However, IPsec is not useful when connecting to another
network. This requires TLS.
TLS works at the TCP (transport) level. It works best when connecting to two unknown
entities. For example, when transporting a message through multiple service
provider networks, TLS is used at the transit level. IPsec is used within the trusted
network entity.
TLS does not work well end-to-end. It is only useful when used in transit networks.
TLS can be used to prevent hackers from intercepting REGISTER messages and obtaining
subscribers??™ credentials in these transit networks, though. This is the strength
of TLS.
TLS provides authentication, integrity, and confidentiality as well and is recommended
by the 3GPP standards as a means of encryption for IMS in transit networks.
Of course it presents some challenges for the transit operators, because they will not
be able to see some of the encrypted headers, so they must enforce their connection
agreements to ensure they are providing access to their networks to authorized and
trusted operators.
Authentication and Key Agreement
I have been talking a lot about authentication of a subscriber, but I haven??™t really explained
how a subscriber device is authenticated. For a network to be able to authenticate
subscribers, there needs to be some exchange of security information between the
subscribers??™ devices and the network.
Pages:
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324