Transiting networks obviously are not going to know the route taken in the originating
network, and therefore will have to establish their own route lists. When a message
Figure 6.1 Security associations between the subscriber device and the P-CSCF
Device P-CSCF
REGISTER
401 UNAUTHORIZED
(RAND/AUTN)
Port
5060/
5061
REGISTER
200 OK
200 OK
Protected
Port ??“
Security
Assoc 1
INVITE
Protected
Port ??“
Security
Assoc 2
154 Chapter 6
is sent to a transiting network, it should also be authenticated and a route list established
at that time. In other words, each network is responsible for its own authentication
and security procedures. No network should be considered as 100 percent trusted.
Certainly today there are many operators responsible for fraudulent and unethical
practices, sending traffic into legitimate operators??™ networks.
Another means of securing access into the IMS domain is by using the Interrogating-
CSCF (I-CSCF) as a gateway into the network. All other networks gain access to the
home network through the I-CSCF function. The I-CSCF then blocks network particulars
from other interconnecting operators.
For example, the addresses of the various network entities can be hidden from other
networks using topology hiding. This function encrypts headers such as VIA, RECORDROUTE,
ROUTE, and user identities. Only networks with business agreements in
place are given the encryption keys so that they can decrypt these headers and interoperate
with the home network.
Pages:
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321