There are already
a number of devices that support ???sniffing??? the airwaves and capturing GSM signaling,
unless they are encrypted.
Security Procedures in the IMS 143
Keeping the subscriber confidential is also supported in the GSM world. The concept
of the private user identity and the public user identity actually comes from GSM. The
private user identity is maintained closely and kept from other networks, so only the
home network knows this identity.
Using GSM as a lesson learned, the authors of the IMS and SIP standards have defined
six security aspects and security threats associated with each of them:
?– Authentication & Authorization
?– Confidentiality
?– Eavesdropping
?– Masquerading
?– Traffic Analysis
?– Browsing
?– Leakage
?– Denial of Service
?– Integrity
?– Privacy
?– Non-repudiation
Authentication & Authorization
Authentication verifies subscriber devices on the basis of criteria assigned by the operator.
Each subscription (and its associated private user identities) is given authentication
keys for this purpose. The authentication keys are calculated using an algorithm
known to the operator network and the device. This means that the authentication key
changes based on the algorithm, making it difficult if not impossible to spoof.
The authentication process is a forced process, rather than implementation specific.
Pages:
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298