CN1697368A - Method for protecting access security of IP multimedia subsystem based on TLS - Google Patents
Method for protecting access security of IP multimedia subsystem based on TLS Download PDFInfo
- Publication number
- CN1697368A CN1697368A CN 200510077244 CN200510077244A CN1697368A CN 1697368 A CN1697368 A CN 1697368A CN 200510077244 CN200510077244 CN 200510077244 CN 200510077244 A CN200510077244 A CN 200510077244A CN 1697368 A CN1697368 A CN 1697368A
- Authority
- CN
- China
- Prior art keywords
- cscf
- encryption suite
- tls
- message
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
In registration process through UE, using IMS AKA protocol to negotiate with P -CSCF, the method discloses uses TLS connect session in TCP connection. Then, the TLS connect session guarantees transmission security of IMS signaling between UE and P -CSCF. Features are: simple implementing procedure, being able to protect access safety of IMS. Comparing with prior art, the invention overcomes issue of weak bi-directional authentication so that attacker is not able to implement intermediator attack.
Description
Technical field
The present invention relates to the security fields of communication system, specifically, the present invention relates to the guard method of IMS (IP Multimedia System) access security.
Background technology
IMS is the subsystem of the support IP multimedia service that proposes in the Release5 version of 3GPP2, it can provide the core net functional entity of multimedia service to form by all, comprised the set of the functional entity that signaling is relevant with carrying, these functional entitys relate to CSCF (CSCF), MGCF (MGCF), MRF (media resource function) and HSS (home signature user server) etc.IMS is based on SIP (Session initiation Protocol) system, and SIP is the text based signaling protocol by client/server approach work, and IMS uses SIP to call out controlling mechanism various types of multimedia services of creating, manage and terminate.Except being the core with SIP, IMS has adaptability widely to various IMS access technologies, and IMS can support the mobile access way of 2G, 3G at present, and IMS also can support other access way in the future, inserts as fixing access, WLAN etc.IMS not only provides abundant next generation multimedia business and telephone service, help operator to enter high-end user market fast, and, develop new business of future generation fast, neatly for it open platform is provided for the business development merchant provides open environment able to programme.
In order to guarantee the safety of IMS system, IMS proposes the demand for security of the following aspects: the safety between the safety in the safety between IMS access security, CSCF and the HSS, the consolidated network between each functional entity of IMS, the heterogeneous networks between the IMS functional entity.The access security of IMS relates to user's authentication and the communication security between user terminal and the P-CSCF (agent call State Control function).The access security of current I MS guarantees by IPSec/IMS AKA (seeing 3GPP TS33.203) mechanism.
UE must register before entering IMS, finishes the authentication of P-CSCF to UE in registration process.The registration process of IMS is finished (seeing accompanying drawing 1) by IMS AKA, and its process is as follows:
1. the user sends registration message (SM1) to P-CSCF, comprises user's IMPI (the privately owned sign of UE), IMPU (public identify of UE) in this message.
2.P-CSCF registration message (SM2) is transmitted to user attaching web portal I-CSCF.
3.I-CSCF registration message is transmitted to S-CSCF.
Remove to authenticate UE 4.S-CSCF obtain the AV relevant (Ciphering Key, authentication authorization and accounting five-tuple RAND, AUTN, XRES, IK (integrity protection key), CK (encryption key)) from HSS with UE by the identify label of UE.
5.S-CSCF send an authentication challenge message Auth_Challenge (SM4) to I-CSCF, this message comprises RAND, AUTN, IK, a CK in the AV five-tuple.
6.I-CSCF (SM5) is transmitted to P-CSCF with authentication challenge message.
7.P-CSCF (SM6) is transmitted to UE with authentication challenge message, only includes RAND and AUTN in the AV five-tuple in this authentication challenge message.
8.UE authenticate the authentication information that P-CSCF sends, and calculate RES, IK and CK, RES and other parameter are sent to P-CSCF as authentication response (SM7) according to local policy.
