10.15. Early IMS Security
10.15.1. Example IMS registration with fallback to early IMS security
In Section 3.19 the general principles and requirements for early IMS security are described. Figure 10.17 shows how early IMS security works in principle when the network requires IP-based authentication and the UE supports both – i.e., full IMS security as well as early IMS security. There are other possible scenarios, which are listed in Section 10.15.2.
When the UE establishes an IMS signalling PDP context, the GGSN creates a RADIUS "Accounting-Request START" request towards the GGSN, in which it indicates the user's Mobile Subscriber Integrated Services Digital Network (MSISDN) number (i.e., the phone number) as well as the IP address for the IMSspecific PDP context.
After establishing a signalling PDP context the UE will send out an initial REGISTER request, as described in the previous sections, including the Authorization header, a Security-Client header as well as the "sec-agree" option tag in the Require and the Proxy-Require header:
REGISTER sip:home1.fr SIP/2.0
From: <sip:tobias@home1.fr>;tag=pohja
To: <sip:tobias@home1.fr>
Authorization: Digest username="tobias_private@home1.fr",
realm="home1.fr", nonce="",
uri="sip:home1.fr", response=""
Security-Client: digest, IPsec-3gpp; alg=hmac-sha-1-96
;spi-c=23456789 ;spi-s=12345678
;port-c=2468; port-s=1357
Require: sec-agree
Proxy-Require: sec-agree
Contact: <sip:[5555::1:2:3:4]>;expires=600000
Figure 10.17. Example early IMS ...
Get The IMS: IP Multimedia Concepts And Services, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
