Escolar Documentos
Profissional Documentos
Cultura Documentos
IMS
Rajkiran Velluri
Rahul Allawadhi
Rahul Parey
Santosh Kandukuri
History of IMS
IMS first appeared in release 5 of the evolution from 2G to 3G networks
for W-CDMA networks (UMTS), when SIP-based multimedia domain was
added to NGN networks. Support for older GSM and GPRS networks is
also provided.
In 3GPP release 6, interworking with WLAN was added.
3GPP release 7 adds support for fixed networks, together with TISPAN
which allowed adopted a more generalized model able to address a
wider variety of network and service requirements. This overall
architecture is based upon the concept of cooperating subsystems
sharing common components. This subsystem-oriented architecture
enables the addition of new subsystems over the time to cover new
demands and service classes. .
"Early IMS" was defined for IPv4 networks, and provides a migration
path to IPv6
Cellular Networks
1G
- Used analog transmission and provided only circuit switched
voice telephony
2G
- Fully digital. Offered both voice & CS data services
2.5G
- Addition of Packet Switched Data services to 2G Networks.
3G
- Provide (or try to) all services over PS (including voice telephony)
IP Multimedia Subsystem (IMS)
The IP Multimedia subsystem standard defines a generic
architecture for offering VoIP and multimedia services.
Internationally recognized standard first specified by the
3GPP ( 3rd generation Partnership Project)
Supports multiple access types: GSM, WCDMA,
CDMA2000, Wireline broadband access and WLAN.
Established with the aim of allowing UMTS network to
provide all of its services over IP on an end-to-end basis.
Concept of the IP Multimedia Subsystem (IMS)
The aim of IMS is not only to provide new services but to provide all the
services, current and future, that the Internet provides. In addition, users
have to be able to execute all their services when roaming as well as
from their home networks. To achieve these goals the IMS uses open
standard IP protocols, defined by the IETF.
Concept of the IP Multimedia Subsystem (IMS)
So, a multi-media session between 2 IMS users,
between an IMS user and a user on the Internet,
and between 2 users on the Internet is established
using exactly the same protocol. Moreover, the
interfaces for service developers are also based in
IP protocols. This is why the IMS truly merges the
Internet with the cellular world; it uses cellular
technologies to provide ubiquitous access and
Internet technologies to provide appealing services.
IMS concept
The IMS concept was introduced to address the following network and user
requirements:
Source: Alcatel
IMS Standards
3GPP and 3GPP2 - 3rd Generation Partnership Project
3rd Generation Partnership Project 2
Have both defined the IP Multimedia Subsystem (IMS)
The harmonization effort has kept the definitions as similar as possible.
Access Network
The user can connect to an IMS network using various methods, all
of which are using the standard Internet Protocol (IP).
Direct IMS terminals can register directly into an IMS network.
Fixed access, mobile access and wireless access are all supported.
BROADVIEW OF IMS ARCHITECTURE
Access Network
BROADVIEW OF IMS ARCHITECTURE
User Database
The HSS (Home Subscriber Server) is the master user database
that supports the IMS network entities that are actually handling the
calls/sessions.
It contains the subscription-related information, performs
authentication and authorization of the user, and can provide
information about the physical location of user.
A SLF (Subscriber Location Function) is needed when multiple
HSSs are used.
BROADVIEW OF IMS ARCHITECTURE
BROADVIEW OF IMS ARCHITECTURE
Call/Session Control
Several types of SIP servers, collectively known as CSCF, they are
used to process SIP signaling packets in the IMS.
1) P-CSCF (Proxy-CSCF)
2) I-CSCF (Interrogating-CSCF)
3) S-CSCF (Serving-CSCF)
BROADVIEW OF IMS ARCHITECTURE
Call/Session Control
1) A P-CSCF (Proxy-CSCF)
It is a SIP proxy that is the first point of contact for the IMS
terminal.
It can be located either in the visited network or in the home
network.
It has terminal which will discover its P-CSCF with either DHCP,
or it's assigned in the PDP Context (in GPRS).
BROADVIEW OF IMS ARCHITECTURE
Call/Session Control
2) I-CSCF (Interrogating-CSCF)
It is a SIP proxy located at the edge of an administrative domain.
Its IP address is published in the DNS records of the domain, so
that remote servers can find it, and use it as an entry point for all
SIP packets to this domain.
The I-CSCF queries the HSS using the DIAMETER Cx and Dx
interfaces to retrieve the user location, and then route the SIP
request to its assigned S-CSCF.
It can also be used to hide the internal network from the outside
world, in which case it's called a THIG (Topology Hiding Interface
Gateway).
BROADVIEW OF IMS ARCHITECTURE
Call/Session Control
3) S-CSCF (Serving-CSCF)
It is the central node of the signaling plane.
It's a SIP server, but performs session control as well.
It's always located in the home network. The S-CSCF uses
DIAMETER Cx and Dx interfaces to the HSS to download and
upload user profiles.