9.P-CSCF (SM8) sends to I-CSCF with authentication response.
10.I-CSCF (SM9) sends to S-CSCF with authentication response.
11.S-CSCF relatively whether the RES in the authentication response is equal with corresponding XRES, if equal, authentication success then, S-CSCF will send authentication success message to UE.
In IPSec/IMS AKA mechanism; IMS AKA is except finishing registering functional; also finished the negotiation of the security association (set of security information such as cryptographic algorithm and association key) between UE and the P-CSCF simultaneously, UE and P-CSCF use IPSec ESP (RFC 2406) to protect the IMS signaling of transmitting between them then.But when having NAT (network address translation) between UE and the P-CSCF, some problems have appearred in IPSec/IMS AKA mechanism.Because the IMS signaling bear is wrapped at IP, when NAT is crossed in the IP free clothing, NAT changes the source address of IP bag, and the recipient is after receiving this IP bag, to go the verification corresponding security strategy according to source IP address, source port, purpose IP address, the destination interface in this IP bag, but owing to source IP address is changed by NAT, so the impossible correct verification security strategy of recipient causes the communication process failure.Why IPSec goes wrong when protection IMS access security; be because IPSec will use the IP address information in the IP bag packet header; and after the IP address changed by NAT; make IPSec can't obtain correct IP address; therefore, the current people of having has proposed to use tls protocol to protect the access security of IMS.
Tls protocol is under the jurisdiction of session layer, and it is based upon on the transport layer protocol TCP, for communicating pair provides the secure data transmission passage.Tls protocol is divided into two-layer: shake hands layer and recording layer.The TLS layer of shaking hands is used for the encryption standard of bipartite secured session of negotiation communication and use thereof, the main effect of TLS recording layer is that the data that the upper strata sends are sent by Transmission Control Protocol after the encryption standard of secured session is encrypted, and will use to encrypt from the data that Transmission Control Protocol receives to send to upper layer application after standard is deciphered.
Because tls protocol is based upon on the TCP connection, the TLS secured session connects and binds together with the TCP of this locality, there is not direct relation with the information of IP layer, therefore NAT penetrates (maintenance that the NAT that comprises TCP penetrates, NAT penetrates down the TCP connection etc.) agreement solution by TLS lower floor, to TLS is transparent, does not need to consider the NAT penetration problem when using TLS.
Current someone has proposed a kind of IMS access security scheme based on TLS.The main thought of this scheme is: UE is before sending article one IMS signaling message, and UE and P-CSCF realize the authentication of UE to the P-CSCF end by the session of tls handshake protocol negotiation to establish safety in handshake procedure.All IMS signaling messages that send between UE and the P-CSCF are all by the confidentiality and the integrality of this message of TLS recording layer protocol protection.
Although above-mentioned IMS access security scheme based on TLS makes that shielded IMS signaling can penetrating NAT, still there are a lot of problems in it.A more serious safety problem is exactly, the unilateral authentication problem in the process is set up in the TLS session, because in tls protocol, support communicating pair to use certificate to carry out authentication, and 3GPP only is supported in network side use certificate, on user terminal, do not support to use certificate, so UE and P-CSCF are in TLS session negotiation process, only support that UE authenticates P-CSCF, P-CSCF can not authenticate the identity of UE, so the assailant can pretend to be the user to insert IMS, and validated user is carried out man-in-the-middle attack.
Summary of the invention
In order to address the above problem; the present invention proposes a kind of IP Multimedia System access security guard method based on TLS; it is mainly based on a kind of like this thought: make UE carry out the IMS registration on TCP connects; UE is in registration process; utilize IMS AKA agreement and P-CSCF to consult to be connected the TLS connection session of using, utilize the transmission security of IMS signaling (these IMS signalings all are connected transmission at this TCP) between this TLS connection session assurance UE and the P-CSCF then at this TCP.
