Security Services in IMS

Lehrstuhl für

UNIKASSEL Kommunikationstechnik

VERSITÄT Prof. Dr.-Ing. Klaus David

COMMUNICATIONS TECHNOLOGY (CT1)

Report on

Security Services in IMS (IP Multimedia Subsystem)

By

Hariharan, Priya - 24200190 Siddiqui Abbas Ali - 24200213

July 2005

1 Security Services in IMS

CONTENTS

1. ABSTRACT...... 3

2. MARKET TRENDS IN COMMUNICATION...... 4

2.1 What Customer and Operator needs?? ...... 5

3. IP MULTIMEDIA SUBSYSTEM (IMS)...... 6

3.1 Motivation for IP Multimedia Subsystem (IMS)...... 6

3.2 Definition of IP Multimedia Subsystem (IMS)...... 6

3.3 The IMS - Overview...... 6

4. SECURITY...... 8

4.1 Need for Security...... 8

4.2 Security Services in IMS...... 9

4.3 IMS Security Architecture...... 10

4.4 Access Security in IMS ...... 11 4.4.1 SIP Signaling Protection...... 11 4.4.2 Authentication for IMS Services ...... 11 4.4.3 Authentication Process in IMS ...... 14 4.4.4 Session Initiation Process in IMS ...... 15 4.4.5 SIP Signaling Protection...... 16 4.4.6 User within Home Network...... 17 4.4.7 User in Visited Network ...... 18

4.5 IMS HTTP-Access Security ...... 19

4.6 IMS – Network Domain Security...... 20

4.7 IMS Media Plane Security...... 22

5. CONCLUSION ...... 23

6. REFERENCES: ...... 24

2 Security Services in IMS

1. Abstract

Person-to-person mobile communication is undergoing a transformation that will see users sharing rich content like never before. Based on the technologies of IP Multimedia Subsystem (IMS) and Session Initiation Protocol (SIP), the mobile and Internet domains will merge, allowing users to access, create, consume and share digital content using interoperable devices. IMS enables services to be delivered in a standardized, well- structured way that truly makes the most of layered architecture. At the same time, it provides a future-proof architecture that simplifies and speeds up the service creation and provisioning process, while enabling legacy inter-working. The horizontal architecture of IMS enables operators to move away from vertical ‘stovepipe’ implementations of new services – eliminating the costly and complex traditional network structure of overlapping functionality for charging, presence, group and list management, routing and provisioning.

The Security issue is one of the essential for such a service. Security experts preach that hackers, software vandals, content pirates and other security threats will never be totally eliminated. The tools of the hackers' trade -- the viruses, worms and other assorted collections of malicious code—have a way of morphing and mutating into new forms and shapes. Since IMS is an open architecture, it is vulnerable to threats.

In this report, we have presented the present market trends in Communication, role of IMS and it’s overview, IMS security architecture & various security services in IMS.

3 Security Services in IMS

2. Market trends in Communication

More than 100 years ago, the telephone eliminated the obstacle of distance. The mobile phone came next, removing the obstacle of location. Today, telephony, mobility, and the Internet are converging.

Mobile phones were used initially for voice communications. With the invention of short message service (SMS), or text messaging, mobile services began to shift towards becoming increasingly data-based. Today, we are on the brink of having mobile communications as varied and powerful as our imagination.

Multimedia messaging - or MMS (Multimedia Messaging Service) - opens up the possibility of including much more than just text: images, graphics, and voice and audio clips.

Fig 1 Market Trends in Communication

User and enterprise needs will drive multimedia service evolution for both mobile and fixed operators. Users expect to be able to do more with their communications services, for less money, and are showing an interest in services beyond voice. They are attracted towards wide range of communications information and entertainment services in a user friendly and cost effective way. Users want access to the services wherever, whenever and however they want.

Technologies like broadband access, Voice over IP (VoIP) and wireless LAN

4 Security Services in IMS (WLAN, or WiFi) are reducing the entry barrier to new service providers in both the fixed and mobile communications worlds.

