Extending the Authentication Mechanism in IP Multimedia Subsystems for Universal Mobile Telecommunication system

Abstract

IP multimedia subsystem (IMS) is an emerging platform for provisioning multimedia services (e.g., data, voice, and video) in 4G/5G networks. IMS authentication is an important procedure which grants legitimate users to access multimedia services. However, periodic re-authentication of mobile users results in significant signaling traffic overhead due to complete execution of hectic procedure. Moreover, signaling protocol such as SIP overlooks user’s confidentiality by leaving unprotected public and private identities. In IMS each user entering from another network like UMTS or VOLTE has to authenticate itself. However, it already passed through the same authentication process in its own network. Therefore, IMS core entities are affected by high signaling that could be a source of congestion. . The Session Initiation Protocol (SIP) is used in IMS to establish and manage sessions. It is easy for a hacker to attack IMS with flooding SIP messages. However, IMS does not provide any functions to prevent such kind of attacks. This research presents a secure aauthentication protocol (SAP) which creates a secure channel through the deployment of KMC (Key Management Center) for transmitting user identities; ECC (Elliptic curve cryptography) is used for key generation that provides reduced encryption and decryption time than existing schemes for IMS. FAP strives to minimize signaling overhead of periodic re-authentications. Once a user completes authentication, FAP grants a valid ticket for a particular time which can be used for subsequent re-authentications until it expires. This research introduce a header in SIP to hold the ticket. This research employ protocol composition logic for formal modeling and verification of SAP. The performance of SAP, FAP is validated through FOKUS IMS test bed. The results demonstrate the performance appraisal of FAP compared to other contemporary schemes in terms of signaling overhead, bandwidth consumption and response time. This research presents a Low congestion and Certificate based One-pass Authentication Protocol (COAP) that avoids duplication of authentication steps and makes its authentication efficient through the use of digital certificates. An authenticated user is allotted a certificate to restrict the repetition of complete authentication procedure until the certificate expires. COAP results in reduction of signaling traffic, which eliminates v the congestion problem, it also reduces bandwidth and delivery cost which make this scheme more efficient in terms of bandwidth consumption. An intrusion detection system is designed where a pair of subsystems is working, one is spoofing detection and prevention subsystem and other is flooding detection and prevention subsystem. A zero-watermarking scheme detects the spoofing attack.Watermark embedding is done by the original author and extraction done later by KMC to prove ownership. The flooding detection system is working on misuse rules and anomaly detection algorithms which provide successful detection and prevention for IMS and VOLTE environment. The results has shown that better than other schemes it is compared to i.e. when the no of requests are 30 the detection rate is 90.19 however, when no of request are 40 the accuracy rate of the proposed scheme is 100 percent.