Abstract
The IP multimedia Subsystem (IMS) is the evolution of the 3G mobile networks towards new generation networks (NGN) that are only IP based. This architectural framework is seen as a key element for achieving network convergence defining a new horizontal integrated service offering, based on a common signaling protocol (SIP) for all multimedia services such as Voice over IP, Video call, or instant messaging. However the present deployment of IMS is specified according to a specific model, the so called walled-garden. In this model the applications are only provided to the users within the same operator so that the users will not have to look for applications outside the IMS garden. It is a very restrictive access mode for the users because they remain dependent on services offered by the provider and can consequently not choose freely applications they want to subscribe for. The goal of this paper is to include Single Sign-On (SSO) features in the standing IMS architectures to allow the user accessing all the applications, even the external ones transparently, simulating a walled-garden environment. We also introduce the notion of security level that will be affected to the SPs, and implementing it in what we can call “a Multi-level authentication model”.
Chapter PDF
Similar content being viewed by others
References
The 3rd Generation Partnership Project (3GPP), http://www.3gpp.org/
ETSI/TISPAN, http://www.etsi.org/tispan/
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Spark, R., Handley, M., Schooler, E.: Session Initiation Protocol. RFC 3261 (June 2002)
Al-Begain, K., Balakrishna, C., Galindo, L.A.: IMS: a development and deployment perspective
3GPP TS 33.105: Cryptographic algorithm requirements. s.l.: ETSI, 2009-02. vol. 8
Calhoun, P., Loughney, J., Guttman, E., Zorn, G., Arkko, J.: DiameterBase Protocol, RFC3588 (September 2003)
Kent, S., Atkinson, R.: Security architecture for the internet protocol. IETF, RFC2401 (November 1998)
Camarillo, G., Garcia-Martin, M.A.: The 3G IP Multimedia Subsystem (IMS) Merging the Internet and the Cellular Worlds, 3rd edn. John Wiley & Sons Ltd. (2008)
M. A. C. for Education (MACE), Shibboleth (Internet2), http://shibboleth.internet2.edu/
Security Assertion Markup Language (SAML) V2.0 Technical Overview
Liberty Alliance Project: Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification, Version: v2.0
3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, Generic Authentication Architecture (GAA), Generic Bootstrapping Architecture (GBA), (Release 11) 3GPP TS 33.220 V11.1.0 (2011-12) 2
Jennings, C., Peterson, J., Watson, M.: Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks. RFC 3325 (November 2002)
Islam, S., Grégoire, J.-C.: Multi-domain authentication for IMS services. Computer Networks 55(12), 2689–2704 (2011)
Ying, N., Yao, Z., Hua, Z.: The Study of Multi-Level Authentication–Based Single Sign-on System. In: Proceedings of IC-BNMT 2009 (2009)
OASIS SAML V2.0 Identity Assurance Profiles,Version 1.0 Committee Draft 01 (September 22, 2009)
Grégoire, J.-C., Islam, S.: An SSO-enabled architecture for beyond the IMS domain services. In: Proceedings of the 6th NGNM in MANWEEK, pp. 37–49 (2009)
Islam, S., Grégoire, J.-C.: User-centric service provisioning for IMS. In: Proceedings of the 6th International Conference on Mobile Technology, Applications, and Systems (2009)
Kantara Initiative Telecommunications ID Work Group, http://kantarainitiative.org/confluence/download/attachments/41648511/WP-BridgingIMS_AndInternetIdentity_V1.0.pdf
Tschofenig, H., Peterson, J., Polk, J., Sicker, D., Hodges, J.: SIP SAML Profile and Binding, status: IETF Draft Standard (October 2010)
NIST, Electronic Authentication Guideline (April 2006)
Luo, M., Wen, Y.-Y., Zhao, H.: A Certificate-Based Authenticated Key Agreement Protocol for SIP-Based VoIP Networks. In: 2008 IFIP International Conference on Network and Parallel Computing (2008)
Wang, F.J., Zhang, Y.Q.: A new provably secure authentication and key agreement mechanism for SIP using certificateless public key cryptography. In: 2007 International Conference on Computational Intelligence and Security, Harbin, pp. 809–814 (2007), doi:10.1109/CIS.2007.113
Dotson, S.: Certificate Authentication in SIP, status: IETF Draft Standard (November 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Maachaoui, M., Abou El Kalam, A., Fraboul, C., Ait Ouahman, A. (2012). Multi-level Authentication Based Single Sign-On for IMS Services. In: De Decker, B., Chadwick, D.W. (eds) Communications and Multimedia Security. CMS 2012. Lecture Notes in Computer Science, vol 7394. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32805-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-32805-3_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32804-6
Online ISBN: 978-3-642-32805-3
eBook Packages: Computer ScienceComputer Science (R0)