 10 3.2. The more complex IMS registration............................................................................... 11 3.3. Other registration algorithms.......................................................................................... 20 3.3.1. GPRS-IMS-bundled Authentication ........................................................................ 20 3.3.2. NASS-IMS-bundled authentication ......................................................................... 20 3.3.3. TLS Connection Establishment ............................................................................... 21 3.3.4. Summary on access security algorithms .................................................................. 21 3.4. The subscription to the Registration Event State............................................................. 22 3.5. A few remarks on the role of the P-CSCF during registration......................................... 24 4. Exercises and Questions ....................................................................................................... 25 5. References............................................................................................................................ 28 5.1. Books on Session Initiation Protocol.............................................................................. 28 5.2. Books on IP Multimedia Subsystem............................................................................... 28

Author: Dipl.-Ing. Franz Edler

page: 2 / 28

openimscore. other literature or the Internet3.1.2. The IP Multimedia Subsystem is based on SIP2 and therefore will provide not only voice services (telephony) but also multimedia communications. Two of them (the “yellow” and the “red” book) are preferred by the author. STRUCTURE OF THE COURSE The course actually comprises the following parts: 1. Presence and Push-to-Talk 10. Basic Session Control 6. IP-TV 1.Part 4: IMS Identities.-Ing. Access networks and PCC 9.com/ 4 Open IMS Core project of Fraunhofer Fokus http://www. which give deep insight into IMS. Basic Technologies: SIP recap and new protocols and extensions 3. IMS network architecture 4. Charging and Security Architecture 8. Authentication and Registration 1. IMS Identities.3. User Profile and Provision of Services 7. There are also some books available. The student is encouraged to recap the knowledge from other courses. The “Open IMS Core” project of Fraunhofer Fokus4 (an Open Source project) offers an ideal basis to challenge 1 2 TDM = Time Division Multiplex SIP = Session Initiation Protocol. The author also encourages the students to look up in the mentioned standards. Franz Edler page: 3 / 28 . IMS means the architecture and concepts of the new Internet based communications networks. because this is the only firm basis in case of some issues and discussions in your future professional career. 1. The IMS further on enables the integration of all available internet protocols and services even if not known today. in SIP and some of the SIP protocol extensions. IMS Overview and Standards 2.tech-invite. which will replace the traditional TDM1 based fixed and mobile networks in the coming years. OVERVIEW 1.org/ Author: Dipl. But of course there are more books available meanwhile and further books will come up in the future (see chapter 0). PRECONDITIONS AND FURTHER READINGS AND EXERCISES The students should have as precondition for this course a solid background in basic internet technologies. Part 2 of this course (Basic Technologies) covers some of the mentioned technologies more as a short recap without offering all details. RFC 3261 3 I strongly recommend the Tech-Invite portal http://www. Authentication and Registration 5. CONTENT OF THE COURSE The course offers in depth knowledge on the IP Multimedia Subsystem (IMS). For the best result of the course practical exercises should be done in parallel. PSTN Simulation and Emulation 11.

which gives a more realistic environment for e. Author: Dipl. 1. QUESTIONS AND EXERCISES At the end of each part the student can find some questions which should help to get feedback on the core points of the course.4.-Ing. 1. To overcome the barriers of installation a VMware image of Open IMS Core is also available for download including some “How-To” instructions. The student should be able to answer the questions and exercises at the end of the course. Franz Edler page: 4 / 28 . Authentication and Registration the theoretical knowledge. Due to the limited amount of time for the course the author can only give some hints and examples how to handle the “Open IMS Core” software on Linux.5. There is also an implementation of OpenIMSCore on a public server of the University available. development of master theses of students.Part 4: IMS Identities. TARGET AUDIENCE The target audience of this course are students on bachelor degree in the upper classes on telecommunications systems and students for the master degree of “Telecommunications und Internet-technology”.g.

2. There are MAC addresses on the link layer.g.com” including a non numeric user part (typically the name of the user). Franz Edler page: 5 / 28 . addressing and identification To avoid confusion: also the private identity in this example is addressed by a Public User Identity! 7 The world-wide telephone numbering scheme is structured according to ITU-T Recommendation E. for private6 and business purposes. The “+” sign identifies the telephone number as an international format number including a country code prefix. PSTN/ISDN and also telephone number oriented mobile networks7 which are in use today will still be in operation during the next years.g. to activate a call diversion to a mailbox for business calls during weekend while still being reachable for calls addressed to his private identity. PABX8). The Public User Identities may be associated with different service profiles and this allows a user e.164 numbers”.1. THE PRIVATE USER IDENTITY (IMPI) The Private User Identity is in contrast to the Public User Identity a hidden identity of an IMS terminal and it is used only for authentication during the IMS specific registration procedure (see chapter 3). 2. 5 6 Details can be found in TS 23.last@operator.g. 2. Besides the common Public User Identity which addresses exactly one user. IMS IDENTITIES Every communications network requires that its users can be addressed. which looks quite similar. The realm of the Private User Identity usually corresponds to the domain name of the operator. there are also wildcarded Public User Identities defined.003: Numbering. 8 PABX = Private Automatic Branch Exchange 9 RFC 4282: The Network Access Identifier Author: Dipl. IP addresses at the network layer and on the application layer – which is IMS in our case – there are also specific identities to address users and services5. Such a TEL URI looks like “tel:+43-2252-48078”. THE PUBLIC USER IDENTITY (IMPU) An IMS user has one or more Public User Identities in the format of SIP URIs or TEL URIs. Therfore we often speak about “E.164. The Private User Identity may not be known to the customer. These wildcarded Public User Identities are used to address a set of Public User Identities which are grouped together and which is typically used for registration of a group of users (e.-Ing. Therefore it is important for an IMS user to be also reachable via a traditional phone number and in fact each IMS user will always have an additional TEL URI allocated in parallel to a SIP URI. IMS enables terminals to use more than one Public User Identity in parallel. The same terminal can therefore be used e.Part 4: IMS Identities. The Private User Identity is not a SIP URI but a Network Access Identifier (NAI9). The Public User Identities are the identities known to other communication partners and used to route requests through the IMS network. It corresponds to the IMSI (International Mobile Subscriber Identity) in GSM networks. The Public User Identity is expected to be a typical SIP URI like “sip:first. but the obvious difference to a SIP URI is the missing “sip:” scheme. A typical Private User Identity looks like “username@realm”. Authentication and Registration 2.

