This is one
of the reasons IPv6 has been defined as critical to IMS implementations. IPv6 is used
within a trusted domain for encrypting messages within the network and to prevent
eavesdropping within the network. Specifically, IPsec is used within the trusted domain
to protect sensitive data from being intercepted within the home network. TLS is used
between networks but can be substituted by other methods (these are the 3GPP recommendations).
Another form of confidentiality breach is acquiring the traffic from the network and
analyzing the traffic, calculating the time, rate, and length of the session or conversation,
the originator of the session, and the destination. This information can then be
used to determine a user??™s location, or if there is an important business decision about
to be made.
Traffic analysis can produce a lot of information if the perpetrator has access to the signaling
data. The software is readily available to make these calculations, but it should not
be assumed that this would always be an external attack. It could be a breach from within
the organization if a rogue employee has access to network monitoring equipment.
Of course, there is always sensitive data that is passed between the originating and
terminating parties, and between the networks themselves. Payment information, PIN
numbers, and other sensitive data can easily be captured in SIP domains and used by
rogue employees to gather personal data about subscribers.
Pages:
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304