Authentication in NGN networks ´ Mar´ın Lopez ´ Andres [email protected]

Invited talk by ISG Telematics Engineering Department Polytechnical University of Catalunya July 2009

Authentication in NGN networks – p. 1

Index Introduction to IMS and NGN IMS entities IMS Registration UMTS AKA UMTS AKA Weaknesses Proposals Conclusions

Authentication in NGN networks – p. 2

Introduction The two main specification bodies of the 3G world defined the All-IP Core Multimedia Telecommunication architecture. IP Multimedia Subsystem (IMS) merges cellular networks and the Internet to host new application servers using different technologies: OSA/Parlay, Parlay X, SIP CGI, SIG CPL, SIP Servlet, etc. IMS is a subsystem of the packet swiched domain and dissociated from network access. IMS facilitates fixed-mobile convergence. IP Multimedia Subsytem (IMS) separates signalling and transport Based on IETF protocols like SIP (for call and session control) and Diameter (AAA and profile exchange).

Authentication in NGN networks – p. 3

3GPP and 3GPP2 3GPP started by 1998 is currently composed of the following partners: ARIB (Japan) CCSA (China) ETSI (Europe) ATIS (United States) TTA (Korea) TTC (Japan) 3GPP2 includes also: CDMA Development Group, IPv6 Forum, MobileIgnite, Femto Forum.

Authentication in NGN networks – p. 4

Beginning of IMS IMS specification began in 3GPP Release 5 IMS where part of the core network evolution from circuit-switching to packet-switching Refined by subsequent Releases 6,7,8, and 9. Originally designed to evolve UMTS networks to deliver Internet Protocol multimedia to mobile users. All-IP system designed to assist mobile operators deliver next generation interactive and interoperable services, cost-effectively, over an architecture providing the flexibility of the Internet. IMS has become the core component within 3G, cable TV and next generation networks. The IM subsystem comprises all Core Networks (CN) elements for provision of IP multimedia services comprising audio, video, text, chat, etc.

Authentication in NGN networks – p. 5

IP Multimedia Overview [1]

Authentication in NGN networks – p. 6

TISPAN IMS Functional Architecture [1] ETSI standardization body for NGN (2003) Telecommunications and Internet converged Services and Protocols for Advanced Networking Initially harmonizing the IMS core for wired(-less). NGN Release 1 (Dec. 2005) adopted 3GPP IMS, adding functionality to handle non-SIP applications. In early 2008, IMS specs were transferred back to 3GPP for providing a Common IMS NGN Release 2 (2008): added IPTV, Home Networks, interconnect with Corporate Networks. TISPAN IPTV: access independent, multi-service combining features from triple/quadruple-play offers. Working on Rel 3: IPTV enhancements, IP network interconnection, NGN security enhancements, and QoS with overload control.

Authentication in NGN networks – p. 7

TISPAN IMS Overview (Rel. 7) The 3GPP TISPAN NGN

Authentication in NGN networks – p. 8

IMS entities Call Session Control functions (CSCF): P-CSCF, I-CSCF, S-CSCF Home Subscriber Server (HSS) Media Gateway Control Function (MGCF), Multimedia Resource Function Controller (MRFC) Application Server (AS) Breakout Gateway Control Function (BGCF)

Authentication in NGN networks – p. 9

Proxy (P-CSCF) First contact point within IMS: User Equipment (UE) messages go through it, UE only accepts requests and responses sourced at it. Discover I-CSCF by examining home domain name Forward SIP requests (REGISTER to UE’s home domain I-CSCF, others to S-CSCF) and responses (back to UE). Security gateway for IMS signalling (Gm interface, IPsec). Checks and enforce signalling policies (service routes, dialog routes). Others: authorize bearer resources and QoS management, emergency calls, monitoring, header compression.

Authentication in NGN networks – p. 10

Interrogating (I-CSCF) Entry point in home domain (both for local and roaming subscribers). Functions: assign (and forward) S-CSCF during SIP registration; obtain (HSS) S-CSCF address and route SIP requests: HSS provides required capabilites, operator preferences HSS stores session signalling transport parameters (CSCF IP and port, transport, etc.) Topology hiding (ciphering S-CSCF addresses); generate Charging Data Records (CDRs) Requests terminated in a foreign network are forwarded to Interconnection Border Control Function (BGCF Rel 5).

Authentication in NGN networks – p. 11

Serving (S-CSCF) Handles users session states User registration collaborating with HSS authentication store contact locations and user subscription information (and updates) resolve public identities into contact addresses add routes as indicated in path headers retrieve user profile from HSS, SIP proxy server/user agent Others: provide endpoints with service events, locate I-CSCF (other operator) and forward SIP requests (also to BGCF for call routing), generation of CDRS

Authentication in NGN networks – p. 12

Home Subscriber Server (HSS) Mappings (1-1) IMS subscription-Private user identity (IMPI), (1-n) IMPI-Public user identities (IMPU). Central database of IMS core: Contains subscription related information Defines and maintains IMS Service Profiles. User identification, numbering and addressing Supports other entities in handling sessions: User security information: authentication vectors Indicates I-CSCF if user is allowed to register in a given P-CSCF Helps in S-CSCF selection Provides S-CSCF with service profiles Stores location information and inter-system location information

Authentication in NGN networks – p. 13

HSS Functions

Authentication in NGN networks – p. 14

MGCF Media Gateway Control Function Controls a media gateway functional entity (MG-FE) allocation and deallocation of resources of the media gateway modification of resources usage Communicates with the CSCF, BGCF, and circuit switched networks Protocol conversion ISUP-SIP Determine next hop for incoming calls from legacy networks Routing transit traffic

Authentication in NGN networks – p. 15

MRFC Multimedia Resource Function Controller Provides resources within the core network for supporting services In conjunction with a Multimedia Resource Processor-Functional Entity Interprets information coming from AS-FE via an S-CSCF and controls MRP-FE Multiway conference bridges Announcement playback Video transcoding

Authentication in NGN networks – p. 16

BGCF Breakout gateway control function Determines the MGCF a call should go through to reach the local PSTN If the call goes to another domain, it should select the BGCF of that domain Selects MGCF within that network Selects peer BGCF

Authentication in NGN networks – p. 17

IMS registration UE

P−CSCF

I−CSCF

HSS

S−CSCF

SM1:Register SM2:Register Cx−Selection−Info SM3: Register Cx−Put CM1: AV−Req CM2: AV−Req−Resp SM5: 4xx Auth_challenge

SM4: 4xx Auth_challenge

SM6: 4xx Auth_challenge

SM7: Register

SM8: Register Cx−Query SM9: Register Cx−Put Cx−Pull

SM11: 2xx Auth_ok

SM10: 2xx Auth_ok

SM12: 2xx Auth_ok Authentication in NGN networks – p. 18

Information stored in registration

Authentication in NGN networks – p. 19

Calling another user Providing identity to other party

Authentication in NGN networks – p. 20

Calling another user II Blocking identity to other party

Authentication in NGN networks – p. 21

IMS Security Architecture

Authentication in NGN networks – p. 22

Security Mechanisms Network access: User identity confidentiality, entity authentication, confidentiality, integrity, Mobile equipment identification Network domain: fraud information gathering User domain: User-USIM, USIM-Terminal Application: USIM Application Toolkit

Authentication in NGN networks – p. 23

IMS registration UE

P−CSCF

I−CSCF

HSS

S−CSCF

Register(IMPI, IMPU) Register Register Cx−AV−Req (IMPI, m) Cx−AV−Req−Resp (IMPI, ...,RANDi||AUTNi||XRESi||CKi||IKi...) 4xx Auth_challenge 4xx Auth_challenge 4xx Auth_challenge (IMPI, RAND, AUTN)

Register (IMPI,RES)

(IMPI, ...,RANDi||AUTNi||XRESi||CKi||IKi...) (IMPI, ...,RANDi||AUTNi||XRESi||CKi||IKi...)

Register (if RES=XRES)

Register

2xx Auth_ok

2xx Auth_ok

2xx Auth_ok

Authentication in NGN networks – p. 24

IMS UMTS AKA IMS Authentication and Key Agreement provides mutual authentication Home Network and user share a long-term key (128 bit) associated with IMPI HN uses RAND (128 bit) to avoid replays Security parameters are transported by SIP The Authentication Vectors (AVs) are generated by AuC (HSS) AVs include RAND, XRES, CK, IK, and AUTN AVs cannot be reused UE and P-CSCF setup 2 security associations (SAs) using CK (128 bit), IK (128 bit) If ME registers another IMPU, no extra SAs All SIP messages will be integrity protected

Authentication in NGN networks – p. 25

Authentication Vectors Value

Computation

MAC XRES CK IK AK AUTN

At Home Network f 1K (SQN||RAND||AMF) f 2K (RAND) f 3K (RAND) f 4K (RAND) f 5K (RAND) SQN ⊕ AK||AMF||MAC)

At User Equipment AK-S f 5 ∗K (RAND) MAC-S f 1 ∗K (SQNMS ||RAND||AMF) AUTS SQN ⊕ AK − S||MAC − S)

Description Message authenticated code Expected response Cipher key Integrity key Anonymity key Authentication token

Anonymity key AMF set to zeros Sync failure Authentication in NGN networks – p. 26

Registration failures The UE sends back authentication reject with a cause of failure if RES6=XRES, or if the received SQN is out of range UE computes and sends back AUTS if AUTS correct, the HN will set its SQN to the UE and generate new AVs HN not automatically de-register IMPU due to registration failure: operator policies explicit de-registry mechanisms registration initiated by HN Authentication in NGN networks – p. 27

UMTS AKA Weaknesses Sequence numbers per user kept at HSS, complex synchronization process AV generation at HSS becomes a bottleneck Attacks (see [4]) redirection and attacks in corrupted networks UE uses a false base radio station, the adversary can intercept and impersonate both the mobile user and the serving network. User traffic redirected to unintended network. If a network is corrupted, the adversary can: forge the authentication data request to obtain authentication vectors force the SQN to high value by flooding authetication data to HN, and attack all legitimate users

Authentication in NGN networks – p. 28

Improvements to UMTS AKA In [4] UE keeps list of unused AVs indexes verify if AV is unsused verify if AV comes from serving network [5]

propose AKA based on vector combination of AVs (RAND1 , XRES1 ), (RAND2 , XRES2 ), ... (RAND1 ⊕ RAND2 , XRES1 ⊕ XRES2 ) Up to 2n − 1 combinations Both the UE and the Network entities keep track of used combinations Two protocols proposed: for distribution and establishment of AVs for selecting combination of AVs for AKA Authentication in NGN networks – p. 29

Other approaches In [6] we propose to cryptographically bind IMS registration to access network (AN) registration Reduce registration time General authentication framework for upcoming technologies Fulfill 3GPP requirements Backwards compatibility

Authentication in NGN networks – p. 30

Authentication Scenarios

Authentication in NGN networks – p. 31

Scenario 1 ME opens a tunnel with NAS using EAP-TLS over L2 (or PANA) ME provides HN id to NAS NAS and ME extract key material from tunnel (TLS exporter) PN and PI using PRF master key with two texts ME sends signed SIP Register including PN NAS sends PN and PI to HSS using Diameter HSS verifies ME checking signature, and PN relates AN to IMS HSS derives IPSec keys: ′ = PRF(C |P ), I ′ = PRF(I |P ) CK K I K I K

HSS can explicitly authenticate ME (signature) NAS can implicitly authenticate ME ME can implicitly authenticate NAS Asumption: user can register public key at HSS In scenario 2 the EAP-TLS tunnel is opened directly with HSS

Authentication in NGN networks – p. 32

Authentication Scenarios

Authentication in NGN networks – p. 33

Conclusions Technology is evolving fast! 2G, 2.5G, 3G, IMS, NGN, LTE, . . . Standards evolve much faster! Competition among standardization bodies? Do telcos fear Internet and its actors? Manufacturers and users are much slower Backwards compatibility is a necessity Need for designs thinking on the user and user requirements That is our main goal under crypto binding AN access and IMS access

Authentication in NGN networks – p. 34

References 3GPP TS 23.002: Technical Specification Group Services and Systems Aspects; Network architecture

[1]

3GPP TS 23.002: Technical Specification Group Services and Systems Aspects; Functional Architecture

[2]

3GPP TS 33.102: Technical Specification Group Services and Systems Aspects; 3G Security; Security Architecture

[3]

M. Zhang and Y. Fang, “Security Analysis and enhancements of 3GPP authentication and key agreement protocol”, IEEE Trans. on Wireless Comm., vol. 4, no 2, pp. 734-742, Mar. 2005.

[4]

Yaohui Lei, Samuel Pierre, and Alejandro Quintero, “Enhancing UMTS AKA with Vector Combination”, Ubiquitous Comp. and Comm. Journal, vol. 3, no 2, pp. 602-610, apr. 2008.

[5]

Daniel Díaz, Davide Proserpio, Andrés Marín, Florina Almenárez, and Peter Weik, “A General IMS registration protocol for wireless network interworking”, accepted at 2nd. IFIP Wireless and Mobile Networking Conference, sep. 2009, Gdansk, Poland.

[6]

Authentication in NGN networks – p. 35

Authentication in NGN networks

servers using different technologies: OSA/Parlay,. Parlay X, SIP CGI, ... IMS has become the core component within 3G, cable TV and next generation networks.

