Abstract:
IP multimedia subsystem (IMS) is an emerging platform for provisioning multimedia
services (e.g., data, voice, and video) in 4G/5G networks. IMS authentication is an
important procedure which grants legitimate users to access multimedia services.
However, periodic re-authentication of mobile users results in significant signaling traffic
overhead due to complete execution of hectic procedure. Moreover, signaling protocol
such as SIP overlooks user’s confidentiality by leaving unprotected public and private
identities. In IMS each user entering from another network like UMTS or VOLTE has to
authenticate itself. However, it already passed through the same authentication process in
its own network. Therefore, IMS core entities are affected by high signaling that could be
a source of congestion. . The Session Initiation Protocol (SIP) is used in IMS to establish
and manage sessions. It is easy for a hacker to attack IMS with flooding SIP messages.
However, IMS does not provide any functions to prevent such kind of attacks.
This research presents a secure aauthentication protocol (SAP) which creates a secure
channel through the deployment of KMC (Key Management Center) for transmitting user
identities; ECC (Elliptic curve cryptography) is used for key generation that provides
reduced encryption and decryption time than existing schemes for IMS. FAP strives to
minimize signaling overhead of periodic re-authentications. Once a user completes
authentication, FAP grants a valid ticket for a particular time which can be used for
subsequent re-authentications until it expires. This research introduce a header in SIP to
hold the ticket. This research employ protocol composition logic for formal modeling and
verification of SAP. The performance of SAP, FAP is validated through FOKUS IMS test
bed. The results demonstrate the performance appraisal of FAP compared to other
contemporary schemes in terms of signaling overhead, bandwidth consumption and
response time.
This research presents a Low congestion and Certificate based One-pass Authentication
Protocol (COAP) that avoids duplication of authentication steps and makes its
authentication efficient through the use of digital certificates. An authenticated user is
allotted a certificate to restrict the repetition of complete authentication procedure until
the certificate expires. COAP results in reduction of signaling traffic, which eliminates
v
the congestion problem, it also reduces bandwidth and delivery cost which make this
scheme more efficient in terms of bandwidth consumption.
An intrusion detection system is designed where a pair of subsystems is working, one is
spoofing detection and prevention subsystem and other is flooding detection and
prevention subsystem. A zero-watermarking scheme detects the spoofing
attack.Watermark embedding is done by the original author and extraction done later by
KMC to prove ownership. The flooding detection system is working on misuse rules and
anomaly detection algorithms which provide successful detection and prevention for IMS
and VOLTE environment. The results has shown that better than other schemes it is
compared to i.e. when the no of requests are 30 the detection rate is 90.19 however, when
no of request are 40 the accuracy rate of the proposed scheme is 100 percent.