which are allocated to user. Service Profiles are assigned to all Public User Identities. The Service Profiles can be different for different Public User Identities or the Service Profiles can also be shared among several Public User Identities. THE PUBLIC SERVICE IDENTITY Besides subscriber oriented identities there are also service oriented identities defined. Authentication and Registration 2. Public User Identity 1 Implicitly Registered ID Set 1 Service Profile 1 Private User Identity 1 Public User Identity 2 Service Profile 2 Public User Identity 3 IMS Subscription Public User Identity 4 Implicitly Registered ID Set 2 Service Profile 3 Private User Identity 2 Public User Identity 5 Public User Identity 6 Implicitly Registered ID Set 3 Service Profile 4 Figure 1: Relationship between Private and Public User Identities (TS 23. an application server hosting a chat room service or a voice-mail service may be identified by a PSI. Interestingly the same Public User Identity may be allocated to multiple Private User Identities. For instance. The IMS subscription on the left side corresponds to the legal contract of an IMS subscriber with a service provider. Author: Dipl. Public Service Identities (PSI) are identities allocated to services hosted by application servers. Each Private User Identity may have one ore more Public User Identities assigned. This enables the well known “SIP forking” behaviour where more than one IMS terminal is addressed with the same Public User Identity. Each terminal in a 3GPP network needs an ISIM and therefore more than one Private User Identity may be required by a subscriber who uses more than one terminal.-Ing. Due to this structure we can expect a lot of flexibility in assigning identities and service profiles.4.3. Franz Edler page: 6 / 28 . RELATIONSHIP BETWEEN PRIVATE AND PUBLIC USER IDENTITIES The Relationship between Private and Public User Identities is depicted in Figure 1 as it is defined in Release 8.Part 4: IMS Identities. Unlike the Public User Identities (PUID). A subscriber may use more than one IMS terminal and in this case he requires more than one Private User Identity because a Private User Identity corresponds to an ISIM application on an UICC card.228) 2.

phonebook. subscription information. with a USIM or with both applications in the same UICC. An USIM provides another set of parameters (similar in nature. IMS SUBSCRIBER IDENTITY MODULE (ISIM) A third application that may be present in the UICC is the ISIM (IMS Subscriber Identity Module )11. authentication information. The ISIM application is important for the IMS. THE UNIVERSAL INTEGRATED CIRCUIT CARD (UICC) The Universal Integrated Circuit Card is a central component in the access security architecture – at least in mobile networks. The USIM is used to access UMTS networks. user authentication and terminal configuration when the terminal operates in the IMS. Erroneously the UICC card is often termed SIM card but as explained above SIM is an application on the UICC. The USIM application may be present on an UICC in addition to a SIM application. For routing of requests addressed to a PSI there are several possibilities. 2.103: Characteristics of the IP Multimedia Services Identity Module (ISIM) application Author: Dipl. PSIs do not have an associated Private User Identity because they do not need an IMS registration and authentication procedure to be reachable.5. and storage for messages. 2. 3GPP TS 31. A chat room service may be addressed by the wildcard PSI "sip:chatlist!.5. authentication keys. user preferences.2. The SIM application provides storage for a collection of parameters (e. and messages. It is used to store.com" whereby the “!” is a delimiter for the regular expression. payment methods. because it contains the collection of parameters that are used for user identification. Unlike Public User Identities. among other things. The most obvious one is to use iFCs (initial Filter Criteria10) to forward requests to the AS hosting the PSI but an alternative may also be to forward a PSI directly to the I-CSCF to the AS (domain based routing).5. UNIVERSAL SUBSCRIBER IDENTITY MODULE (USIM) The USIM (Universal Subscriber Identity Module) is another example of an application that resides in UICCs for third-generation mobile networks (UMTS). user subscription information. There are two categories of PSIs defined: distinct PSI and wildcard PSI. 10 11 Details on iFC are covered in part 6 of the lecture. Authentication and Registration Like Public User Identities.Part 4: IMS Identities. SUBSCRIBER IDENTITY MODULE (SIM) The Subscriber Identity Module (SIM) is well known term in mobile networks of 2nd generation (GSM). Franz Edler page: 7 / 28 . 2. and storage of messages) that are essential for the operation of terminals in GSM networks. 2.*!@example. The UICC contains various applications and the following “identity modules” are applications of an UICC.g. An ISIM can co-exist with a SIM. authentication keys.-Ing.5. but different from those provided by SIM) which include user subscriber information. A wildcard PSI allows a certain address pattern to be routed towards an application server. The UICC is the well known smart card used in mobile handsets today.3.. PSIs may take the format of a SIP URI or a TEL URL.1.

. Franz Edler page: 8 / 28 .. ISIM Private User Identity Public User Identity 1…n . meaning that the user cannot modify the values of the parameters. The IMS terminal uses the integrity key to integrity-protect the SIP signalling that the IMS terminal sends to or receives from the P-CSCF. The relevant parameters stored in ISIM are as follows: Private User Identity: Public User Identity: ISIM stores the Private User Identity allocated to the user. forgery or duplication.-Ing.Part 4: IMS Identities. All of the above-mentioned fields are read-only. There can only be one Private User Identity stored in ISIM. Home Network Domain URI: ISIM stores the SIP URI that contains the home network domain name. Authentication and Registration Figure 2 depicts the structure of the ISIM application. the IMS terminal uses the cipher key to encrypt and decrypt the SIP signalling that the IMS terminal sends to or receives from the P-CSCF. There can only be one home network domain name URI stored in ISIM. ISIM stores one or more SIP URIs of Public User Identities allocated to the user. and information stored on the card is protected from theft. In addition the chip itself is designed to be tamper-proof. If the signalling is encrypted. Public User Identity Public User Identity Home Network Domain URI Long-term Secret Figure 2: Structure of an ISIM application Author: Dipl. Long-term secret: ISIM stores a long-term secret that is used for authentication purposes and for calculating the integrity and cipher keys used between the terminal and the network. This is used to find the address of the home network during the registration procedure.

In case of SIM the derived algorithms cannot provide the same strong security features but that may be acceptable for a transition period. Author: Dipl. This leads to some restrictions in the assignment of identities.Part 4: IMS Identities. Franz Edler page: 9 / 28 . Authentication and Registration During early introduction of IMS it might be an economic and logistic problem to exchange UICC cards with a SIM or USIM application with an additional ISIM application.-Ing. Therefore special algorithms have been defined as a workaround to derive the necessary parameters for Access to the IMS from parameters of a SIM or USIM application.

The value of the “response” parameter is the result of a digest calculation including among other the nonce value. The client may also authenticate the server but this is rarely used. The REGISTER request contains the AoR (Address-of-Record) of the registering user in the “To” header field and usually also in the “From” header field12. IMS REGISTRATION 3. Therefore the registrar rejects the REGISTER request with a “401 Unauthorized” response (2). Authentication and Registration 3. The UA then sends a second REGISTER (3) request including an “Authorization” header field with a “username” and a “response” parameter value. From above procedure we see that the registration procedure in SIP usually needs two REGISTER transactions to be successful.Part 4: IMS Identities. Figure 3: Registration in a SIP network The SIP user agent (UA) sends a REGISTER request (1) to the registrar server of its domain. the username and the password. THE SIMPLE SIP REGISTRATION SIP already offers a registration procedure based on the REGISTER method. After successfully verifying the response parameter the registrar server accepts the registration and responds with “200 OK” (4). 12 Remember: Only in case of a 3rd party registration the” From” header field is different from ”To “header field. In SIP (as with HTTP from where the Digest Authentication procedure is reused) only a one-way authentication is used: the server always authenticates the client. But in principle also a two-way (mutual) authentication can be applied.1.-Ing. The registrar server usually verifies the identity of a user with help of the HTTP digest algorithm. It contains the identity of the registering user Author: Dipl. The principle registration procedure in SIP is shown in Figure 3. This failure response contains a “WWW-Authenticate“ header field with a “realm” and a “nonce” parameter value which is offered to the UA for authentication. The first REGISTER request usually does not include the credentials (username/password) of the user. Franz Edler page: 10 / 28 .

Authentication and Registration 3. Therefore the HTTP digest algorithm has been enhanced by 3GPP with an “Authentication and Key Agreement” (AKA) mechanism which performs user authentication and session key distribution in UMTS networks14. The home network informs the user about additional Public User Identities which the user may use.2. The secret key is shared between the IMS terminal and the HSS. Figure 5 shows the registration message flow in IMS and Figure 4 shows an example content of the REGISTER request (message 1) sent by an IMS terminal to the P-CSCF. Like in the “simple SIP registration” based on the HTTP digest algorithm the HTTP Digest Authentication with AKA also only requires two REGISTER transactions. • • • • • • Care has been taken to include all above mentioned additional tasks within the two REGISTER transactions to not increase the number of round trips. e.: • • The username/password combination can be re-used by anyone else if disclosed. 13 14 RFC 2617: HTTP Authentication RFC 3310: HTTP Digest Authentication using AKA (AKAv1-MD5) Author: Dipl.-Ing. The network authenticates the user but also the user authenticates the network. THE MORE COMPLEX IMS REGISTRATION Within IMS the same REGISTER based registration mechanism is used. Security-Server and Security-Verify header). Additional information elements are piggybacked on REGISTER requests and responses. The ”path” is created and stored by the S-CSCF by which the S-CSCF always knows how the IMS terminal can be reached (Path header). A security mechanism is negotiated between the IMS terminal and the P-CSCF. The negotiation procedure also prevents a “bid-down” attack by a “man-in-the middle” (based on Security-Client. Franz Edler page: 11 / 28 . No session keys are generated during authentication.Part 4: IMS Identities. but the HTTP digest algorithm of RFC 261713 has some limitations which have not been accepted by 3GPP. but because the HSS only “talks” diameter the role of a registrar server is delegated to the S-CSCF. Therefore the registration procedure is somewhat “overloaded” compared to the simple SIP registration mechanism shown in Figure 3. An encryption and an integrity key are provided to protect the first hop (from IMS terminal to the P-CSCF). Security associations (IPsec based) are setup between the IMS terminal and the P-CSCF. In case the P-CSCF is in a visited network the home network verifies if a valid roaming agreement exists and if the user is allowed to roam. But there is a list of additional tasks which are accomplished now during the registration procedure as follows: • • • • An S-CSCF out of a pool of S-CSCF is selected and assigned to the UE.g. A “service-route” is provided by the S-CSCF to be used by the IMS terminal as a preloaded signalling Route (Service-Route header). A signalling compression algorithm is negotiated (comp-parameter). The authentication is a mutual one.

• • • • REGISTER sip:homel.authentication algorithm (hmac-sha-1-96) . spi-s=0293020. It contains the “username” parameter with the value of the private user identity and the “realm” parameter with the name of the home network. spi-c=3929102.net> Contact: <sip:[1080::8:800:200C:417A].uri="sip:homel. The “expires” value at the Contact header field is rather high (600000 seconds which is about 7 days).net>.0/UDP [1080::8:800:200C:417A]. response="" Security-Client: ipsec-3gpp. In addition to the two REGISTER transactions this figure also shows the diameter transactions between I/S-CSCF and the HSS and 15 RFC 3329: Security Mechanism Agreement for SIP Author: Dipl. “Via” and “Contact” header contain a “comp=sigcomp” parameter to tell the P-CSCF that signalling compression is supported by the IMS terminal.nonce="".net".security mechanism (ipsec-3gpp) . Background: the short term periodic refresh is not necessary due to the security association between UE and P-CSCF which is activated during initial registration. The “Supported” header field shows support for the “Path” header extension.net". alg=hmac-sha-l-96.net SIP/2.Part 4: IMS Identities.-Ing. ealg=aes-cbc. Authentication and Registration Compared with the REGISTER request in a simple SIP registration we can recognize in Figure 4 the following differences and additions: • • • • The physical IP addresses in “Via” and “Contact” header are IPv6-addresses.tag=s8732n To: <sip:alice@homel.comp=sigcomp>. port-s=5059 Require: sec-agree Proxy-Require: sec-agree Cseq: 1 REGISTER Supported: path Content-Length: 0 Figure 4: (1) REGISTER The complete IMS registration flow is shown in Figure 5.utran-cell-id-3gpp=C359A3913B20E From: <sip:alice@homel.security parameter IDs (spi) and port numbers for the security associations The “Require” and “Proxy-Require” header fields request the “sec-agree” extension15. branch=z9hG4bK9h9ab Max-Forwards: 70 P-Access-Network-Info: 3GPP-UTRAN-TDD.port-c:3333. An “Authorization” header field is already present in the first REGISTER request. The “Security-Client” header field contains parameters for the security association: .0 Via: SIP/2. realm="homel. Franz Edler page: 12 / 28 .comp=sigcomp. The “P-Access-Network-Info” header field carries information about access technology and location.net".encryption algorithm (ealg=aes-cbc) .expires=600000 Call-ID: 23fi571ju Authorization: Digest username="alice_private@homel.

-Ing. and the home network domain URI. IMS Terminal (1) REGISTER (2) REGISTER (3) Diameter UAR (4) Diameter UAA (5) REGISTER (6) Diameter MAR (7) Diameter MAA (8) 401 Unautorized (9) 401 Unautorized (10) 401 Unautorized (11) REGISTER (12) REGISTER (13) Diameter UAR (14) Diameter UAA (15) REGISTER (16) Diameter SAR (17) Diameter SAA (18) 200 OK (19) 200 OK (20) 200 OK • P-CSCF I-CSCF HSS S-CSCF (21) SUBSCRIBE (22) 200 OK (23) NOTIFY (24) 200 OK (25) SUBSCRIBE (26) SUBSCRIBE (27) 200 OK (28) 200 OK (29) NOTIFY (30) NOTIFY (31) 200 OK (32) 200 OK Figure 5: Complete IMS registration flow including subscription to reg event Author: Dipl. In case more than one Public User Identity is contained on the ISIM one is selected for the registration. The Private User Identity is used for authentication.Part 4: IMS Identities. Authentication and Registration two subscriptions to the registration event: one subscription by P-CSCF and another by the IMS terminal. Before the IMS terminal sends the first REGISTER request it retrieves from the ISIM the Private User Identity. These three parameters are used as follows: • • The home network domain is used to address the REGISTER request towards the responsible network (request URI of the REGISTER request) A Public User Identity is used as Address-of-Record in “To” and “From” header field. It is used as “username” parameter value in the Authorization header. Franz Edler page: 13 / 28 . a Public User Identity.

Due to caching mechanisms the explicit DNS query is usually only done once during the TTL (time-tolive).-Ing. The I-CSCF sends a diameter UAR (User Authentication Request) to the HSS (3). The answer of the HSS is a diameter UAA request (User Authentication Answer). Franz Edler page: 14 / 28 . Authentication and Registration The IMS terminal sends the REGISTER request (1) to the P-CSCF which it has discovered during the IP attachment procedure. After this additional modifications (the regular SIP protocol based modifications like inserting a “Via” header field are not mentioned here) the P-CSCF sends the REGISTER request (2) to an I-CSCF in the home network of the user. but it has access to the HSS and therefore it queries the HSS (this is where the name “Interrogating” comes from).Visited Network Identifier which the I-CSCF extracts from the REGISTER request. 16 Author: Dipl.in case of a subsequent registration: the address (SIP URI) of an already allocated S-CSCF. The HSS checks if a user with the mentioned Private and Public User Identity exists and if it is allowed to roam in the mentioned visited network.Private User Identity . 17 The capabilities are not defined in the standard only the selection mechanism. or . The addresses of the I-CSCFs therefore have to be published in the DNS by each network provider. The P-CSCF then inserts • • • a “P-Visited-Network-ID” header field which identifies the network where the P-CSCF is located and sends the REGISTER.in case on an initial registration: a set of capabilities which are required to support the registering user. and a “P-Charging-Vector” header field for charging purposes. The I-CSCF does not have any state information about users of the network.Part 4: IMS Identities. There are mandatory and optional capabilities17 and the I-CSCF has the knowledge about all available S-CSCF in the network and their capabilities. The capabilities have a numeric value and their semantics are defined by the network operator. The UAA contains . Now the I-CSCF selects an S-CSCF (or uses the already allocated one) and forwards the REGISTER request to the selected S-CSCF (5). The REGISTER request may now look as shown in Figure 6. The UAR contains the three parameters (as AVPs) . “Path” header-field with its own URI to request the home network of the user to send all requests towards the user through this P-CSCF. What is the difference of above REGISTER request compared to the REGISTER sent by the IMS terminal? This is the well known “Locating SIP servers” procedure defined in RFC 3263 and not shown in the flow diagram. The I-CSCF uses the set of capabilities which it receives in case of the first registration of a user to select an appropriate S-CSCF.Public User Identity . The I-CSCFs shield the core network of S-CSCFs from direct access by other domains and they often operate in a loadsharing mode. But how does a P-CSCF know the addresses of an I-CSCF of the home network of the user? The P-CSCF queries the DNS for addresses of SIP server(s) of the respective domain16.

The “pseudo”-user “term” will tell the P-CSCF in that case that the routing is a terminating one.uri="sip:home1. secret key …) of a user. There is the” Supported” and “Required” header field for the “path” feature and the “Path” header field.branch=z9hG4bKealdof. Authentication and Registration Of course we now have three VIA-header fields (only the first has the comp=sigcomp parameter) The Authorization header field has got the additional parameter “integrity-protected” added by the P-CSCF.net SIP/2. which reflects that this time the REGISTER request is not integrity protected.net.net.visitedl. The Path header will than contain two addresses.Part 4: IMS Identities.-Ing. Franz Edler page: 15 / 28 .net". There is the “P-Visited-Network-ID” header field added by the P-CSCF which reveals that the user is actually roaming. nonce="". username.branch=z9hG4bK9h9ab Max-Forwards: 68 P-Access-Network-Info: 3GPP-UTRAN-TDD. The “P-Charging-Vector” header field inserted by the P-CSCF contains the “icid”-parameter. Author: Dipl.net>. realm="homel.comp=sigcomp.net".expires=600000 Call-ID: 23fi571ju Authorization: Digest username="alice_private@homel. which contains the address of the P-CSCF (only18).homel.O/UDP icscfl.O/UDP pcscfl. The S-CSCF itself does not have any authentication data (e.branch=z9hG4bKoh2qrz.visitedl. This helps to correlate charging messages generated by different nodes during a transaction.net". This parameter (IMS charging identifier) uniquely identifies a transaction en-route trough all network nodes. SIP/2.utran-cell-id-3gpp=C359A3913B20E From: <sip:alice@homel.comp=sigcomp>.O/UDP [1080::8:800:200C:417A]. These have been inserted by the P-CSCF. these are strictly kept within the HSS.net. integrity-protected="no" Require: path Supported: path Path: <sip:term@pcscf1. SIP/2.g. 19 The S-CSCF may request more than one authentication-vector for a user to avoid contacting the HSS every time it needs to authenticate the user again. • • • • • REGISTER sip:homel.lr> P-Visited-Network-ID: "Visited 1 Network" P-Charging-Vector: icid-value="W34h6dlg" Cseq: 1 REGISTER Content-Length: 0 Figure 6: (5) REGISTER When the S-CSCF receives the REGISTER request it takes the role of a SIP registrar server.net> Contact: <sip:[1080::8:800:200C:417A]. The address in the Path header will be used by the S-CSCF to populate the Route header field in case of terminating requ ests.response="".tag=s8732n To: <sip:alice@homel.0 Via: SIP/2. Up to now this might be done by the I-CSCF when it cares for topology hiding. To be able to authenticate the user the S-CSCF asks the HSS for one or more19 authentication vectors with a diameter request MAR (Multimedia 18 In principle other network nodes en-route to the S-CSCF can add their address.

