8. Service Network:
(Figure 3) According to 3GPP, IP multimedia subsystem (IMS) is a way of delivering multimedia (voice, video, data etc.) regardless of the access type, service provider or the user device used in LTE architecture [19]. Security management in IMS is particularly important as it has implications to QoS, charging, billing and enabling of applications.
Key Security threats/risks:
- Unauthorised access
- Service abuse attacks, Theft of service
- Network snoop, session hijacking
Unauthorised access: The open and distributed architecture of IMS creates a multitude of distribution points that must be secured. IP peering between service providers with diverse service offering and varying security standards are often in semi-trusted zones that can make the IMS core vulnerable. Large volumes of multimedia traffic need reliable protection mechanisms from attacks from the internet across multiple technological ecosystems.
Service abuse attacks, theft of service: Service abuse and theft of service represent compromised subscriber service and loss of revenues to the MNO. Service abuse is achieved by the subscriber gaining more privilege to services than those allocated to the user. An attacker can access the IMS with a compromised UE. One of the ways theft of service is achieved is by the UE not releasing the established media stream between a UE and IMS core after a Bye request has been sent to a call session control function (CSCF). This leads the CSCF to stop accounting for the session while the user or attacker continues to stay connected to the media stream [20].
Network snoop breaches confidentiality where the attacker intercepts information flow between two users in a SIP session. Without network protection, attackers can use tools like Wireshark to capture SIP signalling [20]. Session hijacking involves the attacker inserting malicious packets, substituting traffic and breaching integrity, impacting QoS and service.
Preventative measures:
- Border Security
- Enable security protocols
- Strong authentication
- Implement Security Gateways
Border security: The IMS needs to have network to network border security to protect from unauthorised access via other networks. Roaming subscribers will access the IMS via the internet and this untrusted entry point, needs to be particularly protected. MNOs must secure and control their network borders and invest in security infrastructure such as firewalls, packet filtering, address translation, VPN and encryption capabilities between peering networks.
Strong authentication: MNOs should implementation strong authentication between the UE and IMS networks, as well use security gateways (SEG) to ensure confidentiality of data between client and IMS network. The networks must be configured such that the UE is routed to the correct SEG before connecting to the IMS network and ensure IPSec is enabled from the UE for transmission through the internet to the IMS. [21] IPSec provides confidentiality, integrity, data origin authentication and protection against replay.
Enable security protocols: Security protocols offer protection at various layers such as secure socket layer (SSL)/Transport layer security (TLS) and datagram TLS (DTLS) [20]. Network snoop can be prevented by encryption of SIP signalling. The MNO must design networks to allow stable operations with security protocols enabled. These protocols allow for secure connections and transmission of data between the UE and the IMS service.
Security Gateways: Since the premise of IMS is to create a single platform across multiple providers, security management goes beyond just traditional firewalls and routers, as multiple sessions are active, requiring various levels of QoS, policy enforcement, authentication and encryption. It is recommended that MNOs invest in scalable security infrastructure and security gateways to manage the complexity.