Today’s operators, therefore, need a way to make their services more appealing to users and to maintain their customer relationships and revenue flow. They need to make the best use of their current technology investments and embrace new ones –to create service packages that are easy and attractive for subscribers to use.

2.1 What Customer and Operator needs??

For Customer

¾ Rich user experience more broadband on move, communicate in real time using any combination of voice, video, picture & messages

¾ Convenience and ease of use interoperability between terminals & operators

¾ Safe Communication Free from middleware or malicious attacks, authorized access.

For Operator

¾ Expand service offerings and revenues

¾ Controlled subscriber and business relationships

¾ Service Interoperability for mass market services

5 Security Services in IMS

3. IP Multimedia Subsystem (IMS)

3.1 Motivation for IP Multimedia Subsystem (IMS)

• Enables rich communications combining multiple media or services • New IP-based services, easier & faster service creation and execution • Access independency, easier inter-working with the Internet • Services available over different access technologies • One network architecture for accommodating all services • Providing and requiring optimized Quality of Service • Smooth evolution from today’s networks and standards • Cost efficiency, evolution for current solutions • Openness: both specifications and (distributed) architecture

3.2 Definition of IP Multimedia Subsystem (IMS)

“The IP Multimedia Subsystem (IMS) is an IP multimedia and telephony core network that is defined by 3GPP and 3GPP2 standards and organizations based on IETF Internet protocols. IMS is access independent as it supports IP to IP session over wire-line IP, 802.11, 802.15, CDMA, packet data along with GSM/EDGE/UMTS and other packet data applications. IMS is a standardized reference architecture that consists of session control, connection control and an applications services framework along with subscriber and services data. * “

* [Adapted from Lucent IP Multimedia Subsystem Overview]

Some examples of IMS services are:

¾ Instant messaging - Peer to Peer messaging in real time ¾ Push to talk (PTT) - walkie talkie service ¾ Presence - dynamic profile of the user, visible to others and used to control services, information on personal status, terminal status, terminal capability, location, mood, personal logo ¾ Gaming – Peer to Peer or multiparty ¾ Rich Call

3.3 The IMS - Overview

IP-based systems offer network operators the opportunity to expand their services, integrating voice and multimedia communications and delivering them into new environments with new purposes. This is what the industry calls convergence, bringing multiple media, multiple points of access, and multiple modes of and purposes for communication together into a single network..

6 Security Services in IMS IMS carries signaling and bearer traffic over the IP layer, functioning as an intelligent ‘routing engine’ that matches a user profile with an appropriate call handling server and switches the call control over to the designated handler. IMS includes the capability to add, modify or delete sessions in an existing multimedia call, and extends the IP network all the way to the user equipment, enabling the core network to remain access agnostic. Each end-user can have a personalized experience involving simultaneous voice, data, and multimedia sessions.

IMS provides a very good fit with the user and operator requirements outlined in Section 2 and will therefore be the natural technology solution. It provides an open, standardized way of using horizontal, layered network architecture. Because IMS supports open service creation and third party applications and application servers, operators have the chance to customize services and applications for their own customers. Open service creation will give operators the tools to optimize IP multimedia services for local requirements. It will also allow them to develop their service concepts in co-operation with external application developers.

The IMS offers ability to offer service on packet networks whereby the network operator has awareness and control of the service. It uses IETF/SIP for call session control.

Fig 2 IMS Overview – Ref [1]

With the IP Multimedia Subsystem on the network, subscribers can control when and how they communicate. They can choose the most appropriate medium or combination of media—video, voice, text, images, or instant messages—all available simultaneously and in real time.

