Multi-domain authentication for IMS services

Authors:
Salekul Islam;Jean-Charles Grégoire
Affiliations:
Institut national de la recherche scientifique, Montréal, Québec, Canada;Institut national de la recherche scientifique, Montréal, Québec, Canada
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2011

Citing 7
Cited 1

Secure access to IP multimedia services using generic bootstrapping architecture (GBA) for 3G & beyond mobile networks

Proceedings of the 2nd ACM international workshop on Quality of service & security for wireless and mobile networks
SPICE: Evolving IMS to Next Generation Service Platforms

SAINT-W '07 Proceedings of the 2007 International Symposium on Applications and the Internet Workshops
Towards identity-based services in IMS

Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly
The UCT IMS IPTV Initiative

NGMAST '09 Proceedings of the 2009 Third International Conference on Next Generation Mobile Applications, Services and Technologies
User-centric service provisioning for IMS

Mobility '09 Proceedings of the 6th International Conference on Mobile Technology, Application & Systems
Dummynet revisited

ACM SIGCOMM Computer Communication Review
Convergence of IMS and Web Services: A Review and a Novel Thin Client Based Architecture

CNSR '10 Proceedings of the 2010 8th Annual Communication Networks and Services Research Conference

Multi-level authentication based single sign-on for IMS services

CMS'12 Proceedings of the 13th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This article proposes a novel unified IP Multimedia Subsystem (IMS) authentication architecture that extends the scope of IMS by allowing it to offer users different IMS-based services even beyond their own domain. The architecture reduces the burden of both end users and service providers by a Single Sign-On (SSO) feature. We describe how we have implemented our proposed authentication architecture for a tentative IMS service, Movie-on-Demand (MoD), by creating SIP proxies with additional SAML and HTTP message-handling intelligence and integrating them with an open-source implementation of a full IMS environment, from client to Application Server (AS). The relation between call setup time and network latency has been mathematically modelled. The developed mathematical model is validated by deploying a simplified implementation in the public Internet and observing call setup time and delay. The proposed architecture is further extended for a generalized scenario where the identity provider (IdP) could be managed by a third-party other than the IMS core operator. The authentication architecture proposed in this paper creates opportunities for operators to build partnerships with the service providers, and thus supports the emergence of new business models.