Chapter 12
Security in the IMS
IMS security is divided into access security (specified in 3GPP TS 33.203 [28]) and network security (specified in 3GPP TS 33.210 [29]). Access security (which we describe in Section 12.1) includes authentication of users and the network, and protection of the traffic between the IMS terminal and the network. Network security (which we describe in Section 12.2) deals with traffic protection between network nodes, which may belong to the same or to different operators.
The IMS started originally supporting IPsec for both access and network security (we described IPsec in Section 11.6). Later, support for TLS was added to both access and network (we described TLS in Section 11.3). In addition, HTTP Digest Access Authentication and the HTTP Digest Access Authentication using Authentication and Key Agreement (AKA) are also supported (see Section 11.1). Early deployments of IMS used a simplified customized security solution which leveraged authentication at the GPRS level (specified in the Technical Report 3GPP TR 33.978 [20]). Finally, a variation of the early IMS security solution has been customized for the fixed IMS access in the so-called NASSIMS bundled authentication. We expect new security mechanisms to be added in later IMS releases. The following sections address all of these security aspects.
12.1 Access Security
A user accessing the IMS first needs to be authenticated and then authorized to use IMS before they can use any IMS services. The ...