branch=z9hG4bKoh2qrz. SIP/2. ik="4ef7e4dfadbab533b3ffbb17f8495a5d" Cseq: 1 REGISTER Content-Length: 0 Figure 7: (8) 401 Unauthorized The “401 Unauthorized” response is sent via I-CSCF to the P-CSCF (well known response routing based on the Via header field).tag=409sp3 Call-ID: 23fi571ju WWW-Authenticate: Digest realm="homel.O/UDP [1080::8:800:200C:417A]. The S-CSCF now inserts RAND.branch=z9hG4bKealdof. RAND and AUTN are concatenated and coded into the “nonce” parameter of the HTTP-digest algorithm. The HSS creates above parameters based on the secret key that it shares with the IMS terminal.visitedl. The P-CSCF now strips the “ck” and “ik” parameter from the “WWW-Authenticate” header field and additionally inserts a “Security-Server” header field.tag=s8732n To: <sip:alice@homel. IK and CK value are added as separate parameters. Franz Edler page: 16 / 28 .net>. . Authentication and Registration Authentication Request) and additionally informs the HSS that it is now (preliminarily) assigned for this user.net".O/UDP icscfl.a session key for integrity check (IK) and .a network authentication token (AUTN).0 401 Unauthorized Via: SIP/2.a session key for encryption (CK). nonce=Mdcd98b7102dd2i0e8blld0i600bib0c093".Part 4: IMS Identities. algorithm=AKAvl-MD5.-Ing. The “ck” and “ik” parameter are stripped because if these are transported on an unencrypted channel it would make the keys useless.net. .net. they could easily be read by an attacker.O/UDP pcscfl. SIP/2. AUTN.a random challenge value (RAND).ck="79b1f9534ac95134a31cdc50247d011c". IK and CK into the WWW-Authenticate header field of a “401 Unauthorized” response according to the HTTP Digest AKA. SIP/2. The resulting “401 Unauthorized” response sent by the S-CSCF is shown in Figure 7 .the expected answer of the terminal (XRES). The “Security-Server” header field inserted by the P-CSCF contains the offered security algorithms and the security parameters for the security association to be set-up. The HSS returns the authentication vector(s) in a diameter MAA (Multimedia Authentication Answer) message.branch=z9hG4bK9h9ab From: <sip:alice@homel.comp=sigcomp. The XRES parameter is kept by the S-CSCF to check if the next REGISTER request contains the correct response parameter.homel.net>. . Author: Dipl. An authentication vector contains a quintuple of data: . The “401 Unauthorized” response finally received by the IMS terminal is shown in Figure 8.

Part 4: IMS Identities. q=0. 20 This verification uses a sequence number (SQN) that is shared between IMS terminal and HSS and contained within the encrypted AUTN string. port-s=5058 Cseq: 1 REGISTER Content-Length: 0 Figure 8: (10) 401 Unauthorized The IMS terminal now recognizes that it is unauthorized and that it has to authenticate according to the AKAv1-MD5 algorithm. It than produces the response to the challenge (RAND value) and also re-calculates the encryption and integrity keys (based on the RAND value) that have been eliminated by the P-CSCF.tag=s8732n To: <sip:alice@homel. alg=hmac-sha-l-96. From now on the request in not encrypted and integrity protected anymore because it is now sent within the trusted area.net>. The “Security-Verify” header field protects against a bid-down attack21. spi-s=421909. the strongest security mechanism from the list. 21 A bid-down attack may happen if an attacker removes e. The P-CSCF would immediately recognize a manipulation as long as it cannot be done in real-time. algorithm=AKAvl-MD5 Security-Server: ipsec-3gpp.g.1. The IMS terminal again sends this REGISTER request (11) to the P-CSCF. This time the answer of the HSS (UAA) contains the address of the already assigned S-CSCF and the I-CSCF forwards the request to this S-CSCF. It first extracts AUTN and RAND out of the “nonce” value. If the validation is successful it adds an “integrity-protected” parameter with value “yes” to the “Authorization” header field and forwards the request to an I-CSCF (12).-Ing. The P-CSCF decrypts the received REGISTER request and validates it integrity based on the CK and IK value it previously has kept back. port-c:4444.g DNS based load balancing – again asks the HSS in a diameter sequence (UAR/UAA) for routing information to an S-CSCF.the “nonce” and “response” parameter in the Authorization header and . Authentication and Registration SIP/2. The I-CSCF – which may be a different one than the I-CSCF used at the first REGISTER request due to e. An additional important difference to the first REGISTER request is. nonce=Mdcd98b7102dd2i0e8blld0i600bib0c093". Author: Dipl.tag=409sp3 Call-ID: 23fi571ju WWW-Authenticate: Digest realm="homel. Compared with the first REGISTER request in Figure 4 the second REGISTER request(11) now contains .comp=sigcomp. Franz Edler page: 17 / 28 .net>. branch=z9hG4bK9h9ab From: <sip:alice@homel.0 401 Unauthorized Via: SIP/2. This REGISTER request is shown in Figure 9.a “Security-Verify” header field that mirrors the content of the “Security-Server” header field.net". that now the request is already encrypted and integrity protected and it is sent/received on the ports exchanged in “Security-Client” and “Security-Server” header field parameters. The CK and IK value together with the “Security-Client” and “Security-Server” header fields enable the IMS terminal to setup two secure associations with the P-CSCF (one for each direction) and to send the second REGISTER request already encrypted and integrity protected to the P-CSCF. AUTN is used by the IMS terminal to authenticate the network20. spi-c=909767. ealg=aes-cbc. The second REGISTER request (11) is shown in Figure 9.0/UDP [1080::8:800:200C:417A].

