Skip to main content
SpringerLink
Log in

End-to-middle-to-end solution for IMS media plane security

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

IP multimedia subsystem (IMS) is becoming the prevailing candidate for managing future mobile multimedia communications, including critical communications such as public safety, emergency professionals and corporate networks. IMS security and privacy has gained much attention in the few last years. The review of recent IMS security activities stresses the inclusion of intermediate nodes in the media path of secured communications as an open issue. This paper presents an end-to-middle-to-end solution which enables the usage of IMS media plane elements such as recorders, transcoders and novel cross-ciphering functions in a secure way. The proposed solution, which is fully compliant with IMS, includes the network architecture, the signaling plane for session signaling and key management, and the media-plane security characteristics. Experimental results demonstrate that the proposed solution can provide media interoperability (both transcoding and cross-ciphering) with a cost of 17 % overhead to a standard IMS call setup in the signaling plane.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. 3rd Generation Partnership Project (2000). IP Multimedia Subsystem (IMS); Stage 2. Technical Specification 23.228. 3GPP. Accessed September 28, 2010, from http://www.3gpp.org/ftp/Specs/html-info/23228.htm

  2. 3rd Generation Partnership Project (2001). 3G security; Access security for IP-based services. Technical Specification 33.203. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33203.htm

  3. 3rd Generation Partnership Project (2001). IP Multimedia (IM) session handling; IM call model; Stage 2. Technical Specification 23.218. 3GPP. Accessed July 10, 2010, from http://www.3gpp.org/ftp/Specs/html-info/23218.htm

  4. 3rd Generation Partnership Project (2002). 3G security; Network Domain Security (NDS); IP network layer security. Technical Specification 33.210. 3GPP. http://www.3gpp.org/ftp/Specs/html-info/33210.htm

  5. 3rd Generation Partnership Project (2009). IP Multimedia Subsystem (IMS) media plane security. Technical Specification 33.328. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33328.htm

  6. 3rdGeneration Partnership Project (2009-2012). IP Multimedia Subsystem (IMS) media plane security. Technical Report 33.828. 3GPP. Accessed December 20, 2010, from http://www.3gpp.org/ftp/Specs/html-info/33828.htm

  7. Aloudat, A., Michael, K.: Toward the regulation of ubiquitous mobile government: a case study on location-based emergency services in Australia. Electronic Commerce Research 11(1), 3174 (2011)

    Article  Google Scholar 

  8. Andreasen, F., Baugher, M.,& Wing, D. (2006). Session Description Protocol (SDP) Security Descriptions for Media Streams. RFC 4568. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc4568.txt

  9. Arkko, J., Carrara, E., Lindholm, F., Naslund, M., & Norrman,K. (2004). MIKEY:Multimedia Internet KEYing. RFC 3830. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc3830.txt

  10. Arkko, J., Naslund, M., Norrman, K., & Carrara, E. (2006) Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP). RFC 4567. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc4567.txt

  11. Baugher, M., McGrew, D., Naslund, M., Carrara, E., & Norrman, K. (2004). The Secure Real-time Transport Protocol (SRTP). RFC 3711. IETF. AccessedMarch 15, 2010, from http://www.ietf.org/rfc/rfc3711.txt

  12. Cakulev, V., & Sundaram, G. (2011). MIKEY-IBAKE: Identity-Based Authenticated Key Exchange (IBAKE) Mode of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6267. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc6267.txt

  13. Chang, K.-D., Chen, C.-Y., Chen, J.-L., Chao, H.-C.: Challenges to next generation services in IP multimedia subsystem. Journal of Information Processing Systems 6(2), 129–146 (2010)

    Article  Google Scholar 

  14. Chen, X., Lian, S.: Service and P2P based secure media sharing in mobile commerce environments. Electronic Commerce Research 11(1), 91101 (2011)

    Article  Google Scholar 

  15. Dolan, M.F., Tatesh, S., Casati, A., Tsirtsis, G., Anchan, K., Flore, D.: LTE for public safety networks. IEEE Communications Magazine 51(2), 106–112 (2012)

    Google Scholar 

  16. Forsberg, D., Horn, G., Moeller, W.-D., Niemi, V.: Security for Voice over LTE. LTE Security, pp. 201–214. Wiley, Chichester (2010)

    Chapter  Google Scholar 

  17. Floroiu, J., & Sisalem, D. (2009). A comparative analysis of the security aspects of the multimedia key exchange protocols. In Proceedings of the 3rd international conference on principles, systems and applications of IP telecommunications. doi:10.1145/1595637.1595640.

  18. Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Communications Surveys & Tutorials 8(1), 68–81 (2006)

    Article  Google Scholar 

  19. Gurbani, V.K., Kolesnikov, V.: A survey and analysis of media keying techniques in the session initiation protocol (SIP). IEEE Communications Surveys & Tutorials 13(2), 183–198 (2011)

    Article  Google Scholar 

  20. Hunter, M. T., Clark, R. J., & Park, F. S. (2007) Security issues with the IP multimedia subsystem (IMS). In Proceedings of the 2007 Workshop on Middleware for next-generation converged networks and applications. doi:10.1145/1376878.1376887.

  21. Kambourakis, G., Kolias, C., Gritzalis, S., Park, J.-H.: DoS attacks exploiting signaling in UMTS and IMS. Computer Communications 34(2011), 226235 (2011)

    Google Scholar 

  22. Keromytis, A.D.: A comprehensive survey of voice over IP security research. IEEE Communications Surveys & Tutorials 14(2), 514–537 (2012)

    Article  Google Scholar 

  23. Manzer, E. (2012). Evolution and deployment of VoLTE (Voice-over-Long-Term-Evolution). e & i Elektrotechnik und Informationstechnik. doi:10.1007/s00502-012-0049-5.

  24. Mascha, M.F., Miller, C.L., Janvrin, D.J.: The effect of encryption on Internet purchase intent in multiple vendor and product risk settings. Electronic Commerce Research 11(4), 401419 (2011)

    Article  Google Scholar 

  25. McGrew, D. (2011). The Use of AES-192 and AES-256 in Secure RTP. RFC 6188. IETF. Accessed June 8, 2012, from http://www.ietf.org/rfc/rfc6188.txt

  26. Mattsson, J., & Tian, T. (2011). MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY). RFC 6043. IETF. Accessed October 8, 2012, from http://www.ietf.org/rfc/rfc6043.txt

  27. Onofrei, A.A., Rebahi, Y., Magedanz, T.: Preventing distributed denial-of-service attacks on the IMS Emergency services support through adaptive firewall pinholing. International Journal of Next-Generation Networks. 2(1), 1–17 (2010)

    Article  Google Scholar 

  28. Petrova, K., Wang, B.: Location-based services deployment and demand: A roadmap model. Electronic Commerce Research 11(1), 529 (2011)

    Article  Google Scholar 

  29. Rosenberg, J., & Schulzrinne, H. (2002). AnOffer/Answer Model with the Session Description Protocol (SDP). RFC 3264. IETF. Accessed March 15, 2010, from http://www.ietf.org/rfc/rfc3264.txt

  30. Tan, Z.: An efficient identity-based tripartite authenticated key agreement protocol. Electronic Commerce Research 12(4), 505518 (2012)

    Article  Google Scholar 

  31. The Global mobile Suppliers Association (2010). Evolution to LTE. Report. GSA. Accessed November 10, 2012, from http://www.gsacom.com/downloads/pdf/GSA_Evolution_to_LTE_report_011112.php4

  32. Vrakas, N., Geneiatakis, D., Lambrinoudakis, C.: Evaluating the security and privacy protection level of IP multimedia subsystem environments. IEEE Communications Surveys & Tutorials (2013). doi:10.1109/SURV.2012.072412.00169

    Google Scholar 

  33. Zimmermann, P., Johnston, A. (Ed.), & Callas, J. (2011). ZRTP: Media Path Key Agreement for Unicast Secure RTP. RFC 6189. IETF. Accessed November 11, 2012, from http://www.ietf.org/rfc/rfc6189.txt

Download references

Acknowledgements

The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement 284863 (FP7 SEC GERYON).

Author information

Authors and Affiliations

  1. Departmento Ingenieria de Comunicaciones, University of the Basque Country (UPV/EHU), ETSI Bilbao, Almda Urquijo s/n, 48013, Bilbao, Spain

    Jose Oscar Fajardo & Fidel Liberal

  2. Centre for Security, Communications and Network Research (CSCAN), Plymouth University, Portland Square, Plymouth, PL4 8AA, UK

    Fudong Li, Nathan Clarke & Is-Haka Mkwawa

Authors
  1. Jose Oscar Fajardo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fidel Liberal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fudong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nathan Clarke
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Is-Haka Mkwawa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jose Oscar Fajardo.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fajardo, J.O., Liberal, F., Li, F. et al. End-to-middle-to-end solution for IMS media plane security. Electron Commer Res 19, 719–746 (2019). https://doi.org/10.1007/s10660-019-09367-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-019-09367-2

Keywords

Search

Navigation