The IP Multimedia Subsystem (IMS) is the technology defined by the Third Generation Partnership Project (3GPP) to provide IP Multimedia services over mobile and fixed communication networks. IP Multimedia services provide a dynamic combination of voice, video, messaging, data, etc. within the same session.
The IMS makes use of the Session Initiation Protocol (SIP) to set up and control calls or sessions between user terminals. The Session Description Protocol (SDP), carried by SIP signals, is used to describe and negotiate the media components of the session. Whilst SIP was created as a user-to-user protocol, the IMS allows operators and service providers to control user access to services and to charge users accordingly.
FIG. 1 illustrates schematically how the IMS fits into the mobile network architecture in the case of a General Packet Radio Service (GPRS) access network. As shown in FIG. 1 control of communications occurs at three layers (or planes). The lowest layer is the Connectivity Layer 1, also referred to as the bearer plane and through which signals are directed to/from user equipment, UE, accessing the network. The entities within the connectivity layer 1 that connect an IMS subscriber to IMS services form a network that is referred to as the IP-Connectivity Access Network, IP-CAN. The GPRS network includes various GPRS Support Nodes (GSNs). A gateway GPRS support node (GGSN) 2a acts as an interface between the GPRS backbone network and other networks (radio network and the IMS network). The middle layer is the Control Layer 4, and at the top is the Application Layer 6.
The IMS 3 includes a core network 3a, which operates over the Control Layer 4 and the Connectivity Layer 1, and a Service Network 3b. The IMS core network 3a includes nodes that send/receive signals to/from the GPRS network via the GGSN 2a at the Connectivity Layer 1 and network nodes that include Call/Session Control Functions (CSCFs) 5, which operate as SIP proxies within the IMS in the, Control Layer 4. The 3GPP architecture defines three types of CSCFs: the Proxy CSCF (P-CSCF) which is the first point of contact within the IMS for a SIP terminal; the Serving CSCF (S-CSCF) which provides services to the user that the user is subscribed to; and the Interrogating CSCF (I-CSCF) whose role is to identify the correct S-CSCF and to forward to that 5-CSCF a request received from a SIP terminal via a P-CSCF. The top, Application Layer 6 includes the IMS service network 3b. Application Servers (ASs) 7 are provided for implementing IMS service functionality.
IMS networks are capable of providing many different services, from basic telephony to much more sophisticated multimedia services. For some services, it is desirable to introduce an intermediate node between the sender and the receiver. Examples of such situations include the use of store-and-forward mailboxes, network answering machines, and caching of IPTV content for more efficient, local access to content.
In this case, the intermediate node must be able to resend received data using an independent session using new session parameters. In cases where the data is encrypted or otherwise protected, the intermediate node should not have access to the plaintext data, although it should be able to check the integrity of each packet of the data in order not to waste storage space on non-authentic content. In order to establish an independent session using new session parameters, the intermediate node would normally need to decrypt and re-encrypt each packet of the data, and this is unacceptable from a security point of view.
IMS media plane security has been standardized in 3GPP, TS 33.328. For high security end-to-end protection in 3GPP, a Ticket based key management system MIKEY-TICKET is introduced, as described in RFC 3711. However, there is no key management solution for store-and-forward applications in an IMS media plane which is based on MIKEY-TICKET.