As a core session control layer in the fixed and mobile networks, the IMS has become a main topic in the art. Many specifications related to the IMS have been defined in the Third Generation Partnership Project (3GPP) and Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN) standards, which concerns network architecture, interface, protocol, etc. Particularly, security is an important consideration in the 3GPP and TISPAN. In the current specifications, the IMS network is split into an access domain and a network domain in view of the security, and security specifications are defined for the access domain and the network domain respectively. FIG. 1 shows a security model for the IMS network, in which interfaces requiring the security are defined. Although having been described in detail in the specifications, these interfaces are defined only in terms of the control plane of the IMS network, i.e. how to ensure the security of the session protocols in the IMS network, instead of how to ensure the security of the media plane in the IMS network. In fact, the security of the media plane is also very important. Otherwise, media streams may be tampered or eavesdropped during the conversation of the subscribers, which results in degradation of the quality of service for the subscribers or leakage of confidential information.
Usually, an approach for protecting the media streams in the IMS network comprises: a Real-time Transfer Protocol (RTP) proxy is introduced into the architecture of the IMS network; keys are shared between User Equipment (UE) and the RTP proxy through the Generic Bootstrapping Architecture (GBA, which is also a generic authentication and key assignment model defined in the 3GPP specifications); confidentiality and integrity of the media streams are secured between the UE and the RTP proxy through the shared keys, achieving the security of the media streams in the access domain; and the security of the media streams in the network domain may be achieved in two ways: the first one is that no protection is provided between the RTP proxies, if the network is trustable or secure in the network domain; and the other one is that the media streams between the RTP proxies are protected through the IP_Security (IPSec) Encapsulating Security Payload (ESP) protocol under the security mechanism in the 3GPP IMS network domain.
FIG. 2 shows an architecture of the GBA model and FIG. 3 illustrates an application of the GBA model to key assignment for the media streams. In the application, the Session Initiation Protocol (SIP) server (such as Proxy Call Session Control Function (P-CSCF) defined in the 3GPP IMS network) and the RTP proxy are taken as a whole, i.e. a Network Application Function (NAF) entity in the GBA. The SIP server acquires from the Bootstrapping Server Function (BSF) a key shared between the NAF and an SIP client The key shared between the NAF and an SIP client is stored in the BSF. The SIP server then sends the key to the RTP proxy via Is interface. Thus, the key for media stream security is shared between the. SIP client and the RTP proxy.
In the GBA model, both the NAF and the BSF are logical function entities. All Application Servers (ASs) and even the Call Session Control Function (CSCF) entity may be used as an NAF to acquire a key shared with the UE in the GBA processes. Likewise, the BSF may be implemented by any device, such as a CSCF entity, a Home Subscriber Server (HSS), an Authentication, Authorization and Accounting (AAA) server, and a web portal, etc.