Implementation procedure of the present invention is as follows:
The first step, UE sets up TCP with P-CSCF and is connected;
Second step, UE registration, UE is connected transmission with IMS signaling between the P-CSCF at described TCP in registration process, and UE and P-CSCF negotiate the TLS secured session on this TCP is connected;
In the 3rd step, the IMS signaling between UE and the P-CSCF is all used the protection of this TLS connection session, till UE and P-CSCF will set up new TLS safety and be connected.
Preferably, described UE and P-CSCF negotiate the detailed process of TLS secured session and are:
(1) UE sends initial registration message to P-CSCF, comprises user's IMPI, IMPU in this message, the purpose encryption suite list that also comprises UE in this message simultaneously and supported; P-CSCF is after receiving the registration message that UE sends, and purpose encryption suite list, the own purpose encryption suite list of supporting and the priority relationship thereof supported according to UE are by the encryption suite of encryption suite of certain policy selection as TLS session use; P-CSCF can select both to be supported also to be supported in the encryption suite encryption suite that priority is the highest by UE by P-CSCF when selecting encryption suite;
(2) P-CSCF comprises the TLS session id of P-CSCF generation, purpose encryption suite list and the priority relationship thereof that P-CSCF supports when UE transmits authentication challenge message in this message; UE after receiving the authentication challenge message that P-CSCF sends, the encryption suite that purpose encryption suite list of supporting according to the purpose encryption suite list of oneself supporting, P-CSCF and priority relationship thereof are used as the TLS session by encryption suite of certain policy selection; UE can select both to be supported also to be supported in the encryption suite encryption suite that priority is the highest by UE by P-CSCF when selecting encryption suite;
(3) UE and P-CSCF are according to the association attributes of the TLS session of consulting in above-mentioned two steps, generate the TLS session in each comfortable TCP connection, after this, the IMS signaling between UE and the P-CSCF is all used the protection of this TLS connection session, till UE and P-CSCF will set up new TLS safety and be connected;
(4) UE sends the 2nd registration message to P-CSCF, has comprised P-CSCF in this message and respond information such as purpose encryption suite list that the P-CSCF that gives UE supports and priority relationship thereof in authentication challenge message; If P-CSCF sends to what comprise in the authentication challenge message of UE in the first step be the encryption suite that P-CSCF selects, then comprised UE in this registration message and sent to the information such as encryption suite that the purpose encryption suite list of P-CSCF and priority relationship thereof, P-CSCF select; After P-CSCF receives this registration message, will judge in view of the above that relevant information has not to be altered when P-CSCF and UE consulted encryption suite;
(5) P-CSCF transmits authentication success/failed message to UE.Preferably, UE selects the mode of encryption suite to be in the described step (2): P-CSCF is when UE transmits authentication challenge message, comprise the encryption suite of the middle P-CSCF selection of TLS session id, step (1) of P-CSCF generation in this message, UE also will select to use this encryption suite.
Preferably, encryption key and integrity protection key that described encryption suite uses can be deduced out by CK and IK, and CK and IK are that UE obtains in registration process.
Implementation method of the present invention is compared with existing IMS access security scheme, and not only process is simple, and the access security of the IMS that can protect, and has overcome the weak two-way authentication problem in the existing scheme, makes the assailant can not implement man-in-the-middle attack.
Description of drawings
Fig. 1 prior art UE passes through the process flow diagram that IMS AKA registers;
The method TLS/IMS AKA flow chart of the protection IMS access security that Fig. 2 the present invention is designed.
Embodiment
Present embodiment is an example with Fig. 2, has described among the present invention the method with TLS/IMS AKA protocol protection IMS access security.UE and P-CSCF all support TLS/IMS AKA security mechanism in the present embodiment, the encryption suite that UE supports has TLS_RSA_WITH_IDEA_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, the encryption suite that P-CSCF supports has TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_ITH_DES_CBC_SHA, and the former priority is greater than the latter's priority, and the IMS access procedure flow process of UE is as follows:
1.UE setting up TCP with P-CSCF is connected.
