In an IMS Security test, the MN must participate in either IMS AKA or HTTP Digest authentication or HTTP Basic and must provide credentials that will be acceptable to the IMS. You can include one of these authentication methods in the DMF with the Security Options settings and then use an EXECUTE_AKA event to calculate challenge and keying material. Special Auto-Fill Fields capture challenge information and insert the calculated response as well as explicitly defined values.
This topic describes the authentication settings that can be used on the client and server sides. If the Network Host is local, the same settings are used for both sides. The topics listed under Related Parameters describe the other DMF components used during IMS Security testing.
|
IMS AKA |
HTTP Digest |
|
HTTP Basic Auth |
|
Use the checkboxes to select the type of authentication that will be supported by the DMF. Only one method can be selected.
Enable IMS AKA (Select the AKA Version)
Enable HTTP Digest
Enable HTTP Basic Auth
The algorithm used to calculate authentication credentials for IMS AKA or HTTP Digest.
Options: md5, md5-sess
Default: md5
Available when Enable HTTP Basic is selected. Enter the Username used for HTTP Basic authentication.
Range: Up to 34 characters, cannot contain ":"
Default: username01
The key associated with the MN's IMS private identity. The MN and the HSS both maintain this key and the HSS informs the S-CSCF of an MN's private key during the registration process.
Range: Up to 32 hexadecimal digits, prefixed by "0x," or 34 string characters
Default: 0x00
The MN's HTTP Digest password.
Range: Up to 32 hexadecimal digits, prefixed by "0x," or 34 string characters
Default: 0x00
The 128-bit, operator-specific MILENAGE constant (OP) provisioned for the network.
Range: Up to 32 hex characters, excluding "0x."
Default: 0x63BFA50EE6523365FF14C1F45F88737D
If your test includes Data IPSec, the resulting AKA keying material will also be used for IPSec when this box is checked and IPSec is configured for Pre-Provisioned mode. Use an IPSEC_TUNNEL_n_START event to begin SA establishment after AKA is complete.
The URI of the authenticating server. The combination of URI and realm uniquely identifies the protected space and the database used for authentication. One server could be partitioned to support many realms.
Range: N/A
Default: N/A
The Client Nonce is transmitted in the client's authentication response and is used by both the client and server for mutual authentication and message integrity protection.
Range: N/A
Default: N/A
The number of times the client has transmitted the same CNonce. The value is formatted as a string and will retain leading zeros. The server uses this value for replay protection and should reject responses with a duplicate Nonce Count.
Range: One of the following:
"0x" followed by 1 to 16 hex characters (0x0 - 0xFFFFFFFFFFFFFFFF), including padding such as: 0x0000000000000001
Up to 18 digits (0 - 999999999999999999), including padding such as: 00000000000000001
Default: N/A
On the server side, you can use this checkbox to define a static RAND that will be sent in every IMS AKA challenge.
Range: Up to 32 hex characters, excluding "0x."
Default: 0x00000000000000000000000000000001
On the server side, you can use this checkbox to define a static Nonce that will be sent in every HTTP Digest challenge.
Range: Up to 32 hex characters, excluding "0x."
Default: 0x00000000000000000000000000000001
The Host URI of the authenticating server. The combination of URI and realm uniquely identifies the protected space and the database used for authentication. One server could be partitioned to support many realms.
Range: N/A
Default: N/A