446KB Sizes 6 Downloads 247 Views

Recommend Documents

Fingerprint Authentication in Action - GitHub
My name is Ben Oberkfell, I'm an Android developer at American Express on the US ... developer.android.com/resources/dashboard/screens.html ... Page 10 ...

Coercion Resistance in Authentication Responsibility ...
with two laptop computers for Alice and Harry to use. Al- though Harry was .... The system is trained with 10 out of 26 SC samples (ran- domly chosen with a ...

Volume mount authentication
Aug 20, 2010 - steps; and. FIG. 10 is a ?oW-chart vieW of the metadata extraction steps. ..... may be found that computing device 3, say a laptop computer,.

NGN 2015 Conference & AGM pack.pdf
09.00 Arrival and Registration. Refreshments available. 09.30 Welcome – Jon Platten, Principal Open Academy & Alex Robinson, Chair NGN. 09.40 Making a difference. Michael Rosen, Executive Director of Children's Services, Norfolk County Council. Gor

Introduction to the ITU-T NGN Focus.pdf
Introduction to the ITU-T NGN Focus.pdf. Introduction to the ITU-T NGN Focus.pdf. Open. Extract. Open with. Sign In. Main menu.

Volume mount authentication
Aug 20, 2010 - Load Trustworthy Factor Calculator 9. $300. 1. Calculate .... employeeA, who steps away from a physically secured laptop computer. Visitor B is ...

Bi-Modal Authentication in Mobile Environments ...
Bi-Modal Authentication in Mobile Environments Using Session Variability Modelling, Motlicek et al., ICPR'2012 ... Web / social media (facebook, twitter, etc.).

Dynamic Authentication for Efficient Data Storage in HMS
other proceedings present in distributed computing operations. SAAS(Software As a Service), PAAS(Platform As a. Service), and Infrastructure As a Service are three basic services of the cloud computing for storage data, processing data and maintains

Keyless Authentication in a Noisy Model
a signing key of a digital signature (e.g., [29]), she can sign a source state such that anyone can verify its authenticity. If. Alice shares a secret with Bob, she can ...

FACT: A Framework for Authentication in Cloud-based ...
to deploy traceback services on their networks. ... services in their networks at the same time [7]. ... classified into three categories: 1) end-host centric marking,.

New Developments in Voice Biometrics for User Authentication ...
New Developments in Voice Biometrics for User Authentication Interspeech 2011.pdf. New Developments in Voice Biometrics for User Authentication ...

Firebase Authentication for Fabulous
Platforms. Android. iOS. Features Used. • Firebase Authentication Database. • Firebase UI. • Support for Email / Password ,. Google Sign-in and Facebook Login.

Plan 9 Authentication in Linux - Research at Google
Applications simply call the functions de- fined in the module ... file system calls (read, write etc.) ... work service which is similar to the Key Distribution Center.

Bi-Modal Authentication in Mobile Environments Using ...
Contacts. Pictures. E-mails. Web / social media (facebook, twitter, etc.) .... 25ms frames. 10ms overlap. 24-band filter bank. -> 20 coefs. Feature Vectors. (+energy).

Aadhaar Card Authentication Using Biometrics In Cloud Computing
The existing system of credit card allows the user to do the transaction but .... The Cloud Computing” is based on the security issues related to data access and data ... application focuses on the aadhaar card authentication. ... do pre-processing

Firebase Authentication for Rave
Challenges. Rave is available on iOS, Android, and is currently being developed for VR. It required a platform agnostic login system that would handle.

NGN Provisioning QoS for an MPLS Core.pdf
NGN Provisioning QoS for an MPLS Core.pdf. NGN Provisioning QoS for an MPLS Core.pdf. Open. Extract. Open with. Sign In. Main menu.

Networks in Conflict
Jan 6, 2015 - which is the source of identification in our model – must be rare. .... heterogeneity (e.g., military power) in Section 2.6 below. ...... alternative measures of fighting effort by restricting the count to the more conspicuous events 

IP Address Sharing in Large Scale Networks: DNS64 ... - F5 Networks
1 . Configuring the BIG-IP LTM for the private IPv4 network . .... used by most enterprises, some small service providers and mobile operators. The same private ...

Networks in Finance - Semantic Scholar
Mar 10, 2008 - two questions arise: how resilient financial networks are to ... which the various patterns of connections can be described and analyzed in a meaningful ... literature in finance that uses network theory and suggests a number of areas

adversaries in networks
Byzantium on the shores of the Bosphorus Strait connecting the ..... alternative strategy known as the watchdog, studied for wireless network coding in [33], is ..... which we argue has some advantages as compared with the traditional model.