Method for protecting access security of IP multimedia subsystem based on TLS

A technology for multimedia subsystems and security protection, applied in transmission systems, digital transmission systems, secure communication devices, etc., can solve the problems that user terminals do not support the use of certificates, cannot authenticate UE identities, etc., and overcome the problem of weak two-way authentication. simple effect

Active Publication Date: 2005-11-16
ZTE CORP
View PDF0 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0020] Although the above TLS-based IMS access security scheme enables protected IMS signaling to penetrate NAT, it still has many problems
A more serious security problem is the one-way authentication problem during the establishment of a TLS session, because the TLS protocol supports the use of certificates for identity authentication by both communication parties, while 3GPP only supports the use of certificates on the network side, and does not support the use of certificates on the user terminal. Therefore, during the TLS session negotiation process between the UE and the P-CSCF, only the UE is allowed to authenticate the P-CSCF, and the P-CSCF cannot authenticate the identity of the UE, so the attacker can pretend to be a user to access the IMS, and act as a middleman for legitimate users. attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for protecting access security of IP multimedia subsystem based on TLS
  • Method for protecting access security of IP multimedia subsystem based on TLS

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] This embodiment takes figure 2 As an example, the method for protecting IMS access security by using the TLS / IMS AKA protocol in the present invention is described. In this embodiment, both the UE and the P-CSCF support the TLS / IMS AKA security mechanism. The cipher suites supported by the UE include TLS_RSA_WITH_IDEA_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, and TLS_RSA_WITH_DES_CBC_SHA. The cipher suites supported by the P-CSCF are TLS_RSA_WITH_3DES_EDE_CBC_SHA and TLS_RSA_ITH. The priority of the UE, the UE's IMS access process flow is as follows:

[0037] 1. The UE establishes a TCP connection with the P-CSCF.

[0038] 2. The UE sends an initial registration message (Register) SM1 to the P-CSCF, which includes the user's IMPI and IMPU, and the message also includes a list of cipher suites supported by the UE {TLS_RSA_WITH_IDEA_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA}. After receiving the registration message sent by the UE, the P-CSCF choos...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

In registration process through UE, using IMS AKA protocol to negotiate with P -CSCF, the method discloses uses TLS connect session in TCP connection. Then, the TLS connect session guarantees transmission security of IMS signaling between UE and P -CSCF. Features are: simple implementing procedure, being able to protect access safety of IMS. Comparing with prior art, the invention overcomes issue of weak bi-directional authentication so that attacker is not able to implement intermediator attack.

Description

technical field [0001] The present invention relates to the security field of the communication system, in particular, the present invention relates to the protection method of IMS (IP Multimedia Subsystem) access security. Background technique [0002] IMS is a subsystem supporting IP multimedia services proposed by 3GPP2 in Release 5. It consists of all core network functional entities that can provide multimedia services, including a set of functional entities related to signaling and bearer. These functional entities involve CSCF (Call State Control Function), MGCF (Media Gateway Control Function), MRF (Media Resource Function), and HSS (Home Subscriber Server), etc. IMS is based on the SIP (Session Initiation Protocol) system. SIP is a text-based signaling protocol that works in the client / server mode. IMS uses the SIP call control mechanism to create, manage and terminate various types of multimedia services. In addition to SIP as the core, IMS has wide adaptability t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/00
Inventor 田峰李睿
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap