Electronic Commerce Research

, Volume 19, Issue 3, pp 719–746 | Cite as

End-to-middle-to-end solution for IMS media plane security

  • Jose Oscar FajardoEmail author
  • Fidel Liberal
  • Fudong Li
  • Nathan Clarke
  • Is-Haka Mkwawa


IP multimedia subsystem (IMS) is becoming the prevailing candidate for managing future mobile multimedia communications, including critical communications such as public safety, emergency professionals and corporate networks. IMS security and privacy has gained much attention in the few last years. The review of recent IMS security activities stresses the inclusion of intermediate nodes in the media path of secured communications as an open issue. This paper presents an end-to-middle-to-end solution which enables the usage of IMS media plane elements such as recorders, transcoders and novel cross-ciphering functions in a secure way. The proposed solution, which is fully compliant with IMS, includes the network architecture, the signaling plane for session signaling and key management, and the media-plane security characteristics. Experimental results demonstrate that the proposed solution can provide media interoperability (both transcoding and cross-ciphering) with a cost of 17 % overhead to a standard IMS call setup in the signaling plane.


IMS Media plane security Cross-ciphering Security resource function 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.



The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement 284863 (FP7 SEC GERYON).


  1. 1.
    3rd Generation Partnership Project (2000). IP Multimedia Subsystem (IMS); Stage 2. Technical Specification 23.228. 3GPP. Accessed September 28, 2010, from
  2. 2.
    3rd Generation Partnership Project (2001). 3G security; Access security for IP-based services. Technical Specification 33.203. 3GPP. Accessed December 20, 2010, from
  3. 3.
    3rd Generation Partnership Project (2001). IP Multimedia (IM) session handling; IM call model; Stage 2. Technical Specification 23.218. 3GPP. Accessed July 10, 2010, from
  4. 4.
    3rd Generation Partnership Project (2002). 3G security; Network Domain Security (NDS); IP network layer security. Technical Specification 33.210. 3GPP.
  5. 5.
    3rd Generation Partnership Project (2009). IP Multimedia Subsystem (IMS) media plane security. Technical Specification 33.328. 3GPP. Accessed December 20, 2010, from
  6. 6.
    3rdGeneration Partnership Project (2009-2012). IP Multimedia Subsystem (IMS) media plane security. Technical Report 33.828. 3GPP. Accessed December 20, 2010, from
  7. 7.
    Aloudat, A., Michael, K.: Toward the regulation of ubiquitous mobile government: a case study on location-based emergency services in Australia. Electronic Commerce Research 11(1), 3174 (2011)CrossRefGoogle Scholar
  8. 8.
    Andreasen, F., Baugher, M.,& Wing, D. (2006). Session Description Protocol (SDP) Security Descriptions for Media Streams. RFC 4568. IETF. Accessed June 8, 2012, from
  9. 9.
    Arkko, J., Carrara, E., Lindholm, F., Naslund, M., & Norrman,K. (2004). MIKEY:Multimedia Internet KEYing. RFC 3830. IETF. Accessed October 8, 2012, from
  10. 10.
    Arkko, J., Naslund, M., Norrman, K., & Carrara, E. (2006) Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP). RFC 4567. IETF. Accessed June 8, 2012, from
  11. 11.
    Baugher, M., McGrew, D., Naslund, M., Carrara, E., & Norrman, K. (2004). The Secure Real-time Transport Protocol (SRTP). RFC 3711. IETF. AccessedMarch 15, 2010, from
  12. 12.
    Cakulev, V., & Sundaram, G. (2011). MIKEY-IBAKE: Identity-Based Authenticated Key Exchange (IBAKE) Mode of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6267. IETF. Accessed October 8, 2012, from
  13. 13.
    Chang, K.-D., Chen, C.-Y., Chen, J.-L., Chao, H.-C.: Challenges to next generation services in IP multimedia subsystem. Journal of Information Processing Systems 6(2), 129–146 (2010)CrossRefGoogle Scholar
  14. 14.
    Chen, X., Lian, S.: Service and P2P based secure media sharing in mobile commerce environments. Electronic Commerce Research 11(1), 91101 (2011)CrossRefGoogle Scholar