It has no local storage of the user.
BROADVIEW OF IMS ARCHITECTURE
BROADVIEW OF IMS ARCHITECTURE
Application Servers
Application servers (AS) host and execute services, and interfaces
with the S-CSCF using SIP.
Depending on the actual service, the AS can operated in SIP proxy
mode, SIP US mode or SIP B2BUA mode.
An AS can be located in the home network or in an external third-
party network.
BROADVIEW OF IMS ARCHITECTURE
BROADVIEW OF IMS ARCHITECTURE
Media Servers
A MRF (Media Resource Function) provides a source of media in
the home network.
It's used for Playing of announcements, Multimedia conferencing,
Text-to-speech conversation (TTS) and speech recognition, Real
time transcoding of multimedia data.
Each MRF is further divided into :
1) A MRFC (Media Resource Function Controller) is a signalling
plane node that acts as a SIP User Agent to the S-CSCF, and which
controls the MRFP with a H.248 interface
2) A MRFP (Media Resource Function Processor) is a media plane
node that implements all media-related functions.
BROADVIEW OF IMS ARCHITECTURE
BROADVIEW OF IMS ARCHITECTURE
Breakout Gateway
A BGCF (Breakout Gateway Control Function) is a SIP server that
includes routing functionality based on telephone numbers.
It's only used when calling from the IMS to a phone in a circuit
switched network, such as the PSTN or the PLMN.
BROADVIEW OF IMS ARCHITECTURE
BROADVIEW OF IMS ARCHITECTURE
PSTN Gateways
A PSTN/CS gateway interfaces with PSTN circuit switched (CS)
networks.
A SGW (Signalling Gateway) interfaces with the signalling plane of
the CS. It transforms lower layer protocols as SCTP into MTP, to
pass ISUP from the MGCF to the CS network.
A MGCF (Media Gateway Controller Function) does call control
protocol conversion between SIP and ISUP, and interfaces with the
SGW over SCTP.
A MGW (Media Gateway) interfaces with the media plane of the CS
network, by converting between RTP and PCM.
BROADVIEW OF IMS ARCHITECTURE
Charging
Definitions: Offline charging is applied to users who pay for their
services periodically whereas Online charging is applied to usera
who pay credit-based charging which is used for prepaid services.
Offline Charging : All the SIP network entities involved in the
session use the DIAMETER Rf interface to send accounting
information to a CCF (Charging Collector Function) located in the
same domain. CCF collects all this information, and build a CDR
(Charging Data Record), which is send to the billing system (BS) of
the domain.
Online charging : The S-CSCF talks to a SCF (Session Charging
Function), which looks like a regular SIP application server. The
SCF can signal the S-CSCF to terminate the session when the user
runs out of credits during a session. The AS and MRFC use the
DIAMETER Ro interface towards a ECF (Event Charging Function),
that also communicates with the SCF.
BROADVIEW OF IMS ARCHITECTURE
Advantages:
Advantages over existing systems
The core network is independent of a particular access technology
Integrated mobility for all network applications
Easier migration of applications from fixed to mobile users
Faster deployment of new services based on standardized
architecture
New applications such as presence information, videoconferencing,
Push to talk over cellular (POC), multiparty gaming, community
services and content sharing.
User profiles are stored in a central location
BROADVIEW OF IMS ARCHITECTURE
Advantages:
Advantages over free VoIP
Quality of Service : The network offers no guarantees about the
amount of bandwidth a user gets for a particular connection or about
the delay the packets experience.
Charging of multimedia services : Videoconferences can transfer a
large amount of information. Some business models might be more
beneficial for the user, others might charge extra for better QoS.
Integration of different services : an operator can use services
developed by third parties, combine them, integrate them with
services they already have, and provide the user with a completely
new service.
BROADVIEW OF IMS ARCHITECTURE
Issues
Benefits need to be further articulated in terms of actual savings.
IMS is "operator friendly" which means that it provides the operator
with comprehensive control of content at the expense of the
consumer.
IMS uses the 3GPP variant of SIP, which needs to interoperate with
the IETF SIP.
IMS is an optimization of the network, and investments for such
optimization are questionable.