2.UE send initial registration message (Register) SM1 to P-CSCF, the IMPI, the IMPU that comprise the user in this message, purpose encryption suite list { the TLS_RSA_WITH_IDEA_CBC_SHA that also comprises UE in this message simultaneously and supported, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA}.P-CSCF according to purpose encryption suite list, own purpose encryption suite list and encryption suite of priority relationship thereof of supporting that UE supports, selects employing TLS_RSA_WITH_3DES_EDE_CBC_SHA after receiving the registration message that UE sends.
3.P-CSCF when UE transmits authentication challenge (Auth-Challenge) message SM16, in this message, comprise the TLS session id (sign) of P-CSCF generation, the purpose encryption suite list { TLS_RSA_WITH_3DES_EDE_CBC_SHA that P-CSCF supports, TLS_RSA_WITH_DES_CBC_SHA}, these encryption suites according to priority size order arrange.UE selects to adopt TLS_RSA_WITH_3DES_EDE_CBC_SHA according to purpose encryption suite list and priority relationship thereof that the purpose encryption suite list of oneself supporting, P-CSCF support after receiving the authentication challenge message that P-CSCF sends.
4.UE be connected generation TLS session with each comfortable TCP of P-CSCF.In above-mentioned 2,3 steps, UE and P-CSCF have had a pair of cipher key shared CK and IK (this generates in registration process IMS AKA key), and consulted the attribute of TLS session, as TLS session identification, the employed encryption suite TLS_RSA_WITH_3DES_EDE_CBC_SHA of TLS session.This TLS session is used the encryption suite of consulting in the said process by the TLS session id sign that P-CSCF generates, and the encryption key that this encryption suite uses is deduced out by CK, and the integrity protection key is deduced out by IK.After UE and P-CSCF negotiated TLS safety connection session, the IMS signaling between UE and the P-CSCF was all used the protection of TLS connection session.
5.UE the 2nd registration message SM7 to the P-CSCF transmission, comprise P-CSCF in this message and in authentication challenge message, responded the security information of giving UE, be the purpose encryption suite list { TLS_RSA_WITH_3DES_EDE_CBC_SHA that TLS session id (sign), P-CSCF support, TLS_RSA_WITH_DES_CBC_SHA} etc., after P-CSCF receives this registration message, do not distorted judging that in view of the above message that P-CSCF sends to UE has.
6.P-CSCF transmit authentication success/failed message SM12 to UE.
The 4th step in said process; UE and P-CSCF have negotiated TLS safety connection session; after this all IMS signalings between UE and the P-CSCF (comprising the 5th, 6 liang of IMS signaling SM7, the SM12 in the step) are all by TLS safety connection session protection, till UE and P-CSCF will set up new TLS safety and be connected.
Claims (4)
1. IP Multimedia System access security guard method based on TLS is characterized in that described method comprises following processing procedure:
The first step, UE sets up TCP with P-CSCF and is connected;
Second step, UE registration, UE is connected transmission with IMS signaling between the P-CSCF at described TCP in registration process, and UE and P-CSCF negotiate the TLS secured session on this TCP is connected;
In the 3rd step, the IMS signaling between UE and the P-CSCF is all used the protection of this TLS connection session, till UE and P-CSCF will set up new TLS safety and be connected.
2. method according to claim 1 is characterized in that, the detailed process that described UE and P-CSCF negotiate the TLS secured session is:
(1) UE sends initial registration message to P-CSCF, comprises user's IMPI, IMPU in this message, the purpose encryption suite list that also comprises UE in this message simultaneously and supported; P-CSCF is after receiving the registration message that UE sends, and purpose encryption suite list, the own purpose encryption suite list of supporting and the priority relationship thereof supported according to UE are by the encryption suite of encryption suite of certain policy selection as TLS session use; P-CSCF can select both to be supported also to be supported in the encryption suite encryption suite that priority is the highest by UE by P-CSCF when selecting encryption suite;
(2) P-CSCF comprises the TLS session id of P-CSCF generation, purpose encryption suite list and the priority relationship thereof that P-CSCF supports when UE transmits authentication challenge message in this message; UE after receiving the authentication challenge message that P-CSCF sends, the encryption suite that purpose encryption suite list of supporting according to the purpose encryption suite list of oneself supporting, P-CSCF and priority relationship thereof are used as the TLS session by encryption suite of certain policy selection; UE can select both to be supported also to be supported in the encryption suite encryption suite that priority is the highest by UE by P-CSCF when selecting encryption suite;
(3) UE and P-CSCF are according to the association attributes of the TLS session of consulting in above-mentioned two steps, generate the TLS session in each comfortable TCP connection, after this, the IMS signaling between UE and the P-CSCF is all used the protection of this TLS connection session, till UE and P-CSCF will set up new TLS safety and be connected;
(4) UE sends the 2nd registration message to P-CSCF, has comprised P-CSCF in this message and respond information such as purpose encryption suite list that the P-CSCF that gives UE supports and priority relationship thereof in authentication challenge message; If P-CSCF sends to what comprise in the authentication challenge message of UE in the first step be the encryption suite that P-CSCF selects, then comprised UE in this registration message and sent to the information such as encryption suite that the purpose encryption suite list of P-CSCF and priority relationship thereof, P-CSCF select; After P-CSCF receives this registration message, will judge in view of the above that relevant information has not to be altered when P-CSCF and UE consulted encryption suite;
(5) P-CSCF transmits authentication success/failed message to UE.
3. method according to claim 2 is characterized in that, UE selects the mode of encryption suite to be in the described step (2):
P-CSCF comprises the encryption suite of the middle P-CSCF selection of TLS session id, step (1) of P-CSCF generation when UE transmits authentication challenge message in this message, UE also will select to use this encryption suite.
4. according to claim 2 or 3 described methods, it is characterized in that encryption key and integrity protection key that described encryption suite uses can be deduced out by CK and IK, CK and IK are that UE obtains in registration process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100772440A CN100561909C (en) | 2005-06-20 | 2005-06-20 | A kind of IP Multimedia System access security guard method based on TLS |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100772440A CN100561909C (en) | 2005-06-20 | 2005-06-20 | A kind of IP Multimedia System access security guard method based on TLS |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1697368A true CN1697368A (en) | 2005-11-16 |
| CN100561909C CN100561909C (en) | 2009-11-18 |
Family
ID=35349909
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100772440A Active CN100561909C (en) | 2005-06-20 | 2005-06-20 | A kind of IP Multimedia System access security guard method based on TLS |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100561909C (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007098660A1 (en) * | 2006-03-02 | 2007-09-07 | Huawei Technologies Co., Ltd. | An authentication method and system between network entities in ip multimedia subsystem |
| WO2008037196A1 (en) * | 2006-09-30 | 2008-04-03 | Huawei Technologies Co., Ltd. | The method, system and device for authenticating in ims |
