Advertisement

End-to-middle-to-end solution for IMS media plane security

  • Jose Oscar Fajardo
  • Fidel Liberal
  • Fudong Li
  • Nathan Clarke
  • Is-Haka Mkwawa
Article

Abstract

IP multimedia subsystem (IMS) is becoming the prevailing candidate for managing future mobile multimedia communications, including critical communications such as public safety, emergency professionals and corporate networks. IMS security and privacy has gained much attention in the few last years. The review of recent IMS security activities stresses the inclusion of intermediate nodes in the media path of secured communications as an open issue. This paper presents an end-to-middle-to-end solution which enables the usage of IMS media plane elements such as recorders, transcoders and novel cross-ciphering functions in a secure way. The proposed solution, which is fully compliant with IMS, includes the network architecture, the signaling plane for session signaling and key management, and the media-plane security characteristics. Experimental results demonstrate that the proposed solution can provide media interoperability (both transcoding and cross-ciphering) with a cost of 17 % overhead to a standard IMS call setup in the signaling plane.

Keywords

IMS Media plane security Cross-ciphering Security resource function 

Notes

Acknowledgments

The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement 284863 (FP7 SEC GERYON).

References

  1. 1.
    3rd Generation Partnership Project (2000). IP Multimedia Subsystem (IMS); Stage 2. Technical Specification 23.228. 3GPP. Accessed September 28, 2010, from http://www.3gpp.org/ftp/Specs/html-info/23228.htm.
  2. 2.
    3rd Generation Partnership Project (2001). 3G security; Access security for IP-based services. Technical Specification 33.203. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33203.htm.
  3. 3.
    3rd Generation Partnership Project (2001). IP Multimedia (IM) session handling; IM call model; Stage 2. Technical Specification 23.218. 3GPP. Accessed July 10, 2010, from http://www.3gpp.org/ftp/Specs/html-info/23218.htm.
  4. 4.
    3rd Generation Partnership Project (2002). 3G security; Network Domain Security (NDS); IP network layer security. Technical Specification 33.210. 3GPP. http://www.3gpp.org/ftp/Specs/html-info/33210.htm.
  5. 5.
    3rd Generation Partnership Project (2009). IP Multimedia Subsystem (IMS) media plane security. Technical Specification 33.328. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33328.htm.
  6. 6.
    3rd Generation Partnership Project (2009–2012). IP Multimedia Subsystem (IMS) media plane security. Technical Report 33.828. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33828.htm.
  7. 7.
    Aloudat, A., & Michael, K. (2011). Toward the regulation of ubiquitous mobile government: a case study on location-based emergency services in Australia. Electronic Commerce Research, 11(1), 3174.CrossRefGoogle Scholar
  8. 8.
    Andreasen, F., Baugher, M., & Wing, D. (2006). Session Description Protocol (SDP) Security Descriptions for Media Streams. RFC 4568. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc4568.txt.
  9. 9.
    Arkko, J., Carrara, E., Lindholm, F., Naslund, M., & Norrman, K. (2004). MIKEY: Multimedia Internet KEYing. RFC 3830. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc3830.txt.
  10. 10.
    Arkko, J., Naslund, M., Norrman, K., & Carrara, E. (2006) Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP). RFC 4567. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc4567.txt.
  11. 11.
    Baugher, M., McGrew, D., Naslund, M., Carrara, E., & Norrman, K. (2004). The Secure Real-time Transport Protocol (SRTP). RFC 3711. IETF. Accessed March 15, 2010, from http://www.ietf.org/rfc/rfc3711.txt.
  12. 12.
    Cakulev, V., & Sundaram, G. (2011). MIKEY-IBAKE: Identity-Based Authenticated Key Exchange (IBAKE) Mode of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6267. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc6267.txt.
  13. 13.
    Chang, K.-D., Chen, C.-Y., Chen, J.-L., & Chao, H.-C. (2010). Challenges to next generation services in IP multimedia subsystem. Journal of Information Processing Systems, 6(2), 129–146.CrossRefGoogle Scholar
  14. 14.
    Chen, X., & Lian, S. (2011). Service and P2P based secure media sharing in mobile commerce environments. Electronic Commerce Research, 11(1), 91101.CrossRefGoogle Scholar
  15. 15.
    Dolan, M. F., Tatesh, S., Casati, A., Tsirtsis, G., Anchan, K., & Flore, D. (2012). LTE for public safety networks. IEEE Communications Magazine, 51(2), 106–112.Google Scholar
  16. 16.
    Forsberg, D., Horn, G., Moeller, W.-D., & Niemi, V. (2010) Security for Voice over LTE. In LTE Security (pp. 201–214). Chichester: Wiley.Google Scholar
  17. 17.
    Floroiu, J., & Sisalem, D. (2009). A comparative analysis of the security aspects of the multimedia key exchange protocols. In Proceedings of the 3rd international conference on principles, systems and applications of IP telecommunications. doi: 10.1145/1595637.1595640.
  18. 18.
    Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., et al. (2006). Survey of security vulnerabilities in session initiation protocol. IEEE Communications Surveys & Tutorials, 8(1), 68–81.CrossRefGoogle Scholar
  19. 19.
    Gurbani, V. K., & Kolesnikov, V. (2011). A survey and analysis of media keying techniques in the session initiation protocol (SIP). IEEE Communications Surveys & Tutorials, 13(2), 183–198.CrossRefGoogle Scholar
  20. 20.
    Hunter, M. T., Clark, R. J., & Park, F. S. (2007) Security issues with the IP multimedia subsystem (IMS). In Proceedings of the 2007 Workshop on Middleware for next-generation converged networks and applications. doi: 10.1145/1376878.1376887.
  21. 21.
    Kambourakis, G., Kolias, C., Gritzalis, S., & Park, J.-H. (2011). DoS attacks exploiting signaling in UMTS and IMS. Computer Communications, 34(2011), 226235.Google Scholar
  22. 22.
    Keromytis, A. D. (2012). A comprehensive survey of voice over IP security research. IEEE Communications Surveys & Tutorials, 14(2), 514–537.CrossRefGoogle Scholar
  23. 23.
    Manzer, E. (2012). Evolution and deployment of VoLTE (Voice-over-Long-Term-Evolution). e & i Elektrotechnik und Informationstechnik. doi: 10.1007/s00502-012-0049-5.
  24. 24.
    Mascha, M. F., Miller, C. L., & Janvrin, D. J. (2011). The effect of encryption on Internet purchase intent in multiple vendor and product risk settings. Electronic Commerce Research, 11(4), 401419.CrossRefGoogle Scholar
  25. 25.
    McGrew, D. (2011). The Use of AES-192 and AES-256 in Secure RTP. RFC 6188. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc6188.txt.
  26. 26.
    Mattsson, J., & Tian, T. (2011). MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6043. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc6043.txt.
  27. 27.
    Onofrei, A. A., Rebahi, Y., & Magedanz, T. (2010). Preventing distributed denial-of-service attacks on the IMS Emergency services support through adaptive firewall pinholing. International Journal of Next-Generation Networks., 2(1), 1–17.CrossRefGoogle Scholar
  28. 28.
    Petrova, K., & Wang, B. (2011). Location-based services deployment and demand: A roadmap model. Electronic Commerce Research, 11(1), 529.CrossRefGoogle Scholar
  29. 29.
    Rosenberg, J., & Schulzrinne, H. (2002). An Offer/Answer Model with the Session Description Protocol (SDP). RFC 3264. IETF. Accessed March 15, 2010, from http://www.ietf.org/rfc/rfc3264.txt.
  30. 30.
    Tan, Z. (2012). An efficient identity-based tripartite authenticated key agreement protocol. Electronic Commerce Research, 12(4), 505518.CrossRefGoogle Scholar
  31. 31.
    The Global mobile Suppliers Association (2010). Evolution to LTE. Report. GSA. Accessed November 10, 2012, from http://www.gsacom.com/downloads/pdf/GSA_Evolution_to_LTE_report_011112.php4.
  32. 32.
    Vrakas, N., Geneiatakis, D., & Lambrinoudakis, C. (2013). Evaluating the security and privacy protection level of IP multimedia subsystem environments. IEEE Communications Surveys & Tutorials. doi: 10.1109/SURV.2012.072412.00169.
  33. 33.
    Zimmermann, P., Johnston, A. (Ed.), & Callas, J. (2011). ZRTP: Media Path Key Agreement for Unicast Secure RTP. RFC 6189. IETF. Accessed November 11, 2012, from http://www.ietf.org/rfc/rfc6189.txt.

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Jose Oscar Fajardo
    • 1
  • Fidel Liberal
    • 1
  • Fudong Li
    • 2
  • Nathan Clarke
    • 2
  • Is-Haka Mkwawa
    • 2
  1. 1.Departmento Ingenieria de ComunicacionesUniversity of the Basque Country (UPV/EHU)BilbaoSpain
  2. 2.Centre for Security, Communications and Network Research (CSCAN)Plymouth UniversityPlymouthUK

Personalised recommendations