Abstract
The IP Multimedia Subsystem (IMS) is an access-independent, IP based, service control architecture. Users’ authentication to the IMS takes place through the AKA (Authentication and Key Agreement) protocol, while Generic Bootstrapping Architecture (GBA) is used to authenticate users before accessing the multimedia services over HTTP. In this paper, we focus on the performance analysis of an IMS Service Authentication solution that we proposed and that employs the Identity Based Cryptography (IBC) to personalize each user access. We carry out the implementation of this solution on top of an emulated IMS architecture and evaluate its performance through different clients’ access scenarios. Performance results indicate that increase in the number of clients does not influence the average processing time and the average consumed resources of the GBA entities during the authentication. We also notice that the Bootstrapping Server Function (BSF) presents a bottleneck during the service authentication which helps in giving some guidelines for the GBA entities deployment.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Abbreviations
- 3GPP:
-
Third Generation Partnership Project
- AKA:
-
Authentication and Key Agreement
- AS:
-
Application Server
- BSF:
-
Bootstrapping Server Function
- B-TID:
-
Bootstrapping Transaction Identifier
- CK:
-
Cipher Key
- CSCFs:
-
Call State Control Functions
- ECC:
-
Elliptic Curve Cryptography
- ECDSA:
-
Elliptic Curve Digital Signature Algorithm
- ECDH:
-
Elliptic Curve Diffie-Hellman
- GBA:
-
Generic Bootstrapping Architecture
- GUSS:
-
GBA User Security Settings
- HSS:
-
Home Subscriber Server
- HTTP:
-
Hyper Text Transfer Protocol
- IBC:
-
Identity Based Cryptography
- I-CSCF:
-
Interrogating Call State Control Function
- IK:
-
Integrity Key
- IMPI:
-
IP Multimedia Private Identity
- IMPU:
-
IP Multimedia Public Identity
- IMS:
-
IP Multimedia Subsystem
- ISIM:
-
IP Multimedia Services Identity Module
- Kpiv :
-
User’s private key
- Kpub :
-
User’s pubic key
- Ks:
-
Key Material
- Ks-NAF:
-
NAF specific key
- NAF:
-
Network Application Function
- NAF-ID:
-
NAF identity
- NAI:
-
Network Access Identifier
- NGN:
-
Next Generation Network
- P-CSCF:
-
Proxy Call State Control Function
- PKG:
-
Private Key Generator
- RAND:
-
Random challenge in authentication
- S-CSCF:
-
Serving Call State Control Function
- SA-IBC:
-
Service Authentication based on IBC
- SHA:
-
Secure Hash Algorithm
- SIP:
-
Session Initiation Protocol
- SQN:
-
Sequence numbers
- TISPAN:
-
Telecoms & Internet converged Services & Protocols for Advanced Networks
- UE:
-
User Equipment
- UMTS:
-
Universal Mobile Telecommunication Standard
- VoIP:
-
Voice over IP
- XRES:
-
Expected response in authentication
References
Camarillo, G., & Garcia-Martin, M.-A. (2004). The 3G IP multimedia subsystem (IMS): merging the Internet and the Cellular Worlds. Hoboken: Wiley.
3GPP TS 31.103: Characteristics of the IP multimedia services identity module (ISIM) application.
RFC 3310 (2002). Hypertext transfer protocol (HTTP) digest authentication using authentication and key agreement (AKA).
3GPP TS 133.220. Generic authentication architecture (GAA). Generic bootstrapping architecture.
Sher, M., & Magedanz, T. (2006). Secure access to IP multimedia services using generic bootstrapping architecture (GBA) for 3G & beyond mobile networks. Q2SWinet 2006: pp. 17–24.
Priselac, D., & Mikuc, M. Security risks of pre-IMS AKA access security solutions. Available in http://www.ericsson.com/hr/etk/dogadjanja/mipro_2008/1227.pdf.
3GPP2 S.R0086-0: IMS security framework.
Wu, L., Zhangb, Y., & Wang, F. (2009). A new provably secure authentication and key agreement protocol for SIP using ECC. Computer Standards & Interfaces, 31(2), 286–291.
Ring, J., Choo, K. Raymond, & Foo, E. (2007). One-pass authentication and key agreement procedure in IP multimedia subsystem for UMTS. In Advanced information networking and applications, AINA (pp. 482–489).
Ring, J., Choo, K.R., & Foo, E. (2006). A new authentication mechanism and key agreement protocol for SIP using identity-based cryptography. In AusCERT2006 R&D stream, Gold Coast, Australia.
Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Lecture notes in computer science: Vol. 2139. Proceedings of CRYPTO ’01 (pp. 213–229). Berlin: Springer.
Abid, M., Song, S., Moustafa, H., & Afifi, A. (2009). Efficient identity-based authentication for IMS based services access. In ACM mobile computing & multimedia (MOMM 09) (pp. 278–284).
3rd generation partnership project (3GPP). http://www.3gpp.org/.
Telecoms & Internet converged services & protocols for advanced networks (TISPAN). http://www.etsi.org/tispan/.
3GPP technical specification TS 33.102: 3G security. Security architecture.
3GPP TS 33.203: 3G security. Access security for IP-based services.
3GPP TS 33.210: 3G security. Network domain security (NDS). IP network layer security.
3GPP TS 123 228. IP multimedia subsystem (IMS); Stage 2.
Shamir, A. (1984) Identity-based cryptosystems and signature schemes. In: CRYPTO 84.
ANSI X9.62 (1999), The elliptic curve digital signature algorithm (ECDSA), American Bankers Association.
ANSI X9.63 (1999), Elliptic curve key agreement and key transport protocols, American Bankers Association.
Levine, J. R., Mason, T., & Brown, D. (1992). LEX & YACC, (2nd edn). pp. 1–2. Sebastopol: O’Reilly. ISBN 1-56592-000-7.
Miracl: multiprecision integer and rational arithmetic C/C++ library. Available in http://www.shamus.i.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Song, S., Abid, M., Moustafa, H. et al. Performance evaluation of an authentication solution for IMS services access. Telecommun Syst 52, 2205–2218 (2013). https://doi.org/10.1007/s11235-011-9543-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-011-9543-z