Scribd
Upload
383 views14 pages

IMS Call Flows1

The document outlines the steps in the LTE attach procedure and IMS registration process. It describes how the UE receives an IP address and P-CSCF information to initiate an unauthenticated IMS registration attempt. This results in a 401 Unauthorized response, challenging the UE to authenticate. The UE then establishes an IPSec security association and sends an authenticated IMS registration request, which triggers authentication with the HSS and results in a 200 OK response.

Uploaded by

Angela Barr
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
383 views14 pages

IMS Call Flows1

The document outlines the steps in the LTE attach procedure and IMS registration process. It describes how the UE receives an IP address and P-CSCF information to initiate an unauthenticated IMS registration attempt. This results in a 401 Unauthorized response, challenging the UE to authenticate. The UE then establishes an IPSec security association and sends an authenticated IMS registration request, which triggers authentication with the HSS and results in a 200 OK response.

Uploaded by

Angela Barr
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 14

UE Attach Request LTE Attach Procedure Attach Accept Activate Default Bearer Request Default Bearer Activation Activate

Default Bearer Accept (P-CSCF IP Address)

LTE Network

UE receives an IP address for the Bearer context UE receives an IP address of the P-CSCF P-CSCF serves as a the initial SIP proxy into the IMS

Unauthenticated IMS Registration Attempt


Store the IP address obtained from the bearer context accept message UE extracts the Public User Identity from the ISIM module The SIP terminal allocates the subscriber side client and server ports. These ports will be included in the REGISTER message sent

REGISTER (via,Route, Max-Forwards, From, To, Contact, Call-ID, CSeq, Security-Client, ports, expires, tag,authorization, content-length Contact Header: Public USer IDentity is available at the IP address from "Contact" header Via Header: To record the message had traversed the UE REGISTER message sent on standard SIP 5060 port Message also includes server and client ports Private Identity sent is used by the S-CSCF and HSS to identify the

P-CSCF saves the keys will be needed for establishing t security association.

The P-CSCF allocates the subscriber s server ports. These ports will be inclu Unauthorized message sent to the su

401 Unauthorized www-Authenticate; nonce=RAND-AUTN, Security-Server: port-s, port-c Verify AUTN and Compute RES

IPSec Security Association Establishment


IPSec SA for UE Initiated Requests IPSec SA for Responses to UE IPSec SA for P-CSCF Initiated Requests IPSec SA for Responses to P-CSCF

Authenticated IMS Registration


REGISTER (Via: UE-IP, UE-Server-Port, Route: pcscf1-server-port, Contact: UE-IP ue-server-port, Authorization: Digest username = private identity response = RES )

200 OK via: UE-IP, UE-server-port

P-CSCF

DNS

I-CSCF

DNS Query domain = vzw.net P-CSCF uses DNS to translate the domain "vzw.net" from the REGISTER message to the IP address of the home network DNS Response IP = I-CSCF IP REGISTER (via, Max-Forwards, From, To, Contact, Call-ID, CSeq, Security-Client, ports, expires, tag,authorization, content-length P-CSCF adds the Via header and removes the Route header. REGISTER message will be routed to the IP address obtained from DNS response

I-CSCF Selects the S-CSCF the capabilities of S-CSCF

www

401 Unauthorized www-Authenticate; nonce=RAND-AUTN, ck, ik via: icscf1, pcscf1, ue-ip

The user is currently not au The UE is challenged to aut passes in www

SCF saves the ciphering and integrity keys. These s will be needed for establishing the IPSec urity association.

CSCF allocates the subscriber side client and ver ports. These ports will be included in the 401 authorized message sent to the subscriber

rt, Contact: te identity REGISTER (Via: UE-IP, UE-Server-Port, Route: pcscf1-server-port, Contact: UE-IP ue-server-port, Authorization: Digest username = private identity response = RES integrity protection: yes , RES)

REGISTER message is sen

Authorization: Diges

via: pcscf1, icscf1, UE 200 OK via: pcscf1, UE-IP, UE-server-port

I-CSCF

S-CSCF

HSS

User Authorization Request (<name.private>@vzw.net) Query the HSS to assign the S-CSCF User Authorization Answer (S-CSCF name, S-CSCF capabilities) HSS replies with the S-CSCFs

elects the S-CSCF based on S-CSCF REGISTER (via, Max-Forwards, From, To, Contact, Call-ID, CSeq, Security-Client, ports, expires, tag,authorization, content-length I-CSCF forwards the REGISTER message to the selected S-CSCF Multimedia Authentication Request (Private Identity) Multimedia Authentication Answer (RAND, AUTN, XRES, CK, IK) HSS passes the Random number (RAND), Authentication token (AUTN), signed result (XRES), Cipher key (CK) and Integrity key (IK) Select the Authentication vectors and save them 401 Unauthorized www-Authenticate; nonce=RAND-AUTN, ck, ik via: icscf1, pcscf1, ue-ip The user is currently not authenticated, so the registration request is rejected. The UE is challenged to authenticate the user. RAND, AUTN, CK and IK are passes in www-Authenticate header

REGISTER message is sent again with security protected User Authorization Request (<name.private>@vzw.net) Query the HSS to assign the S-CSCF User Authorization Answer (S-CSCF name, S-CSCF capabilities) HSS replies with the S-CSCFs REGISTER (Via: UE-IP, UE-Server-Port, Route: pcscf1-server-port, Contact: UE-IP ue-server-port, Authorization: Digest username = private identity response = RES integrity protection: yes , RES)

Server Assignment Request Server Assignment Answer

Compare RES and XRES, so the S-CSCF replies with success or failure accordingly 200 OK via: pcscf1, icscf1, UE-IP, UE-server-port

AND), Authentication token r key (CK) and Integrity key

You might also like