About IMS Testing


The IP Multimedia Subsystem (IMS) gives service providers the ability to securely deliver IP multimedia services to their subscribers while maintaining full control over access to those services. The IMS Security Testing feature, in conjunction with the Advanced Data and Dynamic IPSec features, allows you to test the network elements that are responsible for controlling access to the IMS.

 

After an MN has successfully joined a provider network (Access Network), it can attempt to register with the IMS and partake in IMS services. The Session Initiated Protocol (SIP) is used for IMS session control, and the Session Description Protocol (SDP) is used within SIP to describe the conditions required for content delivery. The following IMS network elements are involved in security, access control, and Call Session Control Function (CSCF) session management. Other functions performed by the elements such as QOS management, policy enforcement, and interaction with the network's accounting functions are beyond the scope of security testing.

Test Support

The IMS Security Testing feature can be used with any data-capable test case. When it is used with a CDMA2000, GPRS, or UMTS test case, for example, you can test the access network elements as well as IMS network elements. When it is used with the IP Application Node test case, you can isolate IMS network elements in the test as shown in the diagrams below.

In an end-to-end configuration, the test system emulates the MNs and SIP traffic is generated towards the P-CSCF (the remote Network Host from the standpoint of the MN).

In a nodal configuration, the P-CSCF is isolated for testing. The test system emulates the MNs with the IP Application Node test case and the Network Host test case emulates the S-CSCF and the Media Server.

In order for an MN to successfully register with an IMS, it must be able to participate in IMS AKA and dynamically respond to authentication challenges as well as establish an IPSec SA with the P-CSCF. New tools have been added to the Data Message Flow and Message Editor windows that enable you to construct a SIP DMF that can correctly respond, on both the client and server sides, during the registration process.

The flexibility of the DMF definition tools allows you to isolate other network elements in the IMS for testing as well. When the Security Gateway function is separated from the P-CSCF function, for example, you can design message flows that emulate the MNs and the P-CSCF as shown in the diagram below.