The IP Multimedia Subsystem (IMS) gives service providers the ability to securely deliver IP multimedia services to their subscribers while maintaining full control over access to those services. The IMS Security Testing feature, in conjunction with the Advanced Data and Dynamic IPSec features, allows you to test the network elements that are responsible for controlling access to the IMS.
After an MN has successfully joined a provider network (Access Network), it can attempt to register with the IMS and partake in IMS services. The Session Initiated Protocol (SIP) is used for IMS session control, and the Session Description Protocol (SDP) is used within SIP to describe the conditions required for content delivery. The following IMS network elements are involved in security, access control, and Call Session Control Function (CSCF) session management. Other functions performed by the elements such as QOS management, policy enforcement, and interaction with the network's accounting functions are beyond the scope of security testing.
P-CSCF — The Proxy CSCF performs the gateway function for the IMS. It establishes a secure connection with the MN using IPSec SAs and is always the MN's first point of contact. All SIP signalling between the MN and the IMS is routed through the P-CSCF, which also performs SIP compression and decompression. When an MN joins a foreign network, it may communicate with a local P-CSCF which in turn securely communicates with the IMS in the MN's home network.
I-CSCF — The Interrogating CSCF assigns an S-CSCF to an MN session during registration and conveys that information to the P-CSCF. If the P-CSCF is in a foreign network, the I-CSCF can shield the IMS nodes, capabilities, and capacities from discovery by the foreign network by routing SIP messages to the appropriate node.
S-CSCF — The Serving CSCF terminates the MN's SIP session and controls the MN's IMS session. It accepts SIP registrations, authenticates the MN with IMS AKA, authorizes the MN for IMS services, provides the registration information to the HSS, and routes the multimedia content to and from the MN.
HSS — The Home Subscriber Server is the data repository for the IMS. It contains subscriber identities including private keys, user-specific requirements that aid in S-CSCF selection, and active registration information.
The IMS Security Testing feature can be used with any data-capable test case. When it is used with a CDMA2000, GPRS, or UMTS test case, for example, you can test the access network elements as well as IMS network elements. When it is used with the IP Application Node test case, you can isolate IMS network elements in the test as shown in the diagrams below.
In an end-to-end configuration, the test system emulates the MNs and SIP traffic is generated towards the P-CSCF (the remote Network Host from the standpoint of the MN).
In a nodal configuration, the P-CSCF is isolated for testing. The test system emulates the MNs with the IP Application Node test case and the Network Host test case emulates the S-CSCF and the Media Server.
In order for an MN to successfully register with an IMS, it must be able to participate in IMS AKA and dynamically respond to authentication challenges as well as establish an IPSec SA with the P-CSCF. New tools have been added to the Data Message Flow and Message Editor windows that enable you to construct a SIP DMF that can correctly respond, on both the client and server sides, during the registration process.
The Security Options dialog allows you to define the MNs' private key, digest URI, and nonce information.
Message Flow Controls can trigger the calculation of a challenge response and the initiation of an IPSec connection.
Auto-Fill Fields capture and insert dynamic information specific to IMS as well as IP address and port information.
The flexibility of the DMF definition tools allows you to isolate other network elements in the IMS for testing as well. When the Security Gateway function is separated from the P-CSCF function, for example, you can design message flows that emulate the MNs and the P-CSCF as shown in the diagram below.