Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing

Emergency services are vital services that Next Generation Networks (NGNs) have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs, 3GPP has carried the burden of specifying a standardized IMS-based emergency services framework. Unfortunately, like any other IP-based standards, the IMS-based emergency service framework is prone to Distributed Denial of Service (DDoS) attacks. We propose in this work, a simple but efficient solution that can prevent certain types of such attacks by creating firewall pinholes that regular clients will surely be able to pass in contrast to the attackers clients. Our solution was implemented, tested in an appropriate testbed, and its efficiency was proven.Comment: 17 Pages, IJNGN Journa

A business model for a sensors-enabled IMS environment

The IP Multimedia Subsystem (IMS) is one of the key components of third generation (3G) networks, while Wireless Sensor Networks (WSNs) are an emerging type of networks formed by a set of distributed sensor nodes that collaborate to monitor physical and environmental conditions. By integrating the sensing capabilities of WSNs in the IMS, a rich set of contextual information can be exploited to provide new and personalized multimedia services to IMS users. We have previously proposed a presence-based WSNs/IMS integration architecture, and discussed its design and implementation aspects. In this paper, we focus on the aspects needed for the practical deployment of this architecture. An enhanced IMS business model is proposed for the resulting sensors-enabled IMS environment, and several important support functions are elaborated, including: a two-level identification scheme, a charging model, security and information access control mechanisms, as well as WSN gateways\u27 dynamic discovery alternatives. © 2012 IEEE

The design and implementation of a wireless healthcare application for WSN-enabled IMS environments

The IP Multimedia Subsystem (IMS) is one of the key components of third generation (3G) networks, while Wireless Sensor Networks (WSNs) are an emerging type of networks formed by a set of distributed sensor nodes that collaborate to monitor environmental and physical conditions. Combining the capabilities of WSNs and the IMS opens the door to a wide range of personalized and adaptive value added services for 3G users. We have previously proposed a solution for WSN/IMS integration. This solution enriches the IMS architecture with context acquisition and management components, and enables access to those capabilities via standard IMS interfaces. Wireless healthcare is one of the important application areas that can benefit from the combined IMS/WSNs capabilities. In this paper, we focus on this application area and present a case study on the design and implementation of a context-aware IMS wireless healthcare application, that leverages the capabilities of our WSN/IMS integration solution. The application\u27s detailed scenario and IMS deployment architecture are presented and a prototype is built and tested using Ericsson\u27s IMS simulated environment. © 2013 IEEE

AAA architectures applied in multi-domain IMS (IP multimedia subsystem)

There is a group of communication services that use\ud resources from multiple domains in order to deliver their service.\ud Authorization of the end-user is important for such services,\ud because several domains are involved. There are no current\ud solutions for delivering authentication, authorization and\ud accounting (AAA) to multi-domain services. In our study we\ud present two architectures for the delivery of AAA to such\ud services. The architectures are analyzed on their qualitative\ud aspects. A result of this analysis is that direct interconnection of\ud AAA servers is an effective architectural solution. In current\ud multi-domain IP Multimedia Subsystem (IMS) architectures,\ud direct interconnection of AAA servers, such as the Home\ud Subscriber Servers (HSS), is not yet possible. In this paper we\ud argue and recommend to extend the IMS specification by adding\ud a new interface to HSS in order to support the direct\ud interconnection of HSS/AAA servers located in different IMS\ud administrative domains

Integrating identity-based cryptography in IMS service authentication

Nowadays, the IP Multimedia Subsystem (IMS) is a promising research field. Many ongoing works related to the security and the performances of its employment are presented to the research community. Although, the security and data privacy aspects are very important in the IMS global objectives, they observe little attention so far. Secure access to multimedia services is based on SIP and HTTP digest on top of IMS architecture. The standard deploys AKA-MD5 for the terminal authentication. The third Generation Partnership Project (3GPP) provided Generic Bootstrapping Architecture (GBA) to authenticate the subscriber before accessing multimedia services over HTTP. In this paper, we propose a new IMS Service Authentication scheme using Identity Based cryptography (IBC). This new scheme will lead to better performances when there are simultaneous authentication requests using Identity-based Batch Verification. We analyzed the security of our new protocol and we presented a performance evaluation of its cryptographic operationsComment: 13Page

IMS signalling for multiparty services based on network level multicast

3rd EURO-NGI Conference on Next Generation Internet Networks. Norwegian University of Science and Technology, Trondheim, Norway, 21-23 may 2007.The standardization process of the UMTS technology has led to the development of the IP Multimedia Subsystem (IMS). IMS provides a framework that supports the negotiation of the next generation multimedia services with QoS requirements that are envisioned for 3G networks. But even though many of these services involve the participation of multiple users in a multiparty arrangement, the delivery technology at network level is still unicast based. This approach is not optimum, in terms of transmission efficiency. In this paper, a new approach is presented proposing to use a network level multicast delivery technology for the multiparty services that are signalled through IMS. The main advantages and drawbacks related with this new approach are analyzed in the article. Finally, as a starting point in the development of the presented solution, a new SIP signalling dialogue is proposed allowing the negotiation of a generic multiparty service, and supporting at the same time the configuration of the corresponding network level multicast delivery service with QoS requirements that will be used in the user plane.Publicad