The device will
have the proper criteria as well, stored in its ISIM (IM Services Identity Module).
In the new REGISTER message the device adds the SIP header AUTHENTICATION
with the parameters RAND, AUTN, IK, and CK. These parameters are calculated by
the device using data provided by the S-CSCF in the 401 Unauthorized response.
Only the operator and the device know the algorithm used to create the correct response
based on the given data, so if another device from another operator attempts to use the
data provided, the calculation will be incorrect, and the authentication will fail.
If the subscriber is roaming in another provider??™s network, the visited network
S-CSCF will send the challenge and query the HSS of the home network to determine if
the subscriber is legitimate and has permissions to allow access to the visited network.
The S-CSCF in the visited network becomes the registrar for the subscriber while that
subscriber is roaming in the other network.
As mentioned before, authentication is absolutely paramount to any security initiative
and should be the first step to any security plan. The IMS provides the mechanism
for authentication within the IMS domain, which should solve some but not all security
problems. There are still other ways in which unauthorized access can be gained to an
IMS network.
The biggest challenge will be for wireline operators to provide some fashion of ISIM
that can be used to enable any device provided by the subscriber, as it is most likely
that subscribers will purchase their own devices from multiple sources for network
access.
Pages:
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329