BROADVIEW OF IMS ARCHITECTURE
Associated Protocols
RFC 1889 Real-time Transport Protocol (RTP)
RFC 2327 Session Description Protocol (SDP)
RFC 2748 Common Open Policy Server protocol (COPS)
RFC 2782 a DNS RR for specifying the location of services (SRV)
RFC 2806 URLs for telephone calls (TEL)
RFC 2915 the naming authority pointer DNS resource record (NAPTR)
RFC 2916 E.164 number and DNS
RFC 3261 Session Initiation Protocol (SIP)
RFC 3262 reliability of provisional responses (PRACK)
RFC 3263 locating SIP servers
RFC 3264 an offer/answer model with the Session Description Protocol
RFC 3310 HTTP Digest Authentication using Authentication and Key Agreement (AKA)
RFC 3311 update method
RFC 3312 integration of resource management and SIP
RFC 3319 DHCPv6 options for SIP servers
RFC 3320 signalling compression (SIGCOMP)
RFC 3323 a privacy mechanism for SIP
RFC 3324 short term requirements for network asserted identity
RFC 3325 private extensions to SIP for asserted identity within trusted networks
RFC 3326 the reason header field
RFC 3327 extension header field for registering non-adjacent contacts (path header)
RFC 3329 security mechanism agreement
RFC 3455 private header extensions for SIP
RFC 3485 SIP and SDP static dictionary for signaling compression
RFC 3574 Transition Scenarios for 3GPP Networks
RFC 3588 DIAMETER base protocol
RFC 3589 DIAMETER command codes for 3GPP release 5 (informational)
RFC 3608 extension header field for service route discovery during registration
RFC 3680 SIP event package for registrations
RFC 3824 using E164 numbers with SIP
Session Initiation Protocol -SIP
SIP is the core protocol for initiating, managing and
terminating sessions in the Internet
These sessions may be text, voice, video or a
combination of these
SIP sessions involve one or more participants and
can use unicast or multicast communication.
Session Initiation Protocol - SIP
Provides call control for multi-media services
initiation, modification, and termination of sessions
terminal-type negotiation and selections
call holding, forwarding, forking, transfer
media type negotiation (also mid-call changes)
using Session Description Protocol (SDP)
Provides personal mobility support
Independent of transport protocols (TCP, UDP, SCTP,)
ASCII format SIP headers
Separation of call signalling and data stream
Application types/examples:
Compression
SIP Compression is mandatory as radio interface is a
scarce resource
Compression / decompression of SIP will be performed by
the UE and the P-CSCF
Authentication & Integrity protection
S-CSCF performs the Authentication using AKA
ACK
REFER
OPTIONS
BYE
CANCEL
REGISTER
SUBSCRIBE
NOTIFY
MESSAGE
SIP Message Types (Contd.)
Redirection
Forwarding
Request failure
Server failure
Global failure
SIP Session Establishment and Call
Termination
SIP Call Redirection
Call Proxying
Instant messaging based on SIP
IPv6
IMS is a main driver of IPv6 deployment
IPv6 Land attack
Cisco IOS IPv6 heap overflow attack
Diameter, SCTP (Cx interface)
Internal CSCF to HSS traffic less
vulnerable, but data is very sensitive
Testing Typologies
2. Conformance Test
1. Functional Testing
check the functional blocks
check the correct handling of compatibility
the system end-to-end
functionalities verifing protocols
and procedures
typically carry out in test plant
End-to-End Methodology
HSS
DNS
Cx Cx
Um RNC
SGSN DHCP
ULTRAN
Iu-PS
UE
End-to-End Methodology
HSS
I-CSCF Cx Terminating
P-CSCF1
Network Um
Um Um
Mw Mw
Originating
Mw
UE1
Network
S-CSCF1 S-CSCF2 P-CSCF2 UE2
Mw Mw
Virus Protection
On most computers or filtered at server.
Firewall for critical computers both TAMU and four
in Physical Plant
SPAM filters - one on campus and one at Physical
Plant.
Intrusion detection Campus and through CERT
(Computer Emergency Response Team at CMU
University http://www.cert.org/)
Security Components
Internet
Web Server
EMAIL
Server
SPAM Filter
PPFS4
Campus
LAN
Tracy
Vaughn
Les
Swick
Bubba
McCartney
AssetWorks
Server
Other Security TIPS
Cx interface based on
Diameter
HSS
P-CSCF
UA REGISTER/INVITE
Visited
SIP-based interfaces SIP proxy servers
PS domain
3GPP Release 5 Security
1. Distribution of
Draft 3GPP TS 33.203 authentication information
S-CSCF
GGSN I-CSCF REGISTER/INVITE
SGSN REGISTER/INVITE
RAN
P-CSCF
UA REGISTER/INVITE
Visited 3. Session key distribution
S-CSCF
GGSN I-CSCF REGISTER/INVITE
SGSN REGISTER/INVITE
RAN
P-CSCF
UA REGISTER/INVITE
Visited Per-hop protection of
signalling using IPsec/IKE
Access Security: Authentication Principles
Cx-Put
Cx-Pull
Access Security: Security Mode Establishment between
UA and P-CSCF
Other specs
TS 23.228 TS 33.203 SIPPING
(e.g. AKA)
(SA2) (SA3) WG
(SA3)
TS 24.228 TS 29.228
(CN1) (CN4)
Protocol detail
Authentication and Key Agreement Protocol (3GPP
AKA)
Session transfer
guidance on security aspects based on GSM call transfer
feature
authorisation and accounting of transferred leg needs to
involve transferring party who has dropped out of session
should there be a limit to the number of transferred sessions?
should final destination be hidden from calling party?
Security aspects of other IP multimedia subsystem
services?
End-to-end security
References