“securing ip multimedia subsystem (ims) infrastructures …,” m. tsagkaropoulos university of...
TRANSCRIPT
![Page 1: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/1.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
““Securing IP Multimedia Subsystem Securing IP Multimedia Subsystem (IMS) infrastructures: protection (IMS) infrastructures: protection
against attacksagainst attacks ””
M. TsagkaropoulosM. Tsagkaropoulos
Dept. Of Electrical and Computer EngineeringWireless Telecommunications Laboratory
University of PatrasPatras 26500
GreeceEmail: [email protected]
![Page 2: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/2.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Agenda
NGN Networks IMS Architecture IMS Security Framework Vulnerabilities in IMS Security Mechanisms & enhancements Conclusions
![Page 3: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/3.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
NGN Vision (1)
• Transition to an “All-IP” network infrastructure.
• Convergence among network and services.• Support of heterogeneous access
technologies (e.g. WLANs, WiMAX, xDSL, etc).• Unified control architecture to manage
application and services.
![Page 4: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/4.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
NGN Vision (2)
• Seamless handovers across both homogeneous and heterogeneous wireless technologies.
• Mobility, nomadicity and QoS support on or above IP layer.
• Provisioning of triple-play services creating a service bundle of unifying video,voice and Internet.
![Page 5: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/5.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Converged Network ConceptConverged Network Concept
IP Network
ManagementControl Signalling
APWiMAX
UMTS/WCDMA,HSDPA, LTE
AP
WLAN
AAA
Application
Policing
ServerFarm
Internet
![Page 6: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/6.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Convergence Realization
• Common service delivery platform on fixed, mobile/wireless, broadcast and IP-based networks
• IP Multimedia Subsystem (IMS)– Originally standardized by 3GPP and 3GPP2 in
the mobile world– Extended for fixed domain ETSI (TISPAN,
NGN), ITU-T
![Page 7: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/7.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IP Multimedia Subsystem (IMS)
• Goal– Access, Security, Mobility, QoS, Charging,
Service Platform Integration
• Extended Functionalities – IMS is the central point of control multiple
applications and services – Handling of different user profiles– Service Discovery
![Page 8: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/8.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Architecture• Signaling Plane
– Proxy Call/Session Control Function
– Interrogating (I-CSCF)
– Serving CSCF (S-CSCF)
– Media Gateway Function
• Application Plane– Application Servers
• Presence, Instant Messaging
– Home Subscriber Subsystems
• Media Server
![Page 9: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/9.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Security Architecture
![Page 10: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/10.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Vulnerabilities
• Denial of Service • SQL Injection• Eavesdropping• Tearing down sessions• Registration hijacking• Session hijacking• Impersonating a server• Man in the middle
![Page 11: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/11.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Existing Security Plane
• Authentication & Key Agreement between IM subscriber and home network
• Security Mechanism Agreement between IM client and visited network
• Integrity Protection and Confidentiality• Network Domain Security between different
Domains (?)• Existing GPRS/UMTS Access Security
![Page 12: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/12.jpg)
IDS“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Security Mechanisms
• BYE&CANCEL attacks• Eavesdropping• Registration& Session
Hijacking• Man-In-the-Middle attacks• SIP Message flooding• SQL Injection
IPSec & TLS
IPSec & TLS
Authentication &AuthorizationAuthentication &AuthorizationNoneNone
![Page 13: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/13.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Proposed Security Architecture
P-CSCFS-CSCF
ISC
MwMwHSS
Cx
Gm
IMS Client (Alice)
Application Servers Farm IMS Core
I-CSCFIDSInternet
(IP connectivity)
User ListBlacklist
Attack Detectio
n
SERSIP Server Detection
Rules
IDS
![Page 14: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/14.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IMS Security Target
• Handling Protocol Vulnerabilities
• Protection against Attacks
• SPAM Handling
![Page 15: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/15.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IDS Use Cases
Detection Register Flooding
Detection Invite
flooding
Detection SQL
injection
Detection Malformed
Msg
IDS
P-CSCF Detection
Attacks Detection
![Page 16: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/16.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Testing Tools• Traffic Generator
– SIPp: SIP Traffic generator
– Seagull: IMS Traffic Generator
• IMS Client– Ericsson Service Development Studio (SDS)
– UCT IMS Client
• Attacker– Developed C++ Tool for specific attacks
• IMS Core– FOKUS’s Open Source IP Multimedia Subsystem (IMS) Core
![Page 17: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/17.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
IDS Process DelayNumber of SIP
messagesProcessing Delay
(ms)
10 0,2
50 3,8
100 4,2
![Page 18: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/18.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Future Work
• Extended Functionalities of IDS System• Optimize processing load• Interaction with deployed services• Stand alone implementation at Application
Servers• Definition of relationships/dependencies
among partners• ...
![Page 19: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/19.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Conclusions
• IMS Deployment towards NGN vision• Identification of IMS vulnerabilities• Enhanced IMS security framework • Integration of Intrusion Detection System• Experimental Testbed• Future steps
![Page 20: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/20.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Questions
![Page 21: “Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless](https://reader035.vdocument.in/reader035/viewer/2022062717/56649e555503460f94b4c598/html5/thumbnails/21.jpg)
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
47th FITCE CongressLondon 2008
Thank you for your attentionThank you for your attention
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
WirelessWireless Telecommunication LaboratoryTelecommunication Laboratory
Michail TsagkaropoulosMichail Tsagkaropoulosmailto: [email protected]
http://www.wltl.ee.upatras.gr/cones