net. branch=z9hG4bK9h9ab Max-Forwards: 68 P-Access-Network-Info: 3GPP-UTRAN-TDD. expires=600000 Call-ID: 23fi571ju Authorization: Digest username="alice_private@homel.0 Via: SIP/2.comp=sigcomp.visitedl.Part 4: IMS Identities.net".net SIP/2.comp=sigcomp. spi-s=421909. REGISTER sip:homel. algorithm=AKAvl-MD5. branch=z91iG4bK91i9ab Max-Forwards: 70 P-Access-Network-Info: 3GPP-UTRAN-TDD. port-c:4444. spi-c=909767. q=0.utran-cell-id-3gpp=C359A3913B20E From: <sip:alice@homel.1.net".0/UDP icscfl.nonce=ndcd98b7102dd2f0e8blld0f600bfb0c093".0/UDP [1080::8:800:200C:417A]:5059. realm="home1. Via: SIP/2.visitedl.net.O/UDP [1080::8:800:200C:417A]:5059.net".tag=s8732n To: <sip:alice@homel.tag=s8732n To: <sip:alice@homel.homel. port-s=5058 Require: sec-agree Proxy-Require: sec-agree Cseq: 2 REGISTER Supported: path Content-Length: 0 Figure 9: (11) REGISTER The final REGISTER request (15) received by the S-CSCF is shown in Figure 10 below.O/UDP pcscf1.comp=sigcomp>.branch=z9hG4bKealdof. integrity-protected="yes" Require: path Supported: path Path: <sip:term@pcscf1. response=n6629fae49393a05397450978507c4efl" Security-Verify: ipsec-3gpp.lr> P-Visited-Network-ID: "Visited 1 Network" P-Charging-Vector: icid-value="W34h6dlg" Cseq: 2 REGISTER Content-Length: 0 Figure 10: (15) REGISTER Author: Dipl.net>.net".utran-cell-id-3gpp=C359A3913B20E From: <sip:alice@homel. Authentication and Registration REGISTER sip:homel.net". uri="sip:homel.net.-Ing.nonce="dcd98b7102dd2f0e8blld0i600bfb0c093".net> Contact: <sip:[1080::8:800:200C:417A]:5059. Franz Edler page: 18 / 28 .branch=z9hG4bKoh2qrz.net".comp=sigcomp>. expires=600000 Call-ID: 23fi571ju Authorization: Digest username="alice_private@homel. response="6629fae49393a05397450978507c4efl". ealg=aes-cbc.0 Via: SIP/2. Via: SIP/2.net> Contact: <sip:[1080::8:800:200C:417A]:5059.net SIP/2.net>. algorithm=AKAvl-MD5. realm="home1. alg=hmac-sha-l-96.uri="sip:homel.

In addition two security associations are set up. The user profile is an important piece of information associated with a Private User Identity. 23 Further details on the User Profile and the initial Filter Criterias are covered by another part of the course. The “Service-Route” header field contains usually the S-CSCF and may additionally also contain an I-CSCF in case of topology hiding. among other things. • The S-CSCF knows how it can reach the IMS terminal when it is addressed by one of the associated Public User identities (Path Header field). the user profile also contains the initial filter criteria (iFC). Figure 11 shows the “200 OK” response as it is received at the IMS terminal.Part 4: IMS Identities. associated URIs are known by the terminal …etc. We can see in this example that three additional Public User Identities may be used by the IMS terminal. the S-CSCF will route these requests via the list of URIs included in the Path header field and the contact address in this order. It also includes the “Service-Route” header field which contains the list of SIP servers that must be traversed in addition to the P-CSCF when the IMS terminal sends dialog initiating or standalone requests into the network. Later. Next the S-CSCF prepares the “200 OK” response for the REGISTER request to be sent to the user. • The IMS terminal knows which Route it must use for dialog initiating or standalone requests (P-CSCF plus Service Route header field). Franz Edler page: 19 / 28 . The HSS returns the user profile in a diameter SAA (Server Assignment Answer) message. Additionally. It may be used to easily register a group of users behind a PBX. It includes a “P-Associated-URI” header field that contains all Public User Identities allowed to be used by the IMS terminal and which are implicitly registered. which is the collection of triggers that determine when a SIP request is forwarded to an Application Server that will provide the service23. This list always includes the P-CSCF and sometimes also the I-CSCF. when dialog initiating or stand alone requests to the user have to be forwarded. Authentication and Registration The S-CSCF now validates the credentials (it compares the “response” parameter value with the expected result “XRES” of the associated authentication vector) and if this is successful the user is authenticated. It includes.-Ing. a compression algorithm is negotiated. The S-CSCF now informs the HSS that it is definitely allocated as the S-CSCF of the user and in addition requests the user profile in a diameter SAR (Server Assignment Request) message. The S-CSCF now stores the URI contained in the Contact header field and the path URIs contained in the Path header field. a highly overloaded registration sequence using only two round trips! 22 A special case of an implicit set of Public User Identities is a wildcarded Public User Identity. Two pieces of routing information have been exchanged after the successful registration. The contact URI corresponds to the physical address where a user addressed by one of the related Public User Identities is reachable and the list of path URIs contains the route to that address. Author: Dipl. the list of all Public User Identities allocated to the Private User Identity and the subset of those which are automatically registered in the S-CSCF as a set of implicitly registered Public User Identities22.

branch=z9hG4bK9h9ab Path: <sip:term@pcscf1. This line identifier is included in the P-Access-Network-Info header field (this time inserted by the PCSCF as a trusted network node) and checked by the S-CSCF against the requested identities during registration. The IMS has to be regarded as an overlay network on an IP network (PS domain25 in mobile networks) and therefore in general two authentication and authorisation procedures are required: one for using the IP based transport network and one for the services provided by the IMS.net. 3.-Ing.tag=409sp3 Call-ID: 23fi571ju Contact: <sip:[1080::8:800:200C:417A]:5059.3. Authentication and Registration SIP/2. but there are simpler alternatives which might be used in other networks or during transition periods24.1. 21 January 2004 18:19:20 GMT P-Associated-URI: <sip:alice-family@homel.net>. 24 25 For details see 3GPP TS 33.net>. The next two mechanisms presented below (bundled authentication) combine the two separate registrations mechanisms by re-using the authentication of the transport layer. expires=600000 Cseq: 2 REGISTER Date: Wed.homel.Part 4: IMS Identities.203 “Access Security for IP based services” PS = Packet Switched in contrast to CS (Circuit Switched) Author: Dipl.2. 3.net. GPRS-IMS-BUNDLED AUTHENTICATION After successful establishment of the signalling association the GGSN sends information about the allocated IP address to the HSS and the S-CSCF checks if the received IP address during a registration is identical to the IP address provided by the GGSN previously. This means that the IMS relies on proper control of IP addresses used on the transport layer.tag=s8732n To: <sip:alice@homel.comp=sigcomp. NASS (Network Attachment Subsystem) is a component od the wireline access network architecture. The third mechanism mentioned below re-uses the combination of TLS and HTTP digest.lr> Service-Route: <sip:orig@scscf1.3.comp=sigcomp>.0 200 OK Via: SIP/2. OTHER REGISTRATION ALGORITHMS The HTTP digest algorithm with authentication and key agreement (AKAv1-MD5) is the standard authentication method of 3GPP based networks. <sip:+l-212-555-1234@homel.3. Franz Edler page: 20 / 28 .net>. Instead of the IP-address as in GPRS networks a line identifier is used by the HSS.lr> From: <sip:alice@homel. <sip:alice-business@homel.user=phone> Content-Length: 0 Figure 11: (20) 200 OK 3. NASS-IMS-BUNDLED AUTHENTICATION This mechanism is similar to the above mentioned GPRS-IMS bundled authentication but used in wireline (DSL based) networks.visitedl.O/UDP [1080::8:800:200C:417A]:5059.net>. This mechanism has some weakness regarding security but will be used during “early IMS” rollout.net.

SUMMARY ON ACCESS SECURITY ALGORITHMS As a summary it should be mentioned again that in “regular” 3GPP based networks27 only the strong security and authentication mechanism based on HTTP Digest and Authentication and Key Agreement must be used.Part 4: IMS Identities. The client is then authenticated by the network vie HTTP digest inside of the encrypted TLS channel. Authentication and Registration 3.3. 26 27 RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.3. All other methods may be used only in IMS based networks outside of 3GPP. 3GPP operators may sell the strong security and authentication infrastructure to third party application providers. The strong 3GPP authentication infrastructure is a very valuable asset of 3GPP operators. More details on the generic use of the authentication architecture can be found in 3GPP TS 33.2 Regular means “outside of early IMS introductions” 28 3GPP TS 33. 3.3.-Ing. TLS works with certificates but these are usually only available at the serverside and enable an authentication of the network by the client.220: Generic Authentication Architecture (GAA) Author: Dipl.22028. Franz Edler page: 21 / 28 . TLS CONNECTION ESTABLISHMENT Another access security mechanism for IMS may be based on a combination of TLS26 and HTTP Digest algorithm. It can be leveraged to enable a further business opportunity: the selling of subscriber certificate based authentication services.4.

Part 4: IMS Identities. branch=z9hG4bK9h9ab Max-Forwards: 70 Route: <sip:pcscf1. This is reflects the implicit registration of two additional Public User Identities.port-c=5057. Why is this necessary? The basic RFC 3261 does not provide any possibility to instantly inform the user when it shuts down the service. ealg=aes-cbc. Authentication and Registration 3.1. q=0.tag=d9211 To: <sip:alice@homel. alg=hmac-sha-l-96. The reason for that can be e.comp=sigcomp> Content-Length: 0 Figure 12: (25) SUBSCRIBE to the registration event state The S-CSCF acts as a notifier and sends a NOTIFY request to the IMS terminal (see Figure 13). THE SUBSCRIPTION TO THE REGISTRATION EVENT STATE In Figure 5 on page 13 we see that after the successful registration the P-CSCF and the IMSterminal independently subscribe to the registration event (messages 21 – 24 and 25 – 32).0/UDP [1080::8:800:200C:417A]:5059. The XML part of the NOTIFY request contains the registration state for all three Public User Identities (including the implicitly registered identities) which have been included in the “P-Associated-URI” header field. It already uses the service route received during the registration within the “Route” header field and sends the SUBSCRIBE request via P-CSCF directly to the S-CSCF. SUBSCRIBE sip:alice@homel.g. Franz Edler page: 22 / 28 . This problem can now be solved by the subscription to the registration event29. You may observe in the “event” attribute of the “contact” tag the difference between the three registered identities: one is “registered” and two are “created”.net>.visitedl.-Ing. The only mechanism is the registration timeout which is not appropriate due to the rather long delays.lr> P-Access-Network-Info: 3GPP-UTRAN-TDD. spi-s=909767.comp=sigcomp>.net:5058. when the terminal is moving out of radio coverage or when the user requests the terminal to be locked because it was stolen.4.net. 29 RFC 3680: A SIP Event Package for Registrations Author: Dipl. In carrier networks in particular mobile networks there are situations where the operator wants to clear the registration state of a terminal.homel.net SIP/2. The SUBSCRIBE request sent by the terminal is shown in Figure 12.net> Call-ID: b89rjhnedlrfjflslj40a222 Require: sec-agree Proxy-Require: sec-agree Cseq: 61 SUBSCRIBE Event: reg Expires: 600000 Accept: application/reginfo+xml Security-Verify: ipsec-3gpp.0 Via: SIP/2.comp=sigcomp. This request is handled by the S-CSCF as it has the role of the registrar server. <sip:orig@scscfl.lr. spi-c=98765432.utran-cell-id-3gpp=C359A3913B20E From: <sip:alice@homel. port-s=5058 Contact: <sip:[1080::8:800:200C:417A]:5059. The IMS terminal therefore sends a SUBSCRIBE request for the “registration state event” into the network regarding the Public User Identity for which it registered just before.

branch=z9hG4bKoh2qrz Via: SIP/2.Part 4: IMS Identities.net> Content-Length: 873 <?xml version="1.O/UDP pcscfl.net.net" id="lla" state="active"> <contact id="542" state="active" event="registered" duration-registered="0"> <uri>sip: [1080::8:800:200C:417A]</uri> </contact> </registration> <registration aor="sip:alice-family@homel.net. In addition to the IMS terminal and the P-CSCF also application servers may optionally subscribe to the registration event state.homel.visitedl. Franz Edler page: 23 / 28 .net" id="llb" state="active"> <contact id="543" state="active" event="created" duration-registered="0"> <uri>sip:[1080::8:800:200C:417A]</uri> </contact> </registration> <registration aor="tel:+1-212-555-1234" id="llc" state="active"> <contact id="544" state="active" event="created" duration-registered="0"> <uri>sip:[1080::8:800:200C:417A]</uri> </contact> </registration> </reginfo> Figure 13: (30) NOTIFY Author: Dipl.net>. This subscription enables also the P-CSCF to be “in sync” about the Public-User Identities it has to care for.tag=d9211 To: <sip:alice@homel.-Ing.home1.lr> From: <sip:alice@homel.comp=sigcomp.O/UDP scscfl. NOTIFY sip:[1080::8:800:200C:417A]:5059.homel.0 Via: SIP/2.net>. Authentication and Registration In the same way as the IMS terminal also the P-CSCF subscribes to the registration state.0"?> <reginfo xmlns="urn:ietf:params:xml:ns:reginfo" version="l" state="full"> <registration aor="sip:alice@homel.expires=600000 Event: reg Content-Type: application/reginfo+xml Contact: <sip:scscfl.net:5058.comp=sigcomp SIP/2.branch=z9hG4bKslppO Max-Forwards: 69 Route: <sip:pcscf1.tag=151170 Call-ID: b89rjhnedlrfjflslj40a222 Cseq: 42 NOTIFY Subscription-State: active.

