From a SIP perspective, the S-CSCF is the registrar, responsible for authenticating
all subscribers who attempt to register their location with the network. When challenged,
the S-CSCF will force the subscriber device to send another REGISTER message
carrying the proper credentials and authentication keys prior to granting access
to services.
This is one function that is not common in today??™s VoIP implementations. Too often
softswitches (which is where the call control is managed today) do not have robust security
functions, and they do not challenge every subscriber device when accessed. This
is one of the areas where the 3GPP specifications have improved on VoIP security.
The S-CSCF saves the following information about a registered device after
registration:
?– HSS address
?– User profile
?– P-CSCF address (the entry point during registration)
?– P-CSCF domain (in the event the device entered through another network)
?– Public user identity
?– Private user identity
?– Device IP address
Duplicating this function throughout the network in a mesh configuration would be
extremely difficult, not to mention inefficient. Using a core function for security and
access control is the spirit of the IMS and has already been proven as a winning proposition
by wireless providers.
Placing these functions at the edge of the network (as in Session Border Control) also
does not make sense, because many times attacks are made from within the network.
Pages:
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65