Some of the features of IMS are

• IMS (IP Multimedia Subsystem) used by UMTS for providing IP telecommunications • Supports voice telephony, live video streaming, instant messaging, etc. • Performs signaling operations using the Session Initiation Protocol (SIP) • Uses CSCF to provide multimedia services

7 Security Services in IMS 4. Security

4.1 Need for Security

The security breaches that have posed a constant threat to desktop computers over the last 10 years are migrating to the world of wireless communications where they will pose a threat to mobile phones, smart phones, personal digital assistants (PDAs), laptop computers and other yet-to-be invented devices that capitalize on the convenience of wireless communications. Unfortunately, protecting wireless communications and the applications that use this medium will be more difficult than securing desktop computer applications. Unlike wireless devices, desktop computers have limited and identifiable points of entry, and these entry points can be controlled and safeguarded. But with wireless communications, important and often vital information is often placed on a mobile device that is vulnerable to theft and loss. In addition, this information is frequently transmitted over the unprotected airwaves. Now, some new applications like mobile-commerce (m-commerce) require that this critical information be decrypted by a server somewhere in the communications chain before it is encrypted again and forwarded to its destination. Every point in the wireless communications chain where information is decrypted represents vulnerability in the security of the system.

Fig 3 Security & Threats – Ref[4]

Threats in the form of ...

¾ Destruction ¾ Corruption ¾ Removal ¾ Disclosure ¾ Interruption

Security

¾ Access control ¾ Authentication ¾ Data confidentiality ¾ Communication security ¾ Data integrity ¾ Availability

8 Security Services in IMS ¾ Privacy

4.2 Security Services in IMS

The Security services in IMS are divided as:

- IMS Control Plane security

o access security – protection against insertion, modification and replay of SIP messages o Network domain security – protection against eavesdropping of signaling information in SIP messages

- IMS media plane security

o Protection against eavesdropping of user traffic

9 Security Services in IMS 4.3 IMS Security Architecture

1 Figure 4 The IMS Security Architecture – Ref [12]

There are five different security associations and different needs for security protection for IMS and they are numbered 1,2, 3, 4 and 5 in figure 4 where:

1. Provides mutual authentication. The HSS (Home Subscriber Server) delegates the performance of subscriber authentication to the S-CSCF ( Serving-Call Session Control Function). However the HSS is responsible for generating keys and challenges. The long- term key in the ISIM (IP Multimedia Services Identity module) and the HSS is associated with the IMPI. (IP Multimedia Private Identity). The subscriber will have one (network internal) user private identity (IMPI) and at least one external user public identity (IMPU).

2. Provides a secure link and a security association between the UE (User Equipment) and a P-CSCF (Proxy-Call Session Control Function) for protection of the Gm reference point. Data origin authentication is provided i.e. the corroboration that the source of data received is as claimed

3. Provides security within the network domain internally for the Cx-interface.

4. Provides security between different networks for SIP capable nodes. This security association is only applicable when the P-CSCF resides in the VN (Visited Network) and if the P-CSCF resides in the HN then bullet point number five below applies

5. Provides security within the network internally between SIP capable nodes. Note that this security association also applies when the P-CSCF resides in the HN.

10 Security Services in IMS

4.4 Access Security in IMS

Definition:

Protection against insertion, modification and replay of SIP signaling

4.4.1 SIP Signaling Protection

Components Involved in SIP Signaling Protection

Call/Session Control Functions • P-CSCF(Proxy Call/Session Control Function) • I-CSCF(Interrogating Call/Session Control Function) • S-CSCF(Serving Call/Session Control Function) Breakout Gateway Media Resources

4.4.2 Authentication for IMS Services

Components Involved to Authenticate User

HSS (Home Subscriber Server) SLF (Subscriber Location Function) Call/Session Control Functions • P-CSCF(Proxy Call/Session Control Function) • I-CSCF(Interrogating Call/Session Control Function) • S-CSCF(Serving Call/Session Control Function)

Breakout Gateway Media Resources ISIM (IP Multimedia Services Identity Module) UICC (Universal Integrated Circuit Card) SIP (Session Initiation Protocol)

Proxy-Call/Session Control Function

A P-CSCF (Proxy-CSCF) is a SIP proxy that is the first point of contact for the IMS terminal. It can be located either in the visited network (in full IMS networks) or in the home network (when the visited network isn't IMS compliant yet). The terminal will discover its P-CSCF with either DHCP, or it's assigned in the PDP Context (in GPRS).

• it's assigned to a IMS terminal during registration, and does not change for the duration of the registration • it sits on the path of all signaling messages, and can inspect every message • it authenticates the user and establishes a IPsec security association with the IMS terminal. This prevents spoofing attacks and replay attacks and protects the

11 Security Services in IMS privacy of the user. Other nodes trust the P-CSCF, and do not have to authenticate the user again. • it can also compress and decompress SIP messages, which reduces the round-trip over slow radio links • it may include a PDF (Policy Decision Function), which authorizes media plane resources and manages quality of service (QoS) over the media plane. It's used for policy decisions, lawful interception, bandwidth management, etc ... The PDF can also be a separate function, for example in a Session Border Controller • it also generates charging towards a charging collection node

I-CSCF(Interrogating Call/Session Control Function)

An I-CSCF (Interrogating-CSCF) is a SIP proxy located at the edge of an administrative domain. Its IP address is published in the DNS records of the domain (using NAPTR and SRV), so that remote servers (e.g., a P-CSCF in a visited domain, or a S-CSCF in a foreign domain) can find it, and use it as an entry point for all SIP packets to this domain. The I-CSCF queries the HSS using the DIAMETER Cx and Dx interfaces to retrieve the user location, and then route the SIP request to its assigned S-CSCF. It can also be used to hide the internal network from the outside world (encrypting part of the SIP message), in which case it's called a THIG (Topology Hiding Interface Gateway).

S-CSCF (Serving Call/Session Control Function)

A S-CSCF (Serving-CSCF) is the central node of the signaling plane. It's a SIP server, but performs session control as well. It's always located in the home network. The S- CSCF uses DIAMETER Cx and Dx interfaces to the HSS to download and upload user profiles - it has no local storage of the user.

• it handles SIP registrations, which allows it to bind the user location (e.g. the IP address of the terminal) and the SIP address • it sits on the path of all signaling messages, and can inspect every message • it decides to which application server(s) the SIP message will be forwarded to, in order to provide their services • it provides routing services, typically using ENUM lookups • it enforces the policy of the network operator

Breakout Gateway

A BGCF (Breakout Gateway Control Function) is a SIP server that includes routing functionality based on telephone numbers. It's only used when calling is from the IMS to a phone in a circuit switched network, such as the PSTN or the PLMN.

Media Resources

A MRF (Media Resource Function) provides a source of media in the home network. It's used to play announcements, mix media streams, trans-code between different codec’s, etc... Each MRF is further divided into :

12 Security Services in IMS • A MRFC (Media Resource Function Controller) is a signaling plane node that acts as a SIP User Agent to the S-CSCF, and which controls the MFRP with a H.248 interface • A MRFP (Media Resource Function Processor) is a media plane node that implements all media-related functions.

HSS (Home Subscriber Server)

The HSS (Home Subscriber Server) is a user database that stores user profiles, and performs authentication and authorization of the user. It's similar to the GSM HLR and AUC.

SLF ( Subscriber Location Function)

A SLF (Subscriber Location Function) is needed when multiple HSSs are used. Both the HSS and the SLF implement the DIAMETER protocol (Cx, Dx and Sh interfaces).

ISIM (IP Multimedia Services Identity Module)

IP Multimedia Services Identity Module (ISIM) is an application residing on the Universal Integrated Circuit Card (UICC), which is physically secure device that can be inserted and removed from UE. There may be one or more applications in the UICC. The ISIM itself stores IMS-specific subscriber data mainly provisioned by an IMS operator. The stored data can be divided into six groups. Most of the data are needed when a user performs an IMS registration.

Fig 5 ISIM - Ref [13]

UICC (Universal Integrated Circuit Card)

ISIM resides in this Universal Integrated Card, it is physically secure device that could be inserted and removed from User Equipment.

13 Security Services in IMS 4.4.3 Authentication Process in IMS

Fig 6 Authentication in IMS

As shown in above fig, on the UICC the ISIM resides and responsible for generation of many keys which is required to communicate with IMS. AKA (Authentication and Key Agreement Module) resides in ISIM, and accept some parameters and generate the resultant in form of different keys, Session Key is one of the key generated by ISIM.

UE can use this session Key to communicate with IMS, and the first point to communicate with IMS is P-CSCF, it will authenticate the user and will transfer the control to further SIP servers like I-CSCF and S-CSCF, as I-CSCF is a first point of administrative domain of IMS, it is used to encrypt the SIP message so the communication could be more secure within IMS. After all this process user can be able to use the services of IMS.

The scheme for authentication and key agreement in the IMS is called IMS AKA. The IMS AKA achieves mutual authentication between the ISIM and the HSS.

The HSS shall choose the IMS AKA scheme for authenticating an IM subscriber. The security parameters e.g. keys generated by the IMS AKA scheme are transported by SIP. The AKA vectors will be fetched from Home Subscriber Server and user will be checked by specific generated keys by ISIM and if user data will be found in HSS it will be Authenticated to use the Services of IMS.

14 Security Services in IMS 4.4.4 Session Initiation Process in IMS

Fig 7 IP Multimedia SIP registration - Ref[8]

1. Here in fig 7, SIP registration request sent by UE(User Equipment), it will be transferred to first entry point within IMS to P-CSCF (Proxy-Call/Session Control Function).

2. After inspecting SIP message and to perform tasks to build up IP security, the message will be transferred to I-CSCF (Interrogating-Call/Session Control Function).

3& 4. I-CSCF will communicate to the HSS (Home Subscriber Server) to get user data to authenticate the user.

5&6. I-CSCF will check out which kind of services can be provided to this user and what are the requirements for these services.

7. The control will be forwarded to S-CSCF (Serving-Call/Session Control Function)

8&9. S-CSCF will request HSS to provide the updated information of user so, it can know the current location and profile of user.

10. 200 is the response which shows the success of authentication, will be forwarded to I-CSCF back, after all necessary tasks performed by S-CSCF.

11. I-CSCF will give the same positive reply to P-CSCF.

12. It will be transferred to User Equipment with the successful authentication of user and Session will be generated between UE and IMS

15 Security Services in IMS

4.4.5 SIP Signaling Protection

Integrity Mechanism

IPsec ESP (Encapsulating Security Payload) shall provide integrity protection of SIP signalling between the UE and the P-CSCF, protecting all SIP signalling messages at the IP level. IPSec ESP general concepts on Security Policy management, Security Associations and IP traffic processing shall also be considered. ESP integrity shall be applied in transport mode between UE and P-CSCF.

The method to set up ESP security associations (SAs) during the SIP registration procedure as a result of an authenticated registration procedure, two pairs of unidirectional SAs between the UE and the P-CSCF, all shared by TCP and UDP, shall be established in the P-CSCF and later in the UE. One SA pair is for traffic between a client port at the UE and a server port at the P-CSCF and the other SA is for traffic between a client port at the P-CSCF and a server port at the UE.

The integrity key IKESP is the same for the two pairs of simultaneously established SAs. The integrity key IKESP is obtained from the key IKIM established as a result of the AKA procedure, using a suitable key expansion function. This key expansion function depends on the ESP integrity algorithm.

The integrity key expansion on the user side is done in the UE. The integrity key expansion on the network side is done in the P-CSCF.

Hiding mechanisms

The Hiding Mechanism is optional for implementation. All I-CSCFs in the HN shall share the same encryption and decryption key. If the mechanism is used and the operator policy states that the topology shall be hidden the I-CSCF shall encrypt the hiding information elements when the I-CSCF forwards SIP Request or Response messages outside the hiding network’s domain.

16 Security Services in IMS 4.4.6 User within Home Network

Fig 8 User in Home Network - Ref [12]

Fig showing the Subscriber within his own Home Network. The first contact point within IMS by UE will be P-CSCF of the Home network.

After performing the necessary tasks by P-CSCF the control will be transferred to I- CSCF of the same Network (Home Network).

And the further process will be done for the authenticate the user and initiate the session between user and IMS

17 Security Services in IMS

4.4.7 User in Visited Network

Fig 9 User in Visited Network – Ref [12]

Fig 9 showing the Subscriber within visited Network. The first contact point within IMS by UE will be P-CSCF of the Visited Network.

After performing the necessary tasks by P-CSCF the control will be transferred to I- CSCF of the User’s Home Network.

And the further process will be done for the authenticate the user and initiate the session between user and IMS.

18 Security Services in IMS

4.5 IMS HTTP-Access Security

The use of HTTP within IMS for various Service-Related purposes, confirms the access security for HTTP services. Many solutions and suggestions has been proposed to solve security problem in IMS.

Proposal given by Nokia to provide security to the HTTP is shown here.

Fig 10 HTTP-Access Security - Ref [2]

By using the Authentication Proxy (AP) it is possible to authenticate UE on behalf of all Application services, based on AKA protocol. Only one HTTP security association is created between UE and Authentication Proxy.

UE shall be able to initiate an HTTP session. In this case, user authentication is performed between UE and AP using AKA over HTTP Digest, so the user does not need to have any password-like in the original design of HTTP Digest. Authentication Vectors (AV) for HTTP connection can be fetched from the HSS to the Authentication Proxy via Diameter based interface similar to the Cx interface .Re-use of the IMS authentication scheme can simplify the implementation in UE and Application servers. Also the sequence number management of AKA protects against replay attack.

This solution does not require registration of UE to the IMS before accessing to some Application Server, if this service requires HTTP transport only. This independence also allows operators to add Application service later on the top of existing IMS.

19 Security Services in IMS

4.6 IMS – Network Domain Security

Network Domain Security for IP- based protocols is based on IPsec and offers the same set of security services as IPsec. IPsec has two different security protocols. Authentication header (AH) and Encapsulating Security Payload (ESP). AH provides integrity/message authentication while ESP provides both integrity/message authentication and confidentiality. For the confined domain in the UMTS core network some simplification is made in the IPsec. For NDS/IP, it is clear that confidentiality is essential requirement and it cannot be met by AH. Hence only ESP is used and it is operated in Tunnel mode.

The tunnel mode is an IPsec mode that provides protection for the whole of the original IP packet. This is used between the security gateways.

The NDS/IP architecture would have Security Gateways (SEGs) between security domains, the tunnel mode is a necessary requirement of the NDS/IP architecture.

Fig 12 IMS Control Plane – Network Domain Security – Ref [1]

Services provided by NDS/IP

• Connectionless data integrity • Connectionless data integrity • Replay protection • Data origin authentication • Data confidentiality for the whole original IP packet • Limited protection against traffic flow analysis when confidentiality is applied

The NDS/IP is specified in the network layer and hence the protection for the new IP protocols is achieved cost free.

20 Security Services in IMS

NDS/IP Architecture

The NDS/IP consists of two interfaces and a Security Gateway (SEG) node. The two interfaces are

The Za interface between the SEGs The Zb interface between domains

Fig 13 Overview of NDS/IP architecture – Ref[3]

Za interface is between the Security Gateways. The SEG is placed next to the Za interface boundary and are responsible for enforcing the security policies of the security domain.

The Zb interface is an optional interface between the network elements within one security domain. Within the intra domain, every element can communicate with the other element directly. The Za interface is restricted to use only ESP and tunnel mode, whereas this does not apply to Zb interface since there is no roaming issues in Zb interface. Hence, the security policy of the Zb interface can be framed by the security domain administration.

For the inter-domain, all packets should be sent via SEG to the external destination. Consider the case that the packet has to be sent from NEA2 to NEB1. For such a case, the packet is transmitted from NEA2 to SEGA, SEGA will forward the packet to SEGB and finally the packet is forwarded to its destination NEB1. Thus in security point of view, it makes lot of sense to restrict external access to a limited set of gateways.

21 Security Services in IMS

4.7 IMS Media Plane Security

Access Link Media Plane Security

• 3GPP standard does not currently provide any support for “IMS Level” Media Plane Security

• Confidentiality of user traffic on the IMS media plane relies on Security Mechanisms offered by the bearer Network.

End-To-End Media Plane Security

• Availability of end-to-end SIP based signalling channel in IMS introduces opportunities to end-to-end security to be provided

• Mechanism for key management and establishment of end-to-end security associations could be integrated into SIP

• End-To-End encryption methods depends on the type of IMS Traffic/Service

22 Security Services in IMS

5. Conclusion

The hacking and other security threats cannot be defeated in the sense that they will never be totally eliminated. But individual security threats can be foiled by innovative and powerful security counter-measures. For mobile wireless communications devices that means identifying the vulnerabilities, adopting a security strategy that takes into account all possible weaknesses, and deploying an architecture that's powerful enough to defeat today's threats yet adaptable enough to meet head-on the unimagined threats of tomorrow.

23 Security Services in IMS

6. References:

1. “Security Issues for future mobile communications” - http://www.iee.org/OnComms/PN/communications/01%20- %20Mike%20Walker%20presentation.pdf

3. “HTTP Security” - http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_25_Munich/Docs/PDF/S3 -020528.pdf

4. “ An evolved UMTS Network Domain Security” - http://www.telenor.com/rd/pub/not02/N_28_2002.pdf

5. “Next Generation Network Security” – a. http://www.itu.int/ITU-T/worksem/ngn/200505/presentations/s5-tu.pdf

6. “3GPP – Security and Authentication” - http://www.softarmor.com/sipping/meets/ietf51/slides/SIPPING_IETF51_3GPP_ security_final.ppt

7. “IP Multimedia – A new era in Communications”- http://www.nokia.com/BaseProject/Sites/NOKIA_MAIN_18022/CDA/Categories /Operators/MobileOperators&ServiceProviders/MobileNetworks/IntelligentEdge/ _Content/_Static_Files/ip_multimedia_new_era_in_communications.pdf

8. “One Pass GPRS and IMS Authentication Procedure for UMTS”- http://www.cs.odu.edu/~fmccown/classes/mobile_computing

9. “Development of IP Multimedia Services & Architecture standards for 3G networks” - http://websrv2.tekes.fi/opencms/opencms/OhjelmaPortaali/Kaynnissa/NETS/fi/D okumenttiarkisto/Viestinta_ja_aktivointi/Seminaarit/NETS_1a/Mikko_Puuskari.p df

10. “UMTS Security and role of PKI”- http://www.eurescom.de/~pub/seminars/past/2001/SecurityFraud/11- Niemi/tsld024.htm

11. “IMS – IP Multimedia Subsystem” - http://www.ericsson.com/products/white_papers_pdf/ims_ip_multimedia_subsyst em.pdf

12. “Motorola IP Multimedia Subsystem” - http://www.motorola.com/networkoperators/pdfs/new/IMS-WhitePaper.pdf

24 Security Services in IMS 13. “3G Security, Access Security for IP Based Services, Release 5” - http://www.arib.or.jp/IMT-2000/V440Mar05/2_T63/ARIB-STD- T63/Rel5/33/A33203-590.pdf

14. The IMS and concepts in the mobile domain (wiley) by Miikka Poikselkä

25