  15. 15.
    Dolan, M.F., Tatesh, S., Casati, A., Tsirtsis, G., Anchan, K., Flore, D.: LTE for public safety networks. IEEE Communications Magazine 51(2), 106–112 (2012)Google Scholar
  16. 16.
    Forsberg, D., Horn, G., Moeller, W.-D., Niemi, V.: Security for Voice over LTE. LTE Security, pp. 201–214. Wiley, Chichester (2010)CrossRefGoogle Scholar
  17. 17.
    Floroiu, J., & Sisalem, D. (2009). A comparative analysis of the security aspects of the multimedia key exchange protocols. In Proceedings of the 3rd international conference on principles, systems and applications of IP telecommunications. doi:10.1145/1595637.1595640.
  18. 18.
    Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Communications Surveys & Tutorials 8(1), 68–81 (2006)CrossRefGoogle Scholar
  19. 19.
    Gurbani, V.K., Kolesnikov, V.: A survey and analysis of media keying techniques in the session initiation protocol (SIP). IEEE Communications Surveys & Tutorials 13(2), 183–198 (2011)CrossRefGoogle Scholar
  20. 20.
    Hunter, M. T., Clark, R. J., & Park, F. S. (2007) Security issues with the IP multimedia subsystem (IMS). In Proceedings of the 2007 Workshop on Middleware for next-generation converged networks and applications. doi:10.1145/1376878.1376887.
  21. 21.
    Kambourakis, G., Kolias, C., Gritzalis, S., Park, J.-H.: DoS attacks exploiting signaling in UMTS and IMS. Computer Communications 34(2011), 226235 (2011)Google Scholar
  22. 22.
    Keromytis, A.D.: A comprehensive survey of voice over IP security research. IEEE Communications Surveys & Tutorials 14(2), 514–537 (2012)CrossRefGoogle Scholar
  23. 23.
    Manzer, E. (2012). Evolution and deployment of VoLTE (Voice-over-Long-Term-Evolution). e & i Elektrotechnik und Informationstechnik. doi:10.1007/s00502-012-0049-5.
  24. 24.
    Mascha, M.F., Miller, C.L., Janvrin, D.J.: The effect of encryption on Internet purchase intent in multiple vendor and product risk settings. Electronic Commerce Research 11(4), 401419 (2011)CrossRefGoogle Scholar
  25. 25.
    McGrew, D. (2011). The Use of AES-192 and AES-256 in Secure RTP. RFC 6188. IETF. Accessed June 8, 2012, from
  26. 26.
    Mattsson, J., & Tian, T. (2011). MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6043. IETF. Accessed October 8, 2012, from
  27. 27.
    Onofrei, A.A., Rebahi, Y., Magedanz, T.: Preventing distributed denial-of-service attacks on the IMS Emergency services support through adaptive firewall pinholing. International Journal of Next-Generation Networks. 2(1), 1–17 (2010)CrossRefGoogle Scholar
  28. 28.
    Petrova, K., Wang, B.: Location-based services deployment and demand: A roadmap model. Electronic Commerce Research 11(1), 529 (2011)CrossRefGoogle Scholar
  29. 29.
    Rosenberg, J., & Schulzrinne, H. (2002). AnOffer/Answer Model with the Session Description Protocol (SDP). RFC 3264. IETF. Accessed March 15, 2010, from
  30. 30.
    Tan, Z.: An efficient identity-based tripartite authenticated key agreement protocol. Electronic Commerce Research 12(4), 505518 (2012)CrossRefGoogle Scholar
  31. 31.
    The Global mobile Suppliers Association (2010). Evolution to LTE. Report. GSA. Accessed November 10, 2012, from
  32. 32.
    Vrakas, N., Geneiatakis, D., Lambrinoudakis, C.: Evaluating the security and privacy protection level of IP multimedia subsystem environments. IEEE Communications Surveys & Tutorials (2013). doi:10.1109/SURV.2012.072412.00169 Google Scholar
  33. 33.
    Zimmermann, P., Johnston, A. (Ed.), & Callas, J. (2011). ZRTP: Media Path Key Agreement for Unicast Secure RTP. RFC 6189. IETF. Accessed November 11, 2012, from

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  • Jose Oscar Fajardo
    • 1
    Email author
  • Fidel Liberal
    • 1
  • Fudong Li
    • 2
  • Nathan Clarke
    • 2
  • Is-Haka Mkwawa
    • 2
  1. 1.Departmento Ingenieria de ComunicacionesUniversity of the Basque Country (UPV/EHU), ETSI BilbaoAlmda Urquijo s/nSpain
  2. 2.Centre for SecurityCommunications and Network Research (CSCAN), Plymouth UniversityPlymouthUK

Personalised recommendations