| WO2011020332A1 (en) * | 2009-08-20 | 2011-02-24 | 中兴通讯股份有限公司 | Method and system for encrypting media data of ip multimedia subsystem session |
| CN101217364B (en) * | 2007-12-28 | 2012-03-21 | 中国科学院计算技术研究所 | An organization structure and maintenance method of security context in media accessing control system |
| CN101467418B (en) * | 2006-06-20 | 2013-05-08 | 艾利森电话股份有限公司 | Loss of signaling loading transmission |
| CN102083064B (en) * | 2009-11-26 | 2014-01-08 | 大唐移动通信设备有限公司 | Method and system for strengthening flexibility of key derivation algorithms |
| CN106031097A (en) * | 2015-01-14 | 2016-10-12 | 华为技术有限公司 | Service processing method and device |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
-
2005
- 2005-06-20 CN CNB2005100772440A patent/CN100561909C/en active Active
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007098660A1 (en) * | 2006-03-02 | 2007-09-07 | Huawei Technologies Co., Ltd. | An authentication method and system between network entities in ip multimedia subsystem |
| CN101030854B (en) * | 2006-03-02 | 2010-05-12 | 华为技术有限公司 | Method and apparatus for inter-verifying network between multi-medium sub-systems |
| CN101467418B (en) * | 2006-06-20 | 2013-05-08 | 艾利森电话股份有限公司 | Loss of signaling loading transmission |
| US10063597B2 (en) | 2006-06-20 | 2018-08-28 | Telefonaktiebolaget Lm Ericsson (Publ) | Loss of signalling bearer transport |
| WO2008037196A1 (en) * | 2006-09-30 | 2008-04-03 | Huawei Technologies Co., Ltd. | The method, system and device for authenticating in ims |
| CN101217364B (en) * | 2007-12-28 | 2012-03-21 | 中国科学院计算技术研究所 | An organization structure and maintenance method of security context in media accessing control system |
| WO2011020332A1 (en) * | 2009-08-20 | 2011-02-24 | 中兴通讯股份有限公司 | Method and system for encrypting media data of ip multimedia subsystem session |
| CN102083064B (en) * | 2009-11-26 | 2014-01-08 | 大唐移动通信设备有限公司 | Method and system for strengthening flexibility of key derivation algorithms |
| CN106031097A (en) * | 2015-01-14 | 2016-10-12 | 华为技术有限公司 | Service processing method and device |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100561909C (en) | 2009-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100369430C (en) | A protection method for access security of IP multimedia subsystem | |
| US9537837B2 (en) | Method for ensuring media stream security in IP multimedia sub-system | |
| CN100571134C (en) | The method of authenticated user terminal in IP Multimedia System | |
| EP1946479B1 (en) | Communication securiy | |
| CN101635823B (en) | Method and system of terminal for encrypting videoconference data | |
| CN104683304B (en) | A kind of processing method of secure traffic, equipment and system | |
| CN101030854B (en) | Method and apparatus for inter-verifying network between multi-medium sub-systems | |
| CN100561909C (en) | A kind of IP Multimedia System access security guard method based on TLS | |
| WO2015180654A1 (en) | Method and apparatus for achieving secret communications | |
| CN101330504B (en) | Method for implementing transport layer safety of SIP network based on sharing cryptographic key | |
| EP2506615B1 (en) | Authentication system, method and device | |
| WO2009141919A1 (en) | Ims user equipment, control method thereof, host device, and control method thereof | |
| CN1658547B (en) | Crytographic keys distribution method | |
| CN1801697A (en) | Method for arranging key in IP multimedia service subsystem network | |
| EP2011299B1 (en) | Method and apparatuses for securing communications between a user terminal and a sip proxy using ipsec security association | |
| CN100544247C (en) | The negotiating safety capability method | |
| US20100095361A1 (en) | Signaling security for IP multimedia services | |
| Gu et al. | A green and secure authentication for the 4th generation mobile network | |
| Chen et al. | An efficient end-to-end security mechanism for IP multimedia subsystem | |
| US11218515B2 (en) | Media protection within the core network of an IMS network | |
| KR20110043371A (en) | Attack detection method and system with secure sip protocol | |
| Belmekki et al. | Enhances security for IMS client | |
| Gu et al. | Improved one-pass IP Multimedia Subsystem authentication for UMTS | |
| Maachaoui et al. | Model-based security analysis for IMS network | |
| Sher et al. | Development of IMS privacy & security management framework for Fokus open IMS testbed |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |