Abstract
IP multimedia subsystem (IMS) is becoming the prevailing candidate for managing future mobile multimedia communications, including critical communications such as public safety, emergency professionals and corporate networks. IMS security and privacy has gained much attention in the few last years. The review of recent IMS security activities stresses the inclusion of intermediate nodes in the media path of secured communications as an open issue. This paper presents an end-to-middle-to-end solution which enables the usage of IMS media plane elements such as recorders, transcoders and novel cross-ciphering functions in a secure way. The proposed solution, which is fully compliant with IMS, includes the network architecture, the signaling plane for session signaling and key management, and the media-plane security characteristics. Experimental results demonstrate that the proposed solution can provide media interoperability (both transcoding and cross-ciphering) with a cost of 17 % overhead to a standard IMS call setup in the signaling plane.
Similar content being viewed by others
References
3rd Generation Partnership Project (2000). IP Multimedia Subsystem (IMS); Stage 2. Technical Specification 23.228. 3GPP. Accessed September 28, 2010, from http://www.3gpp.org/ftp/Specs/html-info/23228.htm
3rd Generation Partnership Project (2001). 3G security; Access security for IP-based services. Technical Specification 33.203. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33203.htm
3rd Generation Partnership Project (2001). IP Multimedia (IM) session handling; IM call model; Stage 2. Technical Specification 23.218. 3GPP. Accessed July 10, 2010, from http://www.3gpp.org/ftp/Specs/html-info/23218.htm
3rd Generation Partnership Project (2002). 3G security; Network Domain Security (NDS); IP network layer security. Technical Specification 33.210. 3GPP. http://www.3gpp.org/ftp/Specs/html-info/33210.htm
3rd Generation Partnership Project (2009). IP Multimedia Subsystem (IMS) media plane security. Technical Specification 33.328. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33328.htm
3rdGeneration Partnership Project (2009-2012). IP Multimedia Subsystem (IMS) media plane security. Technical Report 33.828. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33828.htm
Aloudat, A., Michael, K.: Toward the regulation of ubiquitous mobile government: a case study on location-based emergency services in Australia. Electronic Commerce Research 11(1), 3174 (2011)
Andreasen, F., Baugher, M.,& Wing, D. (2006). Session Description Protocol (SDP) Security Descriptions for Media Streams. RFC 4568. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc4568.txt
Arkko, J., Carrara, E., Lindholm, F., Naslund, M., & Norrman,K. (2004). MIKEY:Multimedia Internet KEYing. RFC 3830. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc3830.txt
Arkko, J., Naslund, M., Norrman, K., & Carrara, E. (2006) Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP). RFC 4567. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc4567.txt
Baugher, M., McGrew, D., Naslund, M., Carrara, E., & Norrman, K. (2004). The Secure Real-time Transport Protocol (SRTP). RFC 3711. IETF. AccessedMarch 15, 2010, from http://www.ietf.org/rfc/rfc3711.txt
Cakulev, V., & Sundaram, G. (2011). MIKEY-IBAKE: Identity-Based Authenticated Key Exchange (IBAKE) Mode of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6267. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc6267.txt
Chang, K.-D., Chen, C.-Y., Chen, J.-L., Chao, H.-C.: Challenges to next generation services in IP multimedia subsystem. Journal of Information Processing Systems 6(2), 129–146 (2010)
Chen, X., Lian, S.: Service and P2P based secure media sharing in mobile commerce environments. Electronic Commerce Research 11(1), 91101 (2011)
Dolan, M.F., Tatesh, S., Casati, A., Tsirtsis, G., Anchan, K., Flore, D.: LTE for public safety networks. IEEE Communications Magazine 51(2), 106–112 (2012)
Forsberg, D., Horn, G., Moeller, W.-D., Niemi, V.: Security for Voice over LTE. LTE Security, pp. 201–214. Wiley, Chichester (2010)
Floroiu, J., & Sisalem, D. (2009). A comparative analysis of the security aspects of the multimedia key exchange protocols. In Proceedings of the 3rd international conference on principles, systems and applications of IP telecommunications. doi:10.1145/1595637.1595640.
Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Communications Surveys & Tutorials 8(1), 68–81 (2006)
Gurbani, V.K., Kolesnikov, V.: A survey and analysis of media keying techniques in the session initiation protocol (SIP). IEEE Communications Surveys & Tutorials 13(2), 183–198 (2011)
Hunter, M. T., Clark, R. J., & Park, F. S. (2007) Security issues with the IP multimedia subsystem (IMS). In Proceedings of the 2007 Workshop on Middleware for next-generation converged networks and applications. doi:10.1145/1376878.1376887.
Kambourakis, G., Kolias, C., Gritzalis, S., Park, J.-H.: DoS attacks exploiting signaling in UMTS and IMS. Computer Communications 34(2011), 226235 (2011)
Keromytis, A.D.: A comprehensive survey of voice over IP security research. IEEE Communications Surveys & Tutorials 14(2), 514–537 (2012)
Manzer, E. (2012). Evolution and deployment of VoLTE (Voice-over-Long-Term-Evolution). e & i Elektrotechnik und Informationstechnik. doi:10.1007/s00502-012-0049-5.
Mascha, M.F., Miller, C.L., Janvrin, D.J.: The effect of encryption on Internet purchase intent in multiple vendor and product risk settings. Electronic Commerce Research 11(4), 401419 (2011)
McGrew, D. (2011). The Use of AES-192 and AES-256 in Secure RTP. RFC 6188. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc6188.txt
Mattsson, J., & Tian, T. (2011). MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6043. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc6043.txt
Onofrei, A.A., Rebahi, Y., Magedanz, T.: Preventing distributed denial-of-service attacks on the IMS Emergency services support through adaptive firewall pinholing. International Journal of Next-Generation Networks. 2(1), 1–17 (2010)
Petrova, K., Wang, B.: Location-based services deployment and demand: A roadmap model. Electronic Commerce Research 11(1), 529 (2011)
Rosenberg, J., & Schulzrinne, H. (2002). AnOffer/Answer Model with the Session Description Protocol (SDP). RFC 3264. IETF. Accessed March 15, 2010, from http://www.ietf.org/rfc/rfc3264.txt
Tan, Z.: An efficient identity-based tripartite authenticated key agreement protocol. Electronic Commerce Research 12(4), 505518 (2012)
The Global mobile Suppliers Association (2010). Evolution to LTE. Report. GSA. Accessed November 10, 2012, from http://www.gsacom.com/downloads/pdf/GSA_Evolution_to_LTE_report_011112.php4
Vrakas, N., Geneiatakis, D., Lambrinoudakis, C.: Evaluating the security and privacy protection level of IP multimedia subsystem environments. IEEE Communications Surveys & Tutorials (2013). doi:10.1109/SURV.2012.072412.00169
Zimmermann, P., Johnston, A. (Ed.), & Callas, J. (2011). ZRTP: Media Path Key Agreement for Unicast Secure RTP. RFC 6189. IETF. Accessed November 11, 2012, from http://www.ietf.org/rfc/rfc6189.txt
Acknowledgements
The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement 284863 (FP7 SEC GERYON).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Fajardo, J.O., Liberal, F., Li, F. et al. End-to-middle-to-end solution for IMS media plane security. Electron Commer Res 19, 719–746 (2019). https://doi.org/10.1007/s10660-019-09367-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-019-09367-2