A vulnerability assesment framework for the IMS

Includes bibliography.With multimedia services being made available via more and more devices to end users, it is no longer feasible to develop a delivery platform for each new type of service. The IP multimedia subsystem (IMS) aims to provide a unified service delivery platform capable of supporting a wide range of multimedia, data and voice services. It has been developed with a focus on content delivery and rich communications, and has already begun to replace existing legacy GSM network components. The IMS is intended to be an access agnostic platform, capable of providing services over both mobile and fixed networks using a multi-access all-IP platform. By providing a feature-rich all IP platform, operators are able to deploy open IP-based networks, allowing for easy deployment and development of new, rich multimedia centric communication services. With the IMS in place, an operator may take the role of a service broker, providing them with far more revenue generating opportunities than just traditional voice and data. Application services may leverage the functionality provided by the IMS to create new services quickly while allowing them to be easily integrated into the network infrastructure. With the IMS gaining more and more attention from telecoms operators, and already being adopted by some, the ability to assess the security of the system becomes critical to the success of the IMS platform. While the 3GPP has placed emphasis on security throughout the development of the IMS, implementation is left up to vendors looking to create their own IMS systems. Implementation specific vulnerabilities may be missed by standard quality assurance testing, as they may be triggered only by boundary or near boundary conditions, or non-standard or unexpected state transitions