Abstract-The IP multimedia subsystem (IMS) is a Next Generation Network (NGN) that integrates wireless, wireline and internet technologies. IMS enables the convergence of voice, data, and multimedia services such as Voice over IP (VoIP), Video over IP, push-to-talk, presence or instant messaging services. IMS is almost independent of the access technology and uses a number of protocols such as HTTP and SMTP while the most important one is called SIP or session Initiation Protocol. At parallel this open based emerging technology has security challenges from multiple communication protocols like IP, SIP and RTP etc. Because of the nature of the IMS (IP based), these networks will inherit most of the security threats that these protocols are currently facing. In this paper we have presented a security model to protect IMS resources from different attacks like session teardown attack, session modification attack and media flow attack. Also authorization module is proposed to protect IMS resources against unauthorized access. All of these affect the IMS value added services.
Keywords: Next Generation Networks, IP Multimedia Subsystem, IMS Security, Security threats, Intrusion Detection & Prevention System, Authorization
I. INTRODUCTION
The IP Multimedia Subsystem (IMS) provides a powerful framework for the deployment of Next Generation Networks (NGN). The IP Multimedia Subsystem standardized by the 3rd generation partnership project (3GPP) and 3GPP2 [1] is a technology that merges both the cellular and internet technologies. IMS is a packet switched and IP based network which provides the users to receive a wide range of multimedia services such as audio, video and data over a single IP network. As IP based networks have open an...
... middle of paper ...
...04.
[7] D. Geneiatakis, T. Dagiuklas, G. Kambourakis, C. Lambbrinoudakis, S. Gritizalis, S. Ehlert, D. Sisalem, “Survey of Security Vulnerabilities in SIP Protocol”, IEEE Communication Surveys Volume 8, No.3 ISBN 1553-877X, pp 68-81 (2006).
[9] V.Gurbani, A.Jeffrey, draft-gurbani-sip-tls-use-00: “The Use of Transport Layer Security (TLS) in the Session Initiation Protocol (SIP)”, February 2006.
[10] 3GPP, “Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) (Release 7), TS 33.220 V7 (2005).
[11] 3GPP, “Generic Authentication Architecture (GAA); Access to Network Application Functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS) (Rel.7)”, TS 33.222 V7 (2005).
[12] S. Bellovin, J. Ioannidis, A. Keromytis, R. Stewart,“On the Use of Stream Control Transmission Protocol (SCTP) with IPSec”, RFC 3554 (2003).
Authentication Header (AH) and Encapsulating Security Payload (ESP) are a part of the IPSec components, they are network layer protocols allowing secured communications through a VPN tunnel. Within a firewall to enable communication for AH one will use protocol 50 and for ESP protocol 51 (Frankel, Hoffman, Orebaugh & Park, 2008), both protocols 50 and 51 can be enable within the same end-to-end IPSec connection which is the Tunnel Mode connected by two gateways. Nonetheless, for Transport Mode, there are some restrictions in the order in which they appear. While AH supports connectionless integrity and authentication of the packets, ESP provides data origin authentication and confidentiality through the use of encryption, both AH and ESP provide
IPSec – Internet Protocol Security (IPsec) - is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
Giammarco, Erica. "U of S Central Authentication Service (CAS)." U of S Central Authentication Service (CAS). N.p., Jan. 2013. Web. 20 Nov. 2013. http://www.sciencedirect.com.cyber.usask.ca/science/article/pii/S0191886912003650?np=y
Sabu M. Thampi, Pradeep K. Atrey, Chun I. Fan, Gregorio Martinez Perez (Eds.), Security in Computing and Communications: International Symposium, SSCC 2013, Mysore, India, August 22-24, 2013. Proceedings (Communications in Computer and Information Science) (p. 418). New York, NY: Springer Publishing.
Diffie, Whitfield. (2008). Information Security: 50 Years Behind, 50 Years Ahead. Communications of the ACM. 51(1), 55-57.
In 1980, James Anderson’s paper, Computer Security Threat Monitoring and Surveillance, bore the notion of intrusion detection. Through government funding and serious corporate interest allowed for intrusion detection systems(IDS) to develope into their current state. So what exactly is IDS? An IDS is used to detect malicious network traffic and computer usage through attack signatures. The IDS watches for attacks not only from incoming internet traffic but also for attacks that originate in the system. When a potential attack is detected the IDS logs the information and sends an alert to the console. How the alert is detected and handled at is dependent on the type of IDS in place. Through this paper we will discuss the different types of IDS and how they detect and handle the alerts, the difference between a passive and a reactive system and some general IDS intrusion invasion techniques.
Sending data through the internet efficiently has always posed many problems. The two major technologies used, Ethernet and Asynchronous Transfer Mode (ATM), have done an admirable job of porting data, voice and video from one point to another. However, they both fall short in differing areas; neither has been able to present the "complete" package to become the single, dominant player in the internet market. They both have dominant areas they cover. Ethernet has dominated the LAN side, while ATM covers the WAN (backbone). This paper will compare the two technologies and determine which has a hand-up in the data trafficking world.
Analysis of the Environment of the Mobile Network System Executive Summary 3 Glossary of Abbreviations 4 Introduction 5 Recent History
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
It has been demonstrated that a number of interoperable systems must be implemented to fully protect a network; a strategy known as Defense in Depth. Due to the multitude of security devices and device categories available, it can be very difficult to identify the correct tools for meeting security goals. Using the Defense in Depth strategy will require an understanding of the interactions between devices occuring within the network.
ABSTRACT : This paper describes the basic threats to the network security and the basic issues of interest in designing a secure network. it describes the important aspects of network security. A secure network is one which is free of unauthorized entries and hackers. INTRODUCTION
This paper is going to discuss wireless security from a broad view where I will go into why exactly wireless security is so important especially today as the ways in which we are communicating is changing dramatically. From there I will discuss the multiple wireless securities that are available to give a better understanding of the options given. Then I will go into why exactly not protecting your wireless can be so dangerous with some descriptions on the most dangerous wireless attacks out there today. Finally I will then discuss how we can better prepare for these types of attacks with a synopsis on several effective security methods that will help to ensure data is securely passed and kept hidden.
Implement a system Intrusion Detection/Prevention System (IDS/IPS): - Make the investment in an IDS/IPS to distinguish and prevent potential system dangers. sensors ought to be circulated all through the system, with a specific focus on general society untrusted section. Take alerts very seriously.
Melford, RJ 1993, 'Network security ', The Internal Auditor, vol. 50, no. 1, p. 18.
Symantec 2013, Secure Sockets Layer (SSL): How It Works, Symantec, viewed 15 May 2013, .