IP Multimedia Subsystem - Security Aspects of Early IMS and Non-3GPP Systems

Security Aspects of Early IMS and Non-3GPP Systems

It is envisaged that security defined in TS 33.203 may not be available for a while especially because of the lack of USIM/ISIM interfaces and prevalence of devices that support IPv4. For this situation, to provide some protection against the most significant threats, 3GPP defines some security mechanisms, which are informally known as "early IMS security," in TR33.978. This mechanism relies on the authentication performed during the network attachment procedures, which binds between the user's profile and its IP address. This mechanism is also weak because the signaling is not protected on the User–network interface.

CableLabs in PacketCable 2.0, which adopted also the IMS architecture but has no USIM/ISIM capabilities in their terminals, published deltas to the 3GPP specifications where the Digest-MD5 is a valid authentication option. Later on, TISPAN also did a similar effort given their Fixed Networks scopes, although the procedures are different. To compensate for the lack of IPsec capabilities, TLS has been added as an option for securing the Gm interface. Later 3GPP Releases have included the Digest-MD5 method, towards a Common-IMS platform, yet in its own and again different approach. Although all 3 variants of Digest-MD5 authentication have the same functionality and are the same from the IMS terminal's perspective, the implementations on the Cx interface between the S-CSCF and the HSS are different.