The P-CSCF is therefore no allowed to directly access the data repository (HSS) of the respective home network. If some of the parameters in a request are incorrect or missing the P-CSCF has two choices: either reject the request or correct the parameters. The only chance to fulfil his role of a cotrolling border network element in IMS is by sniffing the necessary information during operation. Franz Edler page: 24 / 28 . Authentication and Registration 3. The “Service-Route” header field: This enables the P-CSCF to check for valid “Route” header field used by the IMS terminal. These are e.Part 4: IMS Identities. the Record-Route” and “Route” header field (the dialog route) and the “Via” header field to monitor correct routing behaviour of the IMS terminal. The P-Associated-URIs: This enables the P-CSCF to check for valid identities used by the IMS terminal. Besides the specific tasks during the registration the P-CSCF additionally stores some data during operation e. Author: Dipl.5. A FEW REMARKS ON THE ROLE OF THE P-CSCF DURING REGISTRATION The P-CSCF may be located in a different network in case of a roaming user. • • • The data in the “Contact” header field in combination with the security association.-Ing. This enables the P-CSCF to reach an IMS terminal via the specific security association.g. In that way the P-CSCF stores several data dynamically for the registering users.g.

EXERCISES AND QUESTIONS After studying this part of the lecture you should be able to answer the following questions: Chapter 2: IMS Identities • • • • • • • • • Explain the difference between Private and Public User Identities! What are they used for? Explain the interrelation of IMS subscription Private User Identity and Public User Identity! What is a Public Service Identity? What is the difference between a Public User Identity and a Public Service Identity? What are the two categories of PSIs? Explain the relationship between UICC and SIM. Franz Edler page: 25 / 28 .1: The simple SIP registration • • Describe the simple registration procedure defined in basic SIP! In a simple SIP based registration only the second REGSTER request contains an Authorization header field. Authentication and Registration 4. USIM and ISIM! Which data are typically stored on an UICC? Which data are stored in an ISIM application and explain the structure of these data! How can IMS users be addressed in the “early IMS” transition period? Chapter 3.-Ing.Part 4: IMS Identities.2: The more complex IMS registration • • • • • • • • • List the additional tasks accomplished during an IMS registration procedure in comparison to the simple SIP registration! What information is included in the P-Access-Network-Info header field? From the perspective of the IMS terminal: which SIP protocol extensions are required in an IMS registration and which extension is supported? Draw the message flow of an IMS registration showing SIP and diameter signalling! Which data from ISIM are mapped into which header fields and header field parameters in the REGISTRATION request of an IMS terminal? Which data is inserted by the P-CSCF into the REGISTER request? How does the P-CSCF know the address of an I-CSCF in the home network of the user? What is the role of the I-CSCF during IMS registration (1st and 2nd REGISTER transaction)? How does an I-CSCF select an S-CSCF for a user? Author: Dipl. Why does in an IMS registration the first REGISTER request already need an Authorization header field? Chapter 3.

Franz Edler page: 26 / 28 . Authentication and Registration Who inserts the “integrity-protected” parameter to the Authorization header field an what does it mean? Why does the P-CSCF increase the extension level for “path” from “Supported” to “Required”? What is the “P-Visited-Network-ID” header field used for? Which network node inserts the “P-Charging-Vector” and what is the characteristic of the “icid” value? Why does the S-CSCF need an authentication vector form HSS? What data are included exactly in an authentication vector? How are RAND and AUTN inserted into the “401 Unauthorized” response? What happens to “ik” and “ck” parameters in the “Authorization” header field of the “401 Unauthorized” response when it is sent to the IMS terminal? What are the “Security-Client”.-Ing. “Security-Server” and “Security-Verify” header fields used for? What is the difference between the 1st and the 2nd REGISTER request sent from the IMS terminal from the security perspective? What is the difference in the diameter request of the I-CSCF between the 1st and the 2nd registration transaction? How is the home network verified by the IMS terminal? What information is exchanged between S-CSCF and HSS after successful verification of the credentials of the IMS terminal? What is the content of the user profile and to which identity is it linked? Which data are stored in the S-CSCF after successful registration of an IMS terminal? What is the “Path” header field used for and which network element needs it? What is the “Service-Route” header field used for and which network element needs it? Which network element may be optionally included in the “Path” and “Service-Route” header field and why? What information does the “P-Associated-URI” header field contain? • • • • • • • • • • • • • • • • • • • Chapter 3.Part 4: IMS Identities. Author: Dipl.3: Other registration algorithms • Which kind of simplifications for authentication are used in mobile networks for early deployments and for wireline networks? Which further business opportunity can be offered based on the strong authentication architecture of 3GPP networks.

Part 4: IMS Identities.4: The subscription to the Registration Event State • • • Why is the subscription to the registration event state necessary? Which network elements subscribe to the registration event state? How many state entries does the XML part of the NOTIFY of the subscription to the registration event state contain and how do they differ? Chapter 3.-Ing.5: A few remarks on the role of the P-CSCF during registration • • • • Why is the P-CSCF not able to query the HSS? How doe the P-CSCF get the information it needs to fulfil its tasks? What data does the P-CSCF always check during operation? What are the choices for the P-CSCF when it detects incorrect parameters in a request? Author: Dipl. Franz Edler page: 27 / 28 . Authentication and Registration Chapter 3.

Mayer. Garcia-Martin: The 3G IP Multimedia Subsystem (IMS) Wiley & Sons. Alan B. ISBN 1-58053-168-7 2.Poikselka. REFERENCES 5. G. BOOKS ON SESSION INITIATION PROTOCOL Henry Sinnreich und Alan B. ISBN-10: 0470721960 ISBN-13: 978-0470721964 3rd Edition. 2009 Author: Dipl. www. H. Khartabil: The IMS .com ISBN: 0-9748130-0-1 5.2.1. Johnston: SIP – Understanding the Session Initiation Protocol Artech House. ISBN-10: 0470516623 ISBN-13: 978-0470516621 3rd Edition.-Ing. Auflage November 2003 Henry Sinnreich. 2009 The “red book”: M.vonmag. BOOKS ON IP MULTIMEDIA SUBSYSTEM The “yellow book”: G. Franz Edler page: 28 / 28 . Camarillo. ISBN-10: 0471776572 2nd edition: 2006 Alan B. Johnston: Internet Communcications Using SIP Wiley & Sons. M. Sparks: SIP beyond VoIP VON Publishing LLC. Authentication and Registration 5.Part 4: IMS Identities.IP Multimedia Concepts and Services Wiley & Sons. Johnston und R.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.