Implementing a secured IMS-based Identity exchange
Hay, Caroline; Dhima, Gerti (2010)
Hay, Caroline
Dhima, Gerti
2010
Tieto- ja sähkötekniikan tiedekunta
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2010-10-06
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201102011030
https://urn.fi/URN:NBN:fi:tty-201102011030
Tiivistelmä
With the continuous development of telecommunications, networking and the ubiquitous computing the necessity of higher bandwidth and better quality of services is always one of the most important user requirements. In this background, IP Multimedia Subsystem (IMS) is becoming very important for the Next Generation Networking (NGN) and all-Internet Protocol (all-IP) infrastructure. This new tendency provides opportunities for new operators and service providers to enter the market and to be competitive. These developments will generate new challenges related to the user identity assurance. It will be more difficult to rely on the old paradigms of the static operator relationships guaranteeing end-to-end the identity of the users. In this case there is crucial need to find new mechanisms to provide to the end points assurance about the identity of their counterparts.
In this work we implemented a solution that establishes a trust between two end points by taking advantage of IMS in a roaming scenario where the visited access network may not be entirely trustworthy. In essence, this means establishing an identity association so that the parties can have operator provided assurance regarding the used identities. This allows local trust decisions and does not rely on the existence of global Public Key Infrastructure (PKI).
Concretely in this work we have modified the Session Initiation Protocol (SIP) “INVITE” messages by adding new SIP headers such as the identity and the signature of the SIP entities taking part in a multimedia conversation. Every SIP entity has to add its own identity and signature and also has to verify those of its counterparts in a typical SIP “INVITE” exchange.
By this work we show that establishing this kind of identity association is feasible but some scalability issues have to be taken into account such as the time delay or the size of the new messages. In order to accomplish this master thesis work, we have used the Open Source IMS Core (OSIMS) platform developed by FOKUS, SailFin project as the Application Server (AS) and IMS Communicator as the IMS client. /Kir11
In this work we implemented a solution that establishes a trust between two end points by taking advantage of IMS in a roaming scenario where the visited access network may not be entirely trustworthy. In essence, this means establishing an identity association so that the parties can have operator provided assurance regarding the used identities. This allows local trust decisions and does not rely on the existence of global Public Key Infrastructure (PKI).
Concretely in this work we have modified the Session Initiation Protocol (SIP) “INVITE” messages by adding new SIP headers such as the identity and the signature of the SIP entities taking part in a multimedia conversation. Every SIP entity has to add its own identity and signature and also has to verify those of its counterparts in a typical SIP “INVITE” exchange.
By this work we show that establishing this kind of identity association is feasible but some scalability issues have to be taken into account such as the time delay or the size of the new messages. In order to accomplish this master thesis work, we have used the Open Source IMS Core (OSIMS) platform developed by FOKUS, SailFin project as the Application Server (AS) and IMS Communicator as the IMS client. /Kir11