Beruflich Dokumente
Kultur Dokumente
ABSTRACT
Since IMS provides a very wide connectivity across different networks, authentication of
the users is an important security issue. IMS uses the IETF's (Internet engineering task force) HTTP
digest authentication protocol for network access.The HTTP Authentication Framework includes two
authentication schemes: Basic and Digest.
In HTTP basic authentication, a client has to send a password to the server for getting
authenticated, so there is a chance that some one may intercept the network and get to know that
password. The Basic scheme is inherently insecure in that it transmits user credentials
in plain text.
HTTP digest authentication lets a client prove to the server that it knows a password,
without having to send the password in clear. The client performs a computation based on the password
and a random value supplied by the server. The result is transmitted to the server which performs the
same computation and if finds identical answer, authenticates the client.
1. INTRODUCTION
For several years, telecommunications pro\ iders have touted the potential of converged networks that
offer a wide range of voice, data, and multimedia services, all over a single IP infrastructure.
However, these networks ha\e been just a vision until recently. Now, though, a growing
number of telecommunications carriers and equipment vendors including Alcatel, Ericsson. Lucent
Technologies, Motorola, and Nokia are beginning to release devices and services based on a convergence
architecture for telecom operators that want to provide mobile and fixed multimedia services. It uses a
Voice-over-IP (VoIP) implementation based on a 3GPP-standardized implementation, and runs over the
standard Internet Protocol (IP). Existing phone systems (both packet-switched and circuit-switched) are
supported. With the advent of IMS the fixed-mobile convergence has become a key trend of the
The basic idea behind convcrgance is to use the services available with one network to be
easily accessible by other t\ pes of networks also. For this all the existing networks like the fixed
networks and the upcoming mobile networks should be able to use a single network infrastructure. This
ability to connect almost any hardware or software device opens the door to other potential problems in
the fixed and mobile network - that of device malfunction and malicious attack.
Providing proper security, authentication and authorization to the users connected to such
a converged network and to the network itself, becomes an important issue. To tackle security problems
with such a growing number of interconnectivity between various types of networks, IMS uses the
IETF's HTTP Digest Authentication protocol for mobile network-access security. Using HTTP Basic
Authentication, IMS transmissions between client and server would be unencrypted and could be
intercepted. HTTP Digest Authentication lets a client prove to a server that it knows the password
without having to send the password in the clear. The client performs a computation based on the
password and a random value supplied by the server. The result is transmitted to the server, which
performs the same computation and, if it obtains the identical answer, authenticates the client.
This is different from any basic authentication schemes where authentication tokens, like
a username and password is directly transmitted between the client and the server, where it can easily be
eavesdropped. Also it provides an integrity check for all the data, which is subsequently transmitted
between the client and the server, to avoid any unwanted messages to get across the network, and leaking
the confidential data.Data integrity is nothing but the property that the data has not been altered in an
unauthorized manner.
The scope of this report is to highlight those properties of the security system of a
converged network, based on u hich proper authentication and integrity of the data can be supported.
2. CONVERGED NETWORKS
The term "converged networks" relates to the integration of voice (fixed and wireless),
data and video services. Converged networks, which combine voice, data, fax and video transmissions
into a cohesi\e networking infrastructure - all centered on the Internet Protocol, or IP - promise a number
of advantages over existing, separate networking environments. Convergence also relates to the
combining of what were once four distinct networks - circuit switched telephone network, cable network,
mobile network and Internet service provider networks. Convergence was made possible by being able to
transport voice, data and video in exactly the same way. The explosion in data traffic has led to the move
to packet ise voice, turning it into another form of data. Hence the introduction of VoIP - the means of
Voice over Internet Protocol, also called VoIP, IP Telephony. Internet telephony,
Broadband telephony, Broadband Phone and Voice over Broadband is the routing of voice conversations
Converged voice, video and data using a packet based transport offers flexible, scalable,
and cost efficient sen ices. There is no longer any need to provide and manage separate voice, data and \
ideo networks, which presents significant cost savings. The standardization of technology in the
converged network means that risk is reduced on a number of fronts. Functionality can be added in days
The implementation of such a convergence of the networks became a reality after the
advent of the technology known as IMS- IP Multimedia Subsystem.IMS was originally designed for the
mobile networks, but was later expanded to implement the convergence of the mobiles with the
The vision is for people to use one phone with one number, address book and voicemail bank, taking
advantage of cheap, high-speed connectivity in their fixed-line home or office setting, while enjoying
mobility oulside in the wide-area mobile phone network. It also includes a seamless handover of calls
The IP Multimedia Subsystem (IMS) is a standardized Next Generation Networking (NGN) architecture
for telecom operators that want to provide mobile and fixed multimedia services. It uses a Voice-over-IP
(VoIP) implementation based on a 3GPP standardized implementation of SIP, and runs over the standard
Internet Protocol (IP). Existing phone systems (both packet-switched and circuit-switched) are supported.
The aim of IMS is not only to provide new services but all the services, current
and future, that the Internet provides. In this way, IMS will give network operators and
service providers the ability to control and charge for each service. In addition, users have
to be able to execute all their services when roaming as well as from their home
networks. To achieve these goals, IMS uses open standard IP protocols, defined by the
IETF. So, a multimedia session between two IMS users, between an IMS user and a user
on the Internet, and between two users on the Internet is established using exactly the
same protocol. Moreover, the interfaces for service developers are also based on IP
protocols. This is why IMS truly merges the Internet with the cellular world; it uses
appealing services.
access technology, and terminal. IMS guarantees interworking with existing phone systems, while
commonly referred to as Voice over IP or VoIP protocols. VoIP converts the voice signal from your
telephone into a digital signal that travels over the Internet. If you are calling a regular phone number, the
signal is then converted back at the other end. VoIP can allow you to make a call directly from a
using an adapter. In addition, new wireless "hot spots" in public locations such as airports, parks, and
cafes, allow you to connect to the Internet, and may enable you to use VoIP service wirelessly. If you
make a call using a phone with an adapter, you'll be able to dial just as you always have, and the service
provider may also provide a dial tone. If your service assigns you a regular phone number, then a person
can call you from his or her regular phone without using special equipment.
As we can see Convergence principles are bringing together all the existing
networks, making them virtual!) one. To provide proper security to all the networks and the user
equipments connected to such a vast network is a big challenge. It uses a Digest authentication scheme
4. AUTHENTICATION SCHEMES
This is a very basic authentication scheme used in normal web connections.Here the
client has to send a password to the server for authentication. As a normal procedure here the client sends
an initial request to the server for authentication, on receiving which the server sends a message to the
client based on which it prompts the user to enter the credentials. Once entered say, username and
password, these are sent through the media to the server. The server verifies them based on the stored
values in the database and accordingly accepts or rejects the request. If accepted it sends a success
response back to the client and the services requested by the users are then available to them through the
client.
If rejected the user is not authenticated to use the services.Here when the client
sends the passwords, it is vulnerable to interception. This is a major security issue, as the password is
sent in clear text. Even if it is encoded, the encoded password can be replayed by the eavesdropper.
plain text. The Digest scheme improves security by hiding user credentials with cryptographic hashes,
and additionally by providing limited message integrity.Authentication and Key Agreement (AKA) is the
mechanism used to generate the authentication vectors for the HTTP Digest authentication scheme.
1. A shared secret K is established beforehand between the UE (User equipment) and the
Authentication Center (AuC).
2. The AuC of the home network produces an authentication vector AV, based on the shared
secret K and a sequence number SQN. The
AUTN, expected authentication result XRES, a session key for integrity check IK, and a
3. The authentication vector is downloaded to a server. Optionally, the server can also
download a batch of AVs, containing more than one authentication vector.
4. The server creates an authentication request, which contains the random challenge RAND,
and die network authenticator token AUTN.
authenticated. The client then produces an authentication response RES, using the shared
CK, can be used for protecting further communications between the clients and the server.
When a client receives a Digest AKA authentication challenge, it extracts the RAND and AUTN, and
assesses the AUTN token provided by the server. If the client successfully authenticates the server with
the AUTN, and determines that the SQN used in generating the challenge is within expected range, the
AKA algorithms are run with the RAND challenge and shared secret K.
4.3 PROVIDING MESSAGE INTEGRITY
"liello"
password,---'"'"
(cleanest) ^
\. f
$l$r6T8CUB 9 $ O: :e41 FJyF/3 gkPIuvE. 0
Q9 0
password
store
A hash function takes a long string (or message) of any length as input and
produces a fixed length string as output, sometimes termed a message digest or a digital
A hash is a kind of signature for a stream of data, which represents its content. Its
different from encryption in the way that, encryption is reversible process, you can
decode the encrypted data if you know the encryption algorithm. But hashes are
irreversible. Suppose the server wants to compare the password received from the client.
Then he should have that stored password with it before hand, so that it can compare the
password received from the client with it But storing the passwords in clear can be a
security threat. So they can be stored as a hash. Since it is impossible to know which
password produced which hash, the user's password can never be know. When a user
sends a password that will fed to the hash and then the output will be matched with the
stored hashes. Moreover transmitting hashes through the network is even safer than
sending clear text messages, because a small change in the text value, brings a large
change in the hash produced, because of the large size of the hashes, so it becomes easier to detect
whether the message is tampered. This mechanism is used in digest authentication to provide integrity to
the messages, so as to detect whether the message has been tampered with.
First when the client is started, it sends a request to register with the server (as an example when
SIM card is inserted into the mobile, this process is initiated), it goes to a control function, which is the
main logical block of an IMS network, it reads the request and then passes to authentication center, then
AuC enquires a database, where for each user the authentication vectors are stored. It fetches those from
the database and sends it to control function, which then applies various algorithms and generates
Register Res
Assign
Authenticate
On the client side, here the client receives those authentication tokens and it decodes them and creates its
server uses to generate them (those functions are shared between the client and the server). CF compares
the client's response and if finds correct, it asks AuC to authorize the client and provide it with a server
address which hosts the service requested by the client. The AuC gets the server name from the database
and authorizes that client to use it. And finally CF sends the client "authenticate" response, signifying to
the client that its request is authenticated and its ready to use the service.
Upon receipt of a request (rum the CF, the AuC sends an ordered array of n
authentication vectors to the CF. The authentication vectors are ordered based on sequence number. Each
authentication vector consists of the following components: a random number RAND, an expected
response XRES, a cipher key CK, an integrity key IK and an authentication token AUTN. fach
authentication vector is good for one authentication and key agreement between the CF and the UE.
When the CF initiates an authentication and key agreement, it selects the next authentication vector from
the ordered array and sends the parameters RAND and AUTN to the user. Authentication vectors in a
particular node are used on a lirst-in / first-out basis. The UE checks whether AUTN can be accepted
and, if so, produces a response RES which is sent back to the CF. The UE also computes CK and IK.
The CF compares the received RES with XRES. If they match the CF considers the authentication and
key agreement exchange to be successfully completed. The established keys CK and IK will then be
transferred by the UE and the CF to the entities, which perform ciphering and integrity functions.
Generate SQN
Generate RAND
SQN
RAND
AMF
t * t t_____t, J*_______t Jt
fl
f5
MAC
r TTT1 XRES CK IK AK
The AuC starts with generating a fresh sequence number SQN and an unpredictable
challenge RAND.The HI has some flexibility in the management of sequence numbers, but some
requirements need to be fulfilled by the mechanism used:
a) In case the SQN exposes the identity and location of the user, the AK may be
conceal it.
b) The generation mechanism shall allow protection against wrap around the
authentication function;
authentication function;
= 9-
Finally the authentication token AUTN = SQN © AK || AMF || MAC is constructed.
Here, AK is an anonymity key used to conceal the sequence number as the latter may expose the identity
and location of the user. The concealment of the sequence number is to protect against passive attacks
RAND AUTN
t
AK
t T ▼ T
f4
XMAC RES CK IK
anonymity key AK = f5K (RAND) and retrieves the sequence number SQN = (SQN ^ AK) ® AK. Next
the UE computes XMAC = flK (SQN || RAND || AMF) and compares this with MAC which is included
in AUTN. If they are different, the user sends user authentication reject back to the CF with an indication
of the cause and the user abandons the procedure. In this case, CF shall initiate an Authentication Failure
Report procedure towards the AuC CF may also decide to initiate a new identification and authentication
Next the UE verifies that the received sequence number SQN is in the correct range. If
sends synchronisation failure back to the CF including an appropriate parameter, and abandons the
procedure.
computes RES = f2K (RAM)) and includes this parameter in a user authentication response back
to the CF. finally the UE computes the cipher key CK = f3K (RAND) and the integrity key IK =
14K (RAND). If this is more efficient, RES, CK and IK could also be computed earlier at any
time after receiving RAND. UE shall store original CK, IK until the next successful execution of
AKA.
Upon receipt of user authentication response the CF compares RES with the
expected response XRES from the selected authentication vector. If XRES equals RES then the
authentication of the user has passed. The CF also selects the appropriate cipher key CK and
integrity key IK from the selected authentication vector. If XRES and RES are different, CF shall
initiate an Authentication Failure Report procedure. CF may also decide to initiate a new
The verification of the SQN by the UE will cause to reject an attempt by the
CF to re-use a SQN to establish a particular security context more than once. When the UE
re-transmit the response. The UE shall delete the stored values RAND, RES as soon as the
connection is aborted.
6. SECURING AGAINST EAVESDROPPING
These are some ways adopted to avoid ea\ csdropping.
1) Anonymity Key AK - In case SQN exposes identity and location of the user.
2) Verifying the freshness of sequence number in the client.
3) Integrity Key IK - Provides the integrity check for all the messages.
AK, this is Anonymity Key is combined with the SQN when it is transmitted. This
is because database stores 32 SQNs, which are transmitted one after another for registration for that
particular client. So if that SQN is intercepted it can tell the location of the user, because the AuC of
that particular area will be having those SQNs. This is a security threat. To avoid this SQN is not
directly sent but combined with a randomly generated AK, which will be changing every time and
Secondly the client also cheeks when it gets the SQN from the server that is it the
same SQN which it received in any of the last 32 authentication process, if it is the client knows
some body has intercepted and is replaying the same message so it must not respond to that message.
The Integrity key is added to all the responses after authentication so that the client
knows whether the message has been tampered. This is possible because the integrity key will be
added in such a wa\ that if the message will be tampered client or server will come to know by doing
As IMS is targeting the potential to deliver a great range of services across different networks, its
opening up the networks to malicious attacks, as never before.With the incorporation of AKA key
generating technique with the Digest authentication schemes, a part of user authentication problem is
being tried to overcome.But as IMS expands itself, maintaining the message integrity will be a big
challenge.The next step towards that is making the use of HTTP Digest for authentication possible
with application servers. Which by use of the AKA keys will help enhancing the message integrity in
the network.
8. CONCLUSION
IMS offers the potential to deliver a great range of innovative services to a range of different
networks. In doing so it offers an attractive target for fraud and disruption. The basic authentication
schemes used for H I "1 P, or even the digest authentication schemes cannot be sufficient for
providing the required level of security. The HTTP digest was vulnerable to the man-in-the-middle
attack. The attacker may initiate a session with a server, and when the server challenges the attacker
with HTTP Digest, the attacker disguises the server to the victim. If the victim responds to the
challenge, the attacker is able to use this response towards the server in HTTP Digest. To avoid this
it was necessary that the client is able to demonstrate that, in addition to the AKA response, it
possesses the AKA session keys. This was made possible by the use of the AKA-generated session
1) RFC 3310
2) 3GPP TS 33.102 v 4.4.0 (2006)
3) An Illustrated Guide to Cryptographic Hashes - Steve Friedl
4) Building Converged networks with IMS technology - David Geer
5) IETF RFC 4169: Hypertext Transfer Protocol (HTTP) Digest Authentication Using
Authentication and Key Agreement (AKA).
Page No :
1. INTRODUCTION 2
2. CONVERGED NETWORKS 4
2.1 WHAT IS CONVERGENCE? 4
2.2 IMPLEMENTING WITH THE REAL NETWORKS 4
3. IP MULTIMEDIA SUBSYSTEM 6
3.1 BASIC PRINCIPLES 6
3.2 VOICE OVER IP 6
4. AUTHENTICATION SCHEMES 8
4.1 BASIC AUTHENTICATION SCHEME 8
4.2 DIGEST AUTHENTICATION 8
4.3 PROVIDING MESSAGE INTEGRITY 10