Cm3 cx av reqimpi randauts m the hss checks the auts

Info icon This preview shows pages 31–33. Sign up to view the full content.

View Full Document Right Arrow Icon
CM3: Cx-AV-Req(IMPI, RAND,AUTS, m) The HSS checks the AUTS as in clause 6.3.5 of TS 33.102 [1]. After potentially updating the SQN, the HSS sends new AVs to the S-CSCF in CM4. CM4: Cx-AV-Req-Resp(IMPI, n,RAND 1 ||AUTN 1 ||XRES 1 ||CK 1 ||IK 1 ,….,RAND n ||AUTN n ||XRES n ||CK n ||IK n ) When the S-CSCF receives the new batch of authentication vectors from the HSS it deletes the old ones for that user in the S-CSCF. The rest of the messages i.e. SM10-SM18 including the Cx messages are exactly the same as SM4-SM12 and the corresponding Cx messages in 6.1.1. 6.1.4 Network Initiated authentications In order to authenticate an already registered user, the S-CSCF shall send a request to the UE to initiate a re-registration procedure. When received at the S-CSCF, the re-registration shall trigger a new IMS AKA procedure that will allow the S-CSCF to re-authenticate the user. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 31 Release 12
Image of page 31

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Figure 7 The UE shall initiate the re-registration on the reception of the Authentication Required indication. In the event that the UE does not initiate the re-registration procedure after the request from the S-CSCF, the S-CSCF may decide to de- register the subscriber or re-issue an Authentication-Required. 6.1.5 Integrity protection indicator In order to decide whether a REGISTER request from the UE needs to be authenticated, the S-CSCF needs to know about the integrity protection applied to the message. The P-CSCF attaches an indication to the REGISTER request to inform the S-CSCF that the message was integrity protected if: - the P-CSCF receives a REGISTER containing an authentication response and the message is protected with an SA created during this authentication procedure; or - the P-CSCF receives a REGISTER not containing an authentication response and the message is protected with an SA created by latest successful authentication (from the P-CSCF perspective). For all other REGISTER requests the P-CSCF attaches an indication that the REGISTER request was not integrity protected. 6.2 Confidentiality mechanisms If the local policy in P-CSCF requires the use of IMS specific confidentiality protection mechanism between UE and P-CSCF, IPsec ESP as specified in RFC 4303 [54] shall provide confidentiality protection of SIP signalling between the UE and the P-CSCF, protecting all SIP signalling messages at the IP level. IPsec ESP general concepts on Security Policy management, Security Associations and IP traffic processing as described in reference RFC 4301 [53] shall also be considered. ESP confidentiality shall be applied in transport mode between UE and P-CSCF. Dummy packets (Next Header = 59) shall not be sent. NOTE: For interoperability with 3GPP pre-Release 11 implementations, usage of dummy packets is not allowed. The method to set up ESP security associations (SAs) during the SIP registration procedure is specified in clause 7. As a result of an authenticated registration procedure, two pairs of unidirectional SAs between the UE and the P-CSCF all shared by TCP and UDP, shall be established in the P-CSCF and later in the UE. One SA pair is for traffic between a
Image of page 32
Image of page 33
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern