Ghost Calls from Operational 4G Call Systems: IMS Vulnerability, Call Dos A￿ack, and Countermeasure

Total Page:16

File Type:pdf, Size:1020Kb

Ghost Calls from Operational 4G Call Systems: IMS Vulnerability, Call Dos A￿ack, and Countermeasure Ghost Calls from Operational 4G Call Systems: IMS Vulnerability, Call DoS Aack, and Countermeasure Yu-Han Lu, Chi-Yu Li, Yao-Yu Tian Xie, Guan-Hua Tu Wei-Xun Chen Li, Sandy Hsin-Yu Hsiao Department of Computer Science Department of Computer Science Department of Computer Science and Engineering College of Computer Science College of Computer Science Michigan State University National Chiao Tung University National Chiao Tung University East Lansing, Michigan, USA Hsinchu, Taiwan Hsinchu, Taiwan ABSTRACT 90 percent of combined 4G and 5G subscriptions. Undoubtedly, the IMS (IP Multimedia Subsystem) is an essential framework for pro- IMS system will play a decisive role for future call services. viding 4G/5G multimedia services. It has been deployed worldwide VoWi-Fi extends the reach of the IMS call service, yet with a to support two call services: VoLTE (Voice over LTE) and VoWi-Fi larger attack surface than conventional voice solutions. Its software- (Voice over Wi-Fi). VoWi-Fi enables telephony calls over the Wi-Fi based framework is barely hardened by existing hardware-based network to complement VoLTE. In this work, we uncover that the security from the telecom modem. It may suer, when an adversary VoWi-Fi signaling session can be hijacked to maliciously manipu- gets full control over the phone OS (e.g., root access). As VoWi-Fi late the IMS call operation. An adversary can easily make ghost still follows the same security principle as VoLTE, we are interested calls to launch a stealthy call DoS (Denial of Service) attack against in whether VoWi-Fi may imperil the IMS ecosystem. Once it can specic cellular users. Only phone numbers, but not any malware be breached, the IMS may be exposed to security threats. or network information, are required from the victims. This so- In this work, we rst discover a vulnerability of VoWi-Fi, no phisticated attack harnesses a design defect of the IMS call state app-level data-origin authentication; threateningly, it allows the machine, but not simply ooding or a crash trigger. To stealthily adversary to arbitrarily manipulate the IMS call operation. Such detect attackable phones at run time, we exploit a vulnerability of vulnerability lies in the fact that the standard design treats the the 4G network infrastructure, call information leakage, which we device as one entity of security associations in the Internet protocol explore using machine learning. We validate these vulnerabilities security (IPSec) protection over IMS services. Its security principle in operational 4G networks of 4 top-tier carriers across Asia and is to keep security parameters inside the phone, but not the IMS North America countries with 7 phone brands. Our result shows app that runs VoWi-Fi. Once the phone is compromised, they can be that the call DoS attack can prevent the victims from receiving easily leaked. This vulnerability leads us to disclose that hijacking incoming calls up to 99.0% time without user awareness. We nally the VoWi-Fi signaling session is possible, and it allows the adversary propose and evaluate recommended solutions. to interact with the IMS system on a per-message basis. We further identify two IMS vulnerabilities based on the hijack- CCS CONCEPTS ing: no prohibition of concurrent call attempts and abusing reliability of provisional responses. They root in an operational aw from carri- • Networks → Mobile and wireless security; Application layer ers and a design defect of the standard, respectively. By exploiting protocols; • Security and privacy → Denial-of-service attacks. them, the adversary can make ghosts calls to launch a stealthy call DoS (Denial of Service) attack against specic cellular users. Only 1 INTRODUCTION phone numbers, but not any malware or network information, are IMS (IP Multimedia Subsystem) is the designated core system required from the victims. We conduct experimental validation in for call services in the 4G/5G era. It has oered two call services: operational 4G networks of 4 top-tier carriers across Asia and North VoLTE (Voice over LTE) and VoWi-Fi (Voice over Wi-Fi). VoLTE is America countries with 7 phone brands. Note that we take a respon- an essential voice solution for the 4G LTE network, to supersede sible manner that prevents carriers and cellular users from being the legacy 2G/3G call services. VoWi-Fi complements VoLTE for the hurt in all the tests. We neither try to overwhelm the IMS system areas with poor cellular signals by enabling telephony calls over the by ooding data trac, nor attempt to crash it using malformed Wi-Fi network. An Ericsson report [17] shows that the number of signaling messages. We always use our own phones as the victims. their subscriptions is projected to reach 6 billion in 2024 for around However, this attack works for only VoLTE and VoWi-Fi users in the same carrier network as the adversary. Given a target phone Permission to make digital or hard copies of all or part of this work for personal or number, the phone may have only the 3G call service, temporarily classroom use is granted without fee provided that copies are not made or distributed for prot or commercial advantage and that copies bear this notice and the full citation handover from 4G to 3G, or belong to another dierent carrier. In on the rst page. Copyrights for components of this work owned by others than ACM these states, the phone may play ringtone under the attack, thereby must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, making its user aware. We thus introduce a stealthy detection to post on servers or to redistribute to lists, requires prior specic permission and/or a fee. Request permissions from [email protected]. method that can remotely detect attackable phones at run time. MobiCom ’20, September 21–25, 2020, London, United Kingdom We leverage machine learning (ML) to explore signaling message © 2020 Association for Computing Machinery. features available for the runtime detection and then integrate ACM ISBN 978-1-4503-7085-1/20/09...$15.00 https://doi.org/10.1145/3372224.3380885 the feature-based detection into the attack. Our attack evaluation shows that the victims can suer from call DoS up to 99.0% time 4G LTE Core Network under the attack without awareness. We nally propose a suite of Mobility recommended solutions and conrm their eectiveness based on a S-GW Management Entity prototype. This paper makes four contributions as follows. LTE Base Authentication Station P-GW Server UE We identify three vulnerabilities from VoWi-Fi and the IMS Internet ePDG IMS Core • system. They can be exploited to hijack the VoWi-Fi signaling Wi-Fi AP session and maliciously manipulate the IMS call operation. Figure 1: 4G LTE network architecture with VoWi-Fi. We validate them experimentally and analyze root causes. We devise a stealthy call DoS attack by exploiting the vul- • nerabilities. It is further advanced to an adaptive multi-layer 2.2 Exposure of IMS Potential Vulnerabilities DoS attack that maximizes call DoS durations. VoWi-Fi has a larger attack surface than conventional cellular We apply ML into exploring a vulnerability of the 4G network • voice solutions. It keeps service operation and security functions infrastructure, call information leakage, which enables remote in the software including the IMS app and mobile OS, but the detection of a phone’s call technology and state. It can assist conventional ones hide full (e.g., CS-based) or part of them (e.g., in stealthily detecting attackable phones at run time. VoLTE [31, 33]) within the hardware modem. Its software frame- We validate the vulnerabilities and assess attack impact in • work may create more exploitable vulnerabilities. Specically, the operational 4G networks. We conrm them as general threats adversary can easily learn service operation from collected packet by covering 4 top-tier carriers across Asia and North America traces [54], and may steal security parameters from the software or countries with 7 phone brands in our experiments. the delivery path from the SIM card to the IMS app (e.g., extracting The rest of the paper is organized as follows. Section 2 presents security keys with a snier, SIMTrace [18]). Such vulnerabilities the attack surface and model. In Section 3, we disclose vulnerabili- may allow the adversary to directly interact with the IMS core. ties of VoWi-Fi and IMS call technologies. We propose a stealthy call It is threatening that VoWi-Fi may cause the IMS potential vul- DoS attack and advance it with ML in Sections 4 and 5, respectively. nerabilities, which were hidden by conventional IMS-based services, We present solution, discussion, and related work in Sections 6, 7, to be exposed. Once the adversary can gain ne-grained interaction and 8, respectively. Section 9 concludes the paper. with the IMS on the exchange of signaling messages, any design defects of its call ow procedure or state machine may be exploited to launch attacks. Such exploitation is not possible by abusing con- 2 VOWI-FI: NEW ATTACK SURFACE ventional telephony APIs, which support only coarse-grained call 2.1 VoWi-Fi Primer operation. We look into this security threat using VoWi-Fi and seek to answer the following three questions. VoWi-Fi is a cellular voice service that enables cellular calls over Can the hijacking of the VoWi-Fi signaling session be com- Wi-Fi networks. Its service ow diers from conventional cellular • pletely prevented by its mandatory IPSec integrity protection voice solutions, VoLTE and circuit-switched (CS) call services. Fig- and the IPSec tunnel of its non-3GPP access? ure 1 shows the 4G LTE network architecture with VoWi-Fi support. Does the IMS restrict the IMS app to normal call operation? If The UE (User Equipment) consumes the VoWi-Fi service by con- • not, the adversary may be allowed to make any call attempts necting to the core network through the Wi-Fi AP and the Internet, arbitrarily or ghost calls by manipulating the delivery of SIP but has the conventional ones through the LTE base station.
Recommended publications
  • Quicksec for IMS Robust Ipsec Security for the IP Multimedia Subsystem
    QuickSec for IMS Robust IPsec Security for the IP Multimedia Subsystem The IP Multimedia Subsystem (IMS) is an architectural framework that enables carriers to offer premium services, such as video and voice over IP (VoIP) to desktops and next-generation mobile devices. With carrier adoption of an IP-based Benefi ts infrastructure comes increased vulnerability to a new set of security threats. New attacks Massive Scalability to meet targeting signaling and billing data make demands for throughput IMS implementations, new services, and in GW use premium content susceptible to billing fraud, unauthorized use of services, and denial of Small Footprint and Deterministic service attacks. Memory Allocation in client use In order to protect sensitive call setup and billing data from interception and manipulation, IMS-specifi c API’s for fast and the 3GPP and 3GPP2 recommend the use of easy integration IPsec to provide robust integrity, confidentiality, and authentication. SafeNet provides a complete Inter-Networking Security Nested Tunnels with support for IMS security solution for telecom equipment To protect traffic between networks and IPv4 and IPv6 manufacturers looking to build robust IPsec- implement network domain security (NDS), based security into network gateways and user carriers deploy Security Gateways (SEG) at the Handset and Gateway equipment. edge of the security domains. cryptographic offl oad, for greater throughput, massive scalability, IMS Security Solution QuickSec for IMS provides a massively scalable CPU conservation and increased security solution to handle the most demanding QuickSec for IMS delivers the advanced levels battery life throughput and reliability requirements. of protection, reliability, and performance mandated by OEM vendors and industry Complementary Security Products Security designed specifi cally for standards.
    [Show full text]
  • ETSI TS 187 003 V1.7.1 (2008-02) Technical Specification
    ETSI TS 187 003 V1.7.1 (2008-02) Technical Specification Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Security; Security Architecture 2 ETSI TS 187 003 V1.7.1 (2008-02) Reference RTS/TISPAN-07024-NGN-R1 Keywords architecture, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media.
    [Show full text]
  • IMS Profile for Converged IP Communications Version 5.0 29 May 2018
    GSM Association Non-confidential Official Document NG.102 - IMS Profile for Converged IP Communications IMS Profile for Converged IP Communications Version 5.0 29 May 2018 This is a Non-binding Permanent Reference Document of the GSMA Security Classification: Non-confidential Access to and distribution of this document is restricted to the persons permitted by the security classification. This document is confidential to the Association and is subject to copyright protection. This document is to be used only for the purposes for which it has been supplied and information contained in it must not be disclosed or in any other way made available, in whole or in part, to persons other than those permitted under the security classification without the prior written approval of the Association. Copyright Notice Copyright © 2018 GSM Association Disclaimer The GSM Association (“Association”) makes no representation, warranty or undertaking (express or implied) with respect to and does not accept any responsibility for, and hereby disclaims liability for the accuracy or completeness or timeliness of the information contained in this document. The information contained in this document may be subject to change without prior notice. Antitrust Notice The information contain herein is in full compliance with the GSM Association’s antitrust compliance policy. V5.0 Page 1 of 26 GSM Association Non-confidential Official Document NG.102 - IMS Profile for Converged IP Communications Table of Contents 1 Introduction 4 1.1 Overview 4 1.2 Relationship to Existing
    [Show full text]
  • Security Services in IMS
    Security Services in IMS Lehrstuhl für UNIKASSEL Kommunikationstechnik VERSITÄT Prof. Dr.-Ing. Klaus David COMMUNICATIONS TECHNOLOGY (CT1) Report on Security Services in IMS (IP Multimedia Subsystem) By Hariharan, Priya - 24200190 Siddiqui Abbas Ali - 24200213 July 2005 1 Security Services in IMS CONTENTS 1. ABSTRACT................................................................................................................ 3 2. MARKET TRENDS IN COMMUNICATION.............................................................. 4 2.1 What Customer and Operator needs?? ..................................................................................................... 5 3. IP MULTIMEDIA SUBSYSTEM (IMS)....................................................................... 6 3.1 Motivation for IP Multimedia Subsystem (IMS)....................................................................................... 6 3.2 Definition of IP Multimedia Subsystem (IMS).......................................................................................... 6 3.3 The IMS - Overview................................................................................................................................. 6 4. SECURITY..................................................................................................................... 8 4.1 Need for Security...................................................................................................................................... 8 4.2 Security Services in IMS.........................................................................................................................
    [Show full text]
  • New Security Threats Caused by IMS-Based SMS Service in 4G LTE Networks
    New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks ∗ ∗ Guan-Hua Tu Chi-Yu Li Chunyi Peng Michigan State University, National Chiao Tung Ohio State University East Lansing, MI, USA University, Columbus, OH, USA [email protected] Hsinchu City, Taiwan [email protected] [email protected] state.edu Yuanjie Li Songwu Lu University of California, University of California, Los Angeles, CA, USA Los Angeles, CA, USA [email protected] [email protected] ABSTRACT bank (e.g., Chase), apparel (e.g., A&F), courier (e.g., Fedex, UPS) SMS (Short Messaging Service) is a text messaging service for mo- and instant messaging application (e.g., Whatsapp), to name a few. bile users to exchange short text messages. It is also widely used to The success of the SMS-based approach stems from two rea- provide SMS-powered services (e.g., mobile banking). With the sons. First, the delivery of SMS messages within mobile networks rapid deployment of all-IP 4G mobile networks, the underlying protects confidentiality and integrity [21]. Though it has some se- technology of SMS evolves from the legacy circuit-switched net- curity issues (e.g., the unauthorized SMS messages sent by the work to the IMS (IP Multimedia Subsystem) system over packet- phone-side malware or the spoofed SMS messages sent from the switched network. In this work, we study the insecurity of the Internet), thanks to the efforts of research community and indus- IMS-based SMS. We uncover its security vulnerabilities and ex- try [8, 9, 15, 37, 43, 48, 49], they are well addressed in the 2G/3G ploit them to devise four SMS attacks: silent SMS abuse, SMS networks, at least for the top four largest US carriers.
    [Show full text]
  • Architecture for IMS Security to Mobile: Focusing on Artificial Immune System and Mobile Agents Integration
    Master Thesis Computer Science Thesis no: MCS-2009:24 May 22nd 2009 Architecture for IMS Security to Mobile: Focusing on Artificial Immune System and Mobile Agents Integration . Author: Kalyani Chalamalsetty School of Computing Blekinge Institute of Technology Soft Center SE-37225 RONNEBY SWEDEN This thesis is submitted to the Department of Software Engineering and Computer Science, School of Engineering at Blekinge Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies. Contact Information: Author(s): Kalyani Chalamalasetty E-mail: [email protected] Department of Software Engineering and Computer Science University advisor(s): Dr. Bengt CarlssonAssociate professor Email: [email protected] Department of Software Engineering and Computer Science Dr. Guohua Bai Assistant professor Email: [email protected] Department of Interaction and System Design School of Computing Blekinge Institute of Technology Soft Center SE-37225 RONNEBY SWEDEN ii ABSTRACT The IP Multimedia Subsystem (IMS) is an open IP based service infrastructure that enables an easy deployment of new rich multimedia services mixing voice and data. The IMS is an overlay network on top of IP that uses SIP as the primary signaling mechanism. As an emerging technology, the SIP standard will certainly be the target of Denial of Service (DoS) attacks and consequently IMS will also inherit this problem. The objective of proposed architecture for IMS is to cram the potential attacks and security threats to IP Multimedia Subsystem (IMS) and explore the security solutions developed by 3GPP.
    [Show full text]
  • (Ims) Architecture
    InSight: RIVIER ACADEMIC JOURNAL, VOLUME 4, NUMBER 1, SPRING 2008 AN OVERVIEW OF INTERNET PROTOCOL MULTIMEDIA SUBSYSTEMS (IMS) ARCHITECTURE Jhansi Jujjuru* Graduate Student, M.S. in Computer Science Program, Rivier College Keywords: IMS Architecture, Application Servers in IMS, IMS Protocols Abstract Internet Protocol Multimedia Subsystems (IMS) is an internationally standardized Next Generation Networking (NGN) architecture for telecom operators in order to provide mobile and fixed multimedia services. It uses Voice-over-IP (VoIP) implementation based on a 3GPP-standardised implementation of Session Initiation Protocol (SIP), and runs over the standard Internet Protocol (IP). It also specifies interoperability and roaming, and provides bearer control, charging and security. IMS is well integrated with existing voice and data networks, while adopting many of the key characteristics of the IT domain. This makes IMS a key enabler for fixed-mobile Convergence and value-based charging. IMS also supports existing Packet-Switched and Circuit–Switched phone systems. 1. Introduction Recently, web based multimedia services have gained popularity and have proven themselves to be viable of communication. This has inspired the telecommunication service providers and network operators to reinvent themselves to try and provide value added IP centric services. There was a need for a system, which would allow new services to be introduced rapidly with reduced capital expense (CAPEX) and operational expense (OPEX) through increased efficiency in network
    [Show full text]
  • Implementing Security in an IP Multimedia Subsystem (IMS) Next Generation Network – a Case Study
    IMPLEMENTING SECURITY IN AN IP MULTIMEDIA SUBSYSTEM (IMS) NEXT GENERATION NETWORK – A CASE STUDY By Jose M. Ortiz-Villajos A Thesis Submitted to the Faculty of The College of Engineering and Computer Science in Partial Fulfillment of the Requirements for the Degree of Master of Science Florida Atlantic University Boca Raton, Florida April 2009 ABSTRACT Author: Jose M. Ortiz-Villajos Title: Implementing Security in an IP Multimedia Subsystem (IMS) Next Generation Network – A Case Study Institution: Florida Atlantic University Dissertation Advisor: Dr. Eduardo Fernandez Degree: Master of Science Year: 2009 The IP Multimedia Subsystem (IMS) has gone from just a step in the evolution of the GSM cellular architecture control core, to being the de-facto framework for Next Generation Network (NGN) implementations and deployments by operators world-wide, not only cellular mobile communications operators, but also fixed line, cable television, and alternative operators. With this transition from standards documents to the real world, engineers in these new multimedia communications companies need to face the task of making these new networks secure against threats and real attacks that were not a part of the previous generation of networks. We present the IMS and other competing frameworks, we analyze the security issues, we present the topic of Security Patterns, we introduce several new patterns, including the basis for a Generic Network pattern, and we apply these concepts to designing a security architecture for a fictitious 3G operator using
    [Show full text]
  • A-IM S Architecture Analysis and Experimental Ipv6 Testbed
    A-IMS Architecture Analysis and Experimental IPv6 Testbed A. Dutta, F.J. Lin, S. Das, D. Chee, B Lyles Telcordia Technologies, Piscataway, New Jersey, 08854 T.Chiba, H. Yokota, KDDI R&D Labs, Japan H. Schulzrinne, Columbia University, New York proposed A-IMS architecture compared to existing IMS/MMD Abstract– Advances to IMS (A-IMS) architecture extends the networks. Testbed realization of this standardized architecture existing IMS/MMD architecture currently being defined in can help to investigate the underlying networking issues that 3GPP/3GPP2 respectively so that it can support both SIP and might affect the end user performance. In this paper, we non-SIP-based services. W e describe the key strength of A- analyze the A-IMS architecture, study the gap and then provide IMS architecture, compare the benefits over MMD a guideline of what A-IMS components can be used to enhance architecture, and then describe an enhanced MMD the existing IMS/MMD architecture and testbed [4]. We also experimental testbed to demonstrate many of the A-IMS describe the experimental testbed where we have demonstrated features. W e highlight many of the functional components of both application layer and network layer mobility over the testbed that perform several operations such as signaling, heterogeneous networks and feature interaction between VoIP location management, security, and mobility. W e experiment and IPTV service. with two different mobility management techniques and This paper is organized as follows. Section II provides the analyze the associated delays and packet loss for both 802.11 overview of A-IMS and its key strengths compared to MMD.
    [Show full text]
  • IMS) Media Plane Security (3GPP TS 33.328 Version 12.8.0 Release 12)
    ETSI TS 133 328 V12.8.0 (2014-10) TECHNICAL SPECIFICATION Universal Mobile Telecommunications System (UMTS); LTE; IP Multimedia Subsystem (IMS) media plane security (3GPP TS 33.328 version 12.8.0 Release 12) 3GPP TS 33.328 version 12.8.0 Release 12 1 ETSI TS 133 328 V12.8.0 (2014-10) Reference RTS/TSGS-0333328vc80 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
    [Show full text]
  • ETSI TS 133 203 V8.5.0 (2009-01) Technical Specification
    ETSI TS 133 203 V8.5.0 (2009-01) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Access security for IP-based services (3GPP TS 33.203 version 8.5.0 Release 8) 3GPP TS 33.203 version 8.5.0 Release 8 1 ETSI TS 133 203 V8.5.0 (2009-01) Reference RTS/TSGS-0333203v850 Keywords GSM, LTE, SECURITY, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
    [Show full text]
  • LTE; Interworking Aspects and Migration Scenarios for Ipv4-Based IP Multimedia Subsystem (IMS) Implementations (3GPP TR 23.981 Version 10.0.0 Release 10)
    ETSI TR 123 981 V10.0.0 (2011-03) Technical Report Universal Mobile Telecommunications System (UMTS); LTE; Interworking aspects and migration scenarios for IPv4-based IP Multimedia Subsystem (IMS) implementations (3GPP TR 23.981 version 10.0.0 Release 10) 3GPP TR 23.981 version 10.0.0 Release 10 1 ETSI TR 123 981 V10.0.0 (2011-03) Reference RTR/TSGS-0223981va00 Keywords LTE, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
    [Show full text]