It should be noted here, however, that even
though the two networks are sharing information about subscribers??™ ability to roam, the
visited network does not have carte blanche access to the home network??™s HSS.
Authorization prevents subscribers from accessing services they are not entitled to
use. When it is combined with authentication and integrity, an operator can be assured
that only subscribers authorized to access the network and authorized to use services
requested are given service.
Confidentiality
Confidentiality uses encryption to block unauthorized sources from viewing SIP messages.
This can be an important aspect of the IMS network where interconnection to
other networks is provided. Keep in mind that unlike bit-oriented protocols (such as
SS7 and ATM), the SIP messages are in plain text. This means that anyone capable of
intercepting the messages, or eavesdropping on the network, will be able to read the
full contents of SIP signaling.
This includes authentication data and route lists. If these headers are not encrypted
and protected from unauthorized eyes, the operator risks a man-in-the-middle attack
and possible session/registration hijacking. If the SIP message contains a text message,
the perpetrator is able to read the text message and even intercept it.
146 Chapter 6
Encryption then becomes an important aspect of the IP implementation.
Pages:
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303