The challenge is talked about several times in this book and is one of the fundamental
differences between traditional (if there exists such a thing) Voice over IP (VoIP) networks
and the IMS. Many VoIP networks today do not challenge subscriber devices when they
are accessing the network. Indeed many of the VoIP fraud cases this author has researched
were a direct result of no authentication within the network. Authentication is paramount
to ensuring services are accessed only by those authorized to use the network.
There are a number of ways that this can work. We are talking about one example
where precalculated security keys are stored in the device and the HSS in the network,
but there can be automated methods where algorithms are implemented to dynamically
assign security keys as devices register. This would work much like security tokens
used for accessing data networks today. Each private user identity is associated
with a security key and at least one of its public user identities as well. In reality, all
user identities should be associated with security keys. They are stored in the HSS, and
in the ISIM of the subscriber device.
When the subscriber sends the REGISTER message to begin registration procedures,
the I-CSCF assigns an S-CSCF. The S-CSCF acts as the registrar in the SIP domain
and will challenge the subscriber device to authenticate the subscriber.
Pages:
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326