a new proposal for bundled access to ims etsi tispan 7
Download
Skip this Video
Download Presentation
A new proposal for bundled access to IMS ETSI TISPAN#7

Loading in 2 Seconds...

play fullscreen
1 / 10

A new proposal for bundled access to IMS ETSI TISPAN#7 - PowerPoint PPT Presentation


  • 103 Views
  • Uploaded on

A new proposal for bundled access to IMS ETSI TISPAN#7. Sébastien Garcin (France Telecom R&D). IMS access considerations for fixed IMS (1/2). IPsec protection of SIP signalling shall not be mandatory for all fixed IMS scenarios IPsec need not be used in case of bundled authentication

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'A new proposal for bundled access to IMS ETSI TISPAN#7' - weston


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a new proposal for bundled access to ims etsi tispan 7

A new proposal for bundled access to IMSETSI TISPAN#7

Sébastien Garcin (France Telecom R&D)

ims access considerations for fixed ims 1 2
IMS access considerations for fixed IMS (1/2)
  • IPsec protection of SIP signalling shall not be mandatory for all fixed IMS scenarios
  • IPsec need not be used in case of bundled authentication
  • Non ISIM-based SIP end points need to be supported (e.g. AGCF in case of IMS-based PES)
  • P-CSCFs behavior should be unchanged for mobiles
ims access considerations for fixed ims 2 2
IMS access considerations for fixed IMS (2/2)
  • P-CSCFs need to able to distinguish between
    • Fixed UEs where IPsec is required
    • Fixed UEs where IPsec is not required
  • Possible solutions
    • IPsec-usage indication is stored in the CLF and provided to the P-CSCF at Location-Query phase
    • P-CSCF uses specific IP address/port with differentiated behavior regarding IPsec
    • P-CSCF uses different physical interfaces to discriminate the type behavior
successful bundled authentication
Successful bundled authentication

UE

CLF

P-CSCF

I-CSCF

S-CSCF

UPSF

Network attachement & NASS Authentication

REGISTER

Authorization=IMPI

From: IMPU

To: IMPU

Location-ReqIP @

AF identity

Location-ResLocation-info

IPsec required? No

REGISTERAuthorization=IMPI

From: IMPU

To: IMPU

P-Acc-Net-info=Locinfo

REGISTERAuthorization=IMPI

From: IMPU

To: IMPU

P-Acc-Net-info=Loc-info

MAR

IMPI

IMPU

Location-InfoAuth-sch= Digest-AKA--MD5

Check User Profil

-> Result=Yes

MAAIMPI

IMPU

DIAMETER_SUCCESS_BUNDLE

200 OK

From: IMPU

To: IMPU

200 OK

From: IMPU

To: IMPU

200 OK

From: IMPU

To: IMPU

UE registered

ims access with ipsec required
IMS access with IPsec required

UE

CLF

P-CSCF

I-CSCF

S-CSCF

UPSF

Network attachement & NASS Authentication

REGISTER

Authorization=IMPI

From: IMPU

To: IMPU

Location-ReqIP @

AF identity

Location-ResLocation-info

IPsec required? Yes

421 Extension Required

Or

494 Security Agreement Required

solution description 1 2
Solution description (1/2)
  • UE may or may not provide Sec-client header
  • P-CSCF determines whether IPsec is required
    • If not, P-CSCF does not check the presence or contents of the Sec-client header in the REGISTER
    • If yes, current P-CSCF behavious applies
      • P-CSCF returns 421 Extension required if Sec-client is not there
      • P-CSCF
  • S-CSCF launches Cx authentication procedures
    • Content of P-Access-network-Info is sent over Cx
    • Authentication-scheme unchanged
solution description 2 2
Solution description (2/2)
  • UPSF checks the reference location of the IMS subscriber against the current location
  • Based on IMS subscription rights, the UPSF allows bundled authentication to IMS
    • Subscriber may not at all be allowed bundled-auth
    • Subscriber may be allowed depending on current location
  • A new DIAMETER Result-code is added to notify the S-CSCF that bundled access to IMS is granted
  • P-CSCF forwards 200 OK to the UE (no SA set-up)
ims access without bundled authentication
IMS access without bundled authentication

UE

CLF

P-CSCF

I-CSCF

S-CSCF

UPSF

Network attachement & NASS Authentication

REGISTER

Authorizarion=IMPI

From: IMPU

To: IMPU

Sec-client:…

Location-Req

Location-Res

REGISTERAuthorizarion=IMPI

From: IMPU

To: IMPU

P-Acc-Net-info=Locinfo

REGISTERAuthorization=IMPI

From: IMPU

To: IMPU

P-Acc-Net-info=Loc-info

MAR

IMPI

IMPU

Location-InfoAuth-sch= Digest-AKA--MD5

Check User Profil

->Result = No

MAAIMPI

IMPU

Auth-vector

DIAMETER_SUCCESS

401 Unauthorized

www-authenticate:…

From: IMPU

To: IMPU

401 Unauth

www-authenticate:…

From: IMPU

To: IMPU

401 Unauthorized

www-authenticate:…

From: IMPU

To: IMPU

Sec-server…

IPsec tunnel setup

ims based pes registration
IMS-based PES registration

AGCF

I-CSCF

S-CSCF

UPSF

REGISTER

Authorization=IMPI

From: IMPU

To: IMPU

P-Access-Net-info=Location-info

REGISTERAuthorization=IMPI

From: IMPU

To: IMPU

P-Acc-Net-info=Location-info

MAR

IMPI

IMPU

(Location-Info)Auth-sch= Digest-AKA--MD5

Check User Profil

->Result = Yes

200 OK

From: IMPU

To: IMPU

MAAIMPI

IMPU

DIAMETER_SUCCESS_BUNDLE

200 OK

From: IMPU

To: IMPU

Registration complete

impacts on tispan 3gpp documentation
Impacts on TISPAN&3GPP documentation
  • Changes to TS.24.229
    • UE Option to support and use RFC3329 and associated procedures
    • P-CSCF verification (IPsec to be enforced or not)
    • S-CSCF (editorial)
  • TS.29.228 (Cx signalling flows and message contents)
    • Contents of MAR/MAA message to be updated
    • Signalling flows to be completed
  • TS.29.229 (Cx protocol details)
    • New vendor specific AVP for Location-info
    • New Exp-Result-Code value for bundled access indication
  • TS.33.203 (Access Security)
    • IPsec requirements need to be updated
  • e2/e4 profil update for IPsec indication ?
ad