Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.926  Word version:  17.6.0

Top   Top   Up   Prev   Next
1…   4…   5…   6…   A…   B…   C…   D…   E…   F…   G…   H…   I…   J…   K…   L…   M…   O…   P…

 

O  Aspects specific to the IMS network product classes |R17|p. 69

O.1  Network product class description for the IMSp. 69

O.1.1  Introductionp. 69

This Annex covers the aspects specific to the IMS network products with specific threats.

O.1.2  Minimum set of functions defining the IMS network product classesp. 69

As part of the IMS network products, it is expected that the IMS network product classes (e.g. P-CSCF) contains IMS network product classes application, a set of running processes (typically more than one) executing the software package for the IMS network product functions and OAM functions that are specific to the IMS network product model. Functionalities specific to the IMS network product introduce additional threats and/or critical assets as described below. Related security requirements and test cases have been captured in TS 33.226.
Up

O.2  Assets and threats specific to the P-CSCFp. 69

O.2.1  Critical assetsp. 69

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the P-CSCF to be protected are:
  • P-CSCF Application;
  • IMS signalling;
  • Security data, i.e. cryptographic materials for Gm, Mw, Mx, and Iq interfaces
  • The interfaces of the P-CSCF to be protected and which are within SECAM scope:
    • Gm interface between the P-CSCF and UE
    • Mw interface between the P-CSCF and the C-CSCF/I-CSCF
    • Mx interface between the P-CSCF and IBCF
    • Iq interface between the P-CSCF and IMS AGW
    • Console interface, for local access: local interface on the P-CSCF
    • OAM interface, for remote access: interface between the P-CSCF and the OAM system
  • P-CSCF Software: binary code or executable code
Up

O.2.2  Threats related to set-up of security associationsp. 70

O.2.2.1  High-priority algorithm selectionp. 70

  • Threat name: High-priority algorithm selection
  • Threat Category: Tampering of data, Information Disclosure, Denial of Service
  • Threat Description: If the P-CSCF does not select the highest priority algorithm combination on its own list which is also supported by the UE to protect the messages between the P-CSCF and the UE, the P-CSCF could end up using a weaker algorithm forcing the system into a lowered security level making the system easily attacked and/or compromised.
  • Threatened Asset: IMS signalling
Up

O.2.2.2  Bidding down on security association set-upp. 70

  • Threat name: Bidding down on security association set-up
  • Threat Category: Tampering of data, Information Disclosure, Denial of Service
  • Threat Description: If the P-CSCF does not check whether the integrity and encryption algorithms list, SPI_P and Port_P received in SM7 is identical with the corresponding parameters sent in SM6, and check whether SPI_U and Port_U received in SM7 are identical with those received in SM1, the attacker can force the system to reduce the security level by tampering the integrity and encryption algorithms list. Then, weaker security algorithms may be selected, which will make the system easily attacked. Tampering the SPI will cause the negotiated SA cannot be indexed. As a result, the following security association fails to be established, leading to Denial of Service attack. The port number is generally used to identify different applications. Tampering the Port_P number by the attacker will cause messages to be sent to the UE or P-CSCF through the tampered port. These messages including some sensitive parameters may be leaked to another application, which is not intended to receive this message.
  • Threatened Asset: IMS signalling, security data
Up

O.2.3  Threats related to IMS signalling transportp. 70

  • Threat name: No protection or weak protection for IMS signalling data.
  • Threat Category: Tampering, Information Disclosure.
  • Threat Description: The following behaviours may lead to bidding down attacks
    • If the protection implemented for the IMS signalling over Gm interface uses the wrong security profile, which may contain weak security algorithms or protocol versions known to be vulnerable, the level of the security of the IMS signalling data may be degraded and fail to fulfil the required security.
    • If the P-CSCF policy requires confidentiality, then all UEs with no encryption support would be denied access to the IMS network. For example, if the UE sends the NULL encryption algorithm to the P-CSCF in SM1, and the SM1 message is not denied by the P-CSCF, the following negotiated SA between UE and P-CSCF may be established without confidentiality protection, which disobeys the P-CSCF policy requiring confidentiality. Hence, the following IMS signalling data will be leaked.
  • Threatened Asset: IMS signalling data.
Up

O.2.4  Threats related to SPI allocationp. 70

  • Threat name: Same SPIs between UE and P-CSCF.
  • Threat Category: Information disclosure, Denial of service.
  • Threat Description: If the P-CSCF selects the same SPIs as received in the Security-setup-line from the UE, the attacker could reflect the old messages back to P-CSCF. Since the UE and the P-CSCF use the same key for inbound and outbound traffic, the P-CSCF will decrypt the reflected messages correctly with the same key, and perform the following operation accordingly. Hence, the P-CSCF will suffer reflection attacks. The information may leak within the response message as required by the reflected message, or the ongoing services may be interrupted. The attack is also applicable on the UE side.
  • Threatened Asset: IMS signalling, P-CSCF application.
Up

O.3  Assets and threats specific to the S-CSCFp. 71

O.3.1  Critical assetsp. 71

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the S-CSCF to be protected are:
  • S-CSCF Application;
  • IMS signalling;
  • Security data, i.e. cryptographic materials for Mw, Mx, Mm, Mg, ISC, Cx, Dx, Mr, and Mi interfaces
  • The interfaces of the S-CSCF to be protected and which are within SECAM scope:
    • Mw interface between the S-CSCF and I-CSCF/P-CSCF
    • Mx interface between the S-CSCF and IBCF
    • Mm interface between the S-CSCF and IP multimedia network
    • Mg interface between the S-CSCF and MGCF
    • ISC interface between the S-CSCF and AS
    • Cx interface between the S-CSCF and HSS
    • Dx interface between the S-CSCF and SLF
    • Mr interface between the S-CSCF and MRFC
    • Mi interface between the S-CSCF and BGCF
    • Console interface, for local access: local interface on the P-CSCF
    • OAM interface, for remote access: interface between the P-CSCF and the OAM system
  • S-CSCF Software: binary code or executable code
Up

O.3.2  Threats related to de-registration during the authenticationp. 71

  • Threat name: No de-registration during the authentication.
  • Threat Category: Denial-of-service attack.
  • Threat Description: Assume that a legal UE has already been registered into the IMS network with the IMPU. An attacker could try to register an already registered IMPU and respond with an incorrect authentication response in order to make the HN de-register the IMPU of the legal UE. In this case, the legal UE will be de-registered in the HSS. Therefore, the attacker could open up a potential denial-of-service attack deny a legitimate user access to the system.
  • Threatened Asset: Sufficient Processing Capacity.
Up

O.3.3  Threats related to authenticated re-registrationp. 72

O.3.3.1  Unprotected register messagep. 72

  • Threat name: Unprotected REGISTER messages
  • Threat Category: Tampering of data, Information Disclosure, Denial of Service
  • Threat Description: If the S-CSCF does not authenticate the user by means of the AKA protocol in case of the UE sends unprotected REGISTER messages, the attacker without a legal certificates, or pre-shared key could be able to access the network. The data and resources stored in the network may be exposed to an attacker, making the system easily attacked and/or compromised.
  • Threatened Asset: S-CSCF Application, Security data
Up

O.3.3.2  No resynchronizationp. 72

  • Threat name: No resynchronization
  • Threat Reference: Denial of Service
  • Threat Description: In the synchronization failure scenario, after receiving the CM4 message from HSS, the UE may not be able to access to the network if no new authentication procedure is triggered by the S-CSCF, i.e. the UE is given no opportunity to resynchronize with the network. This can result in waste of system resources and deny a legitimate user access to the system.
  • Threatened Asset: Sufficient Processing Capacity
Up

O.4  Assets and threats specific to the I-CSCFp. 72

O.4.1  Critical assetsp. 72

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the I-CSCF to be protected are:
  • I-CSCF Application
  • IMS signalling, the Address of the S-CSCF, Charging data records
  • Security data, i.e. cryptographic materials for Mw, Cx, Mx, Ma, and Mm interfaces
  • The interfaces of the I-CSCF to be protected and which are within SECAM scope:
    • Mw interface between the I-CSCF and S-CSCF/P-CSCF
    • Cx interface between the I-CSCF and the HSS and SLF
    • Mx interface between the I-CSCF and the IBCF
    • Ma interface between the I-CSCF and AS
    • Mm interface between the I-CSCF and IP Multimedia Networks
    • Console interface, for local access: local interface on the I-CSCF
    • OAM interface, for remote access: interface between the I-CSCF and the OAM system
  • I-CSCF Software: binary code or executable code
Up

O.4.2  Threats related to network hidingp. 73

O.4.2.1  encryption in network hidingp. 73

  • Threat name: Encryption in network hiding
  • Threat Category: Spoofing identity, Tampering of data, Information Disclosure
  • Threat Description: In casse of the network hiding mechanism is used and the operator policy states that the topology shall be hidden, if the encryption of the hiding information elements is not performed when the I-CSCF forwards SIP Request or Response messages outside the hiding network's domain, and the decryption of the hiding information elements is not performed when the I-CSCF receives a SIP Request or Response message from the outside of the hiding network's domain, the identities of the SIP proxies and the topology of the hiding network will not be protected, and an attacker can read or modify these information elements.
  • Threatened Asset: IMS signalling
Up

O.5  Assets and threats specific to the IBCFp. 73

O.5.1  Critical assetsp. 73

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the IBCF to be protected are:
  • IBCF Application
  • IMS signalling, Network configuration hiding, Charging data records
  • Security data, i.e. cryptographic materials for Mx, Cs, Ix, and Ici interfaces
  • The interfaces of the IBCF to be protected and which are within SECAM scope:
    • Mx interface between the IBCF and S-CSCF/P-CSCF/I-CSCF/BGCF
    • Ms interface between the IBCF and the AS
    • Ix interface between the IