The present disclosure relates generally to computer system and network security and, more particularly, to methods, systems, computer program products for selecting a security protocol in a network.
The Internet Protocol (IP) Multimedia Subsystem (IMS) is a standard that has been developed to define the control and integration of multimedia services in a core, packet-switched network. In particular, the IMS architecture defines a set of logical functions that use a signaling protocol known as the session initiation protocol (SIP) to establish communication sessions in an IP network. A “session” may be, for example, a one-to-one voice call or a more complex interaction, such as a one-to-many conference call involving multimedia services. SIP may also be used to facilitate voice over IP (VoIP) services, in which voice is transported in IP data packets that are re-assembled and converted into an audio signal for the recipient. Referring to FIG. 1, an IMS network 100 may be characterized as a standardized way to connect IP devices 10, 20, such as cell phones WiFI-equipped computing devices, conventional telephones, modems, etc., and networks using SIP.
Referring now to FIG. 2, when a user device, which may be referred to as User Equipment (UE), attempts to register with an IMS network, the UE sends the IMS network an IMS registration request, which includes a list of security protocols that the UE supports. In the example shown in FIG. 2, the UE supports security protocols Triple Data Encryption Standard (3des) and Advanced Encryption Standard (AES). The IMS network selects the 3des security protocol and returns a 401 SIP response code informing the UE that user authentication is required using 3des. The UE responds with a secured registration request message using the 3des security protocol, which the IMS network decrypts to recover the original plaintext registration message. The IMS network responds by sending the 200 SIP response code to the UE to notify the UE that the registration request was successful.
In some instances, however, the IMS network and the UE implement a security protocol differently or the UE may be infected with a virus. Such an example is illustrated in FIG. 3. In this case, the UE supports 3des and AES. The IMS network selects the 3des security protocol and returns a 401 SIP response code informing the UE that user authentication is required using 3des. The UE responds with a secured registration request message using the 3des protocol, which the IMS network is unable to decode. After not receiving a response from the IMS network for a certain period of time, a timer expires at the UE and the UE re-sends the secured registration request message using the 3des protocol. The IMS network remains unable to decode this registration request resulting in the UE repeating this process of retrying to register N times after which it will give up. The multiple retry attempts by the UE for what is ultimately a futile effort to register may waste network resources.