A protection method for access security of IP multimedia subsystem

A multimedia subsystem and security technology, applied in the direction of synchronous sending/receiving encryption equipment, data exchange through path configuration, etc., can solve the problems that the user terminal does not support the use of certificates, cannot authenticate UE identity, etc., and overcomes the problem of weak two-way authentication Effect

Active Publication Date: 2008-02-13
ZTE CORP
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0020] Although the above TLS-based IMS access security scheme enables protected IMS signaling to penetrate NAT, it still has many problems
A more serious security problem is the one-way authentication problem during the establishment of a TLS session, because the TLS protocol supports the use of certificates for identity authentication by both communication parties, while 3GPP only supports the use of certificates on the network side, and does not support the use of certificates on the user terminal. Therefore, during the TLS session negotiation process between the UE and the P-CSCF, only the UE is allowed to authenticate the P-CSCF, and the P-CSCF cannot authenticate the identity of the UE, so the attacker can pretend to be a user to access the IMS, and act as a middleman for legitimate users. attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A protection method for access security of IP multimedia subsystem
  • A protection method for access security of IP multimedia subsystem
  • A protection method for access security of IP multimedia subsystem

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] This embodiment describes the method for protecting IMS access security by using the TLS protocol in the present invention with reference to FIG. 3 . In this embodiment, both the UE and the P-CSCF support three security mechanisms: TLS, IPSec / IKEv2 and IPSec / IMS AKA, and the P-CSCF has a higher priority for TLS support. The UE's IMS access process flow is as follows:

[0052] 1. The UE sends an initial registration message (Register) SM1 to the P-CSCF, and the message includes require, proxy-require, and security-client message headers. The require and proxy-require message headers contain the label "sec-agree" option, indicating that the P-CSCF must support the security mechanism of the UE.

[0053] The Security-client message header contains a list of security mechanisms supported by the UE and their parameters, and its content is "TLS; IPSec / IKEv2; IPSec / IMS AKA, SPI_U, Port_U, list of cipher suites". Three security mechanisms: TLS, IPSec / IKEv2 and IPSec / IMSAKA, whe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

This invention discloses a method for protecting the switch-in safety of the IP multimedia subsystem, characterized in that the UE and P-CSCF will negotiate a sharing code when the UE registering, setting up a safety communication channel based on the sharing code, making the IMS message transmitting between UE and P-CSCF safety, and the protected IMS message will penetrate the NAT transparently. The method combines the UE' registering process, safety channel negotiating process and the data coding process together, making sure the two-way identification between UE and P-CSCF; besides, the method also prevent the attacker attacking the go-between.

Description

technical field [0001] The present invention relates to the security field of the communication system, in particular, the present invention relates to the protection method of IMS (IP Multimedia Subsystem) access security. Background technique [0002] IMS is a subsystem supporting IP multimedia services proposed by 3GPP2 in Release5. It consists of all core network functional entities that can provide multimedia services, including a set of functional entities related to signaling and bearer. These functional entities involve CSCF ( Call State Control Function), MGCF (Media Gateway Control Function), MRF (Media Resource Function) and HSS (Home Subscriber Server), etc. IMS is based on the SIP (Session Initiation Protocol) system. SIP is a text-based signaling protocol that works in the client / server mode. IMS uses the SIP call control mechanism to create, manage and terminate various types of multimedia services. In addition to SIP as the core, IMS has wide adaptability to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/28H04L9/12
Inventor 田峰李睿
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap