Multi-level Authentication Based Single Sign-On for IMS Services

  • M. Maachaoui
  • A. Abou El Kalam
  • C. Fraboul
  • A. Ait Ouahman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7394)

Abstract

The IP multimedia Subsystem (IMS) is the evolution of the 3G mobile networks towards new generation networks (NGN) that are only IP based. This architectural framework is seen as a key element for achieving network convergence defining a new horizontal integrated service offering, based on a common signaling protocol (SIP) for all multimedia services such as Voice over IP, Video call, or instant messaging. However the present deployment of IMS is specified according to a specific model, the so called walled-garden. In this model the applications are only provided to the users within the same operator so that the users will not have to look for applications outside the IMS garden. It is a very restrictive access mode for the users because they remain dependent on services offered by the provider and can consequently not choose freely applications they want to subscribe for. The goal of this paper is to include Single Sign-On (SSO) features in the standing IMS architectures to allow the user accessing all the applications, even the external ones transparently, simulating a walled-garden environment. We also introduce the notion of security level that will be affected to the SPs, and implementing it in what we can call “a Multi-level authentication model”.

Keywords

IMS SIP Service provider Single Sign-On (SSO) Multi-level- SSO SAML Authentication 
Download to read the full conference paper text

References

  1. 1.
    The 3rd Generation Partnership Project (3GPP), http://www.3gpp.org/
  2. 2.
  3. 3.
    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Spark, R., Handley, M., Schooler, E.: Session Initiation Protocol. RFC 3261 (June 2002)Google Scholar
  4. 4.
    Al-Begain, K., Balakrishna, C., Galindo, L.A.: IMS: a development and deployment perspectiveGoogle Scholar
  5. 5.
    3GPP TS 33.105: Cryptographic algorithm requirements. s.l.: ETSI, 2009-02. vol. 8Google Scholar
  6. 6.
    Calhoun, P., Loughney, J., Guttman, E., Zorn, G., Arkko, J.: DiameterBase Protocol, RFC3588 (September 2003)Google Scholar
  7. 7.
    Kent, S., Atkinson, R.: Security architecture for the internet protocol. IETF, RFC2401 (November 1998)Google Scholar
  8. 8.
    Camarillo, G., Garcia-Martin, M.A.: The 3G IP Multimedia Subsystem (IMS) Merging the Internet and the Cellular Worlds, 3rd edn. John Wiley & Sons Ltd. (2008)Google Scholar
  9. 9.
    M. A. C. for Education (MACE), Shibboleth (Internet2), http://shibboleth.internet2.edu/
  10. 10.
    Security Assertion Markup Language (SAML) V2.0 Technical OverviewGoogle Scholar
  11. 11.
    Liberty Alliance Project: Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification, Version: v2.0 Google Scholar
  12. 12.
    3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, Generic Authentication Architecture (GAA), Generic Bootstrapping Architecture (GBA), (Release 11) 3GPP TS 33.220 V11.1.0 (2011-12) 2 Google Scholar
  13. 13.
    Jennings, C., Peterson, J., Watson, M.: Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks. RFC 3325 (November 2002)Google Scholar
  14. 14.
    Islam, S., Grégoire, J.-C.: Multi-domain authentication for IMS services. Computer Networks 55(12), 2689–2704 (2011)CrossRefGoogle Scholar
  15. 15.
    Ying, N., Yao, Z., Hua, Z.: The Study of Multi-Level Authentication–Based Single Sign-on System. In: Proceedings of IC-BNMT 2009 (2009)Google Scholar
  16. 16.
    OASIS SAML V2.0 Identity Assurance Profiles,Version 1.0 Committee Draft 01 (September 22, 2009) Google Scholar
  17. 17.
    Grégoire, J.-C., Islam, S.: An SSO-enabled architecture for beyond the IMS domain services. In: Proceedings of the 6th NGNM in MANWEEK, pp. 37–49 (2009)Google Scholar
  18. 18.
    Islam, S., Grégoire, J.-C.: User-centric service provisioning for IMS. In: Proceedings of the 6th International Conference on Mobile Technology, Applications, and Systems (2009)Google Scholar
  19. 19.
  20. 20.
    Tschofenig, H., Peterson, J., Polk, J., Sicker, D., Hodges, J.: SIP SAML Profile and Binding, status: IETF Draft Standard (October 2010)Google Scholar
  21. 21.
    NIST, Electronic Authentication Guideline (April 2006)Google Scholar
  22. 22.
    Luo, M., Wen, Y.-Y., Zhao, H.: A Certificate-Based Authenticated Key Agreement Protocol for SIP-Based VoIP Networks. In: 2008 IFIP International Conference on Network and Parallel Computing (2008)Google Scholar
  23. 23.
    Wang, F.J., Zhang, Y.Q.: A new provably secure authentication and key agreement mechanism for SIP using certificateless public key cryptography. In: 2007 International Conference on Computational Intelligence and Security, Harbin, pp. 809–814 (2007), doi:10.1109/CIS.2007.113Google Scholar
  24. 24.
    Dotson, S.: Certificate Authentication in SIP, status: IETF Draft Standard (November 2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • M. Maachaoui
    • 1
    • 2
  • A. Abou El Kalam
    • 2
  • C. Fraboul
    • 1
  • A. Ait Ouahman
    • 2
  1. 1.IRIT-ENSEEIHTUniversité de ToulouseToulouseFrance
  2. 2.ENSAUniversité Cadi-AyyadMarrakeshMorocco

Personalised recommendations