End-to-middle-to-end solution for IMS media plane security
IP multimedia subsystem (IMS) is becoming the prevailing candidate for managing future mobile multimedia communications, including critical communications such as public safety, emergency professionals and corporate networks. IMS security and privacy has gained much attention in the few last years. The review of recent IMS security activities stresses the inclusion of intermediate nodes in the media path of secured communications as an open issue. This paper presents an end-to-middle-to-end solution which enables the usage of IMS media plane elements such as recorders, transcoders and novel cross-ciphering functions in a secure way. The proposed solution, which is fully compliant with IMS, includes the network architecture, the signaling plane for session signaling and key management, and the media-plane security characteristics. Experimental results demonstrate that the proposed solution can provide media interoperability (both transcoding and cross-ciphering) with a cost of 17 % overhead to a standard IMS call setup in the signaling plane.
KeywordsIMS Media plane security Cross-ciphering Security resource function
The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement 284863 (FP7 SEC GERYON).
- 1.3rd Generation Partnership Project (2000). IP Multimedia Subsystem (IMS); Stage 2. Technical Specification 23.228. 3GPP. Accessed September 28, 2010, from http://www.3gpp.org/ftp/Specs/html-info/23228.htm.
- 2.3rd Generation Partnership Project (2001). 3G security; Access security for IP-based services. Technical Specification 33.203. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33203.htm.
- 3.3rd Generation Partnership Project (2001). IP Multimedia (IM) session handling; IM call model; Stage 2. Technical Specification 23.218. 3GPP. Accessed July 10, 2010, from http://www.3gpp.org/ftp/Specs/html-info/23218.htm.
- 4.3rd Generation Partnership Project (2002). 3G security; Network Domain Security (NDS); IP network layer security. Technical Specification 33.210. 3GPP. http://www.3gpp.org/ftp/Specs/html-info/33210.htm.
- 5.3rd Generation Partnership Project (2009). IP Multimedia Subsystem (IMS) media plane security. Technical Specification 33.328. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33328.htm.
- 6.3rd Generation Partnership Project (2009–2012). IP Multimedia Subsystem (IMS) media plane security. Technical Report 33.828. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33828.htm.
- 8.Andreasen, F., Baugher, M., & Wing, D. (2006). Session Description Protocol (SDP) Security Descriptions for Media Streams. RFC 4568. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc4568.txt.
- 9.Arkko, J., Carrara, E., Lindholm, F., Naslund, M., & Norrman, K. (2004). MIKEY: Multimedia Internet KEYing. RFC 3830. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc3830.txt.
- 10.Arkko, J., Naslund, M., Norrman, K., & Carrara, E. (2006) Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP). RFC 4567. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc4567.txt.
- 11.Baugher, M., McGrew, D., Naslund, M., Carrara, E., & Norrman, K. (2004). The Secure Real-time Transport Protocol (SRTP). RFC 3711. IETF. Accessed March 15, 2010, from http://www.ietf.org/rfc/rfc3711.txt.
- 12.Cakulev, V., & Sundaram, G. (2011). MIKEY-IBAKE: Identity-Based Authenticated Key Exchange (IBAKE) Mode of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6267. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc6267.txt.
- 15.Dolan, M. F., Tatesh, S., Casati, A., Tsirtsis, G., Anchan, K., & Flore, D. (2012). LTE for public safety networks. IEEE Communications Magazine, 51(2), 106–112.Google Scholar
- 16.Forsberg, D., Horn, G., Moeller, W.-D., & Niemi, V. (2010) Security for Voice over LTE. In LTE Security (pp. 201–214). Chichester: Wiley.Google Scholar
- 17.Floroiu, J., & Sisalem, D. (2009). A comparative analysis of the security aspects of the multimedia key exchange protocols. In Proceedings of the 3rd international conference on principles, systems and applications of IP telecommunications. doi: 10.1145/1595637.1595640.
- 20.Hunter, M. T., Clark, R. J., & Park, F. S. (2007) Security issues with the IP multimedia subsystem (IMS). In Proceedings of the 2007 Workshop on Middleware for next-generation converged networks and applications. doi: 10.1145/1376878.1376887.
- 21.Kambourakis, G., Kolias, C., Gritzalis, S., & Park, J.-H. (2011). DoS attacks exploiting signaling in UMTS and IMS. Computer Communications, 34(2011), 226235.Google Scholar
- 23.Manzer, E. (2012). Evolution and deployment of VoLTE (Voice-over-Long-Term-Evolution). e & i Elektrotechnik und Informationstechnik. doi: 10.1007/s00502-012-0049-5.
- 25.McGrew, D. (2011). The Use of AES-192 and AES-256 in Secure RTP. RFC 6188. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc6188.txt.
- 26.Mattsson, J., & Tian, T. (2011). MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6043. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc6043.txt.
- 29.Rosenberg, J., & Schulzrinne, H. (2002). An Offer/Answer Model with the Session Description Protocol (SDP). RFC 3264. IETF. Accessed March 15, 2010, from http://www.ietf.org/rfc/rfc3264.txt.
- 31.The Global mobile Suppliers Association (2010). Evolution to LTE. Report. GSA. Accessed November 10, 2012, from http://www.gsacom.com/downloads/pdf/GSA_Evolution_to_LTE_report_011112.php4.
- 32.Vrakas, N., Geneiatakis, D., & Lambrinoudakis, C. (2013). Evaluating the security and privacy protection level of IP multimedia subsystem environments. IEEE Communications Surveys & Tutorials. doi: 10.1109/SURV.2012.072412.00169.
- 33.Zimmermann, P., Johnston, A. (Ed.), & Callas, J. (2011). ZRTP: Media Path Key Agreement for Unicast Secure RTP. RFC 6189. IETF. Accessed November 11, 2012, from http://www.ietf.org/rfc/rfc6189.txt.