As shown in Section 3.8, the IMS is based on several security relations. Two of them – authentication between user and network, and the SAs between the UE and the P-CSCF – have an influence on SIP signalling (Figure 10.4). Authentication and SA establishment procedures in the IMS are directly coupled to SIP registration procedures.
IMS authentication is based on a shared secret and a sequence number (SQN), which is only available in the HSS and the ISIM application on the Universal Integrated Circuit Card (UICC) card in Tobias's UE. As the HSS never directly communicates with the UE, the S-CSCF performs the authentication procedures and all security-related parameters that are needed by the S-CSCF. The so-called Authentication Vector (AV) is downloaded by the S-CSCF from the HSS during registration.
In order to authenticate, Tobias sends his private user identity (in our example this is email@example.com) in the initial REGISTER request. This private user identity is stored within the ISIM application and is only used for authentication and registration procedures.
When receiving this REGISTER request, the S-CSCF downloads the AV from the HSS. The AV does not include the shared secret and the SQN itself, but does include (among other parameters):
a random challenge (RAND);
the expected result (XRES);
the network authentication token (AUTN);
the Integrity Key (IK); and
the Ciphering Key (CK).
These parameters enable the S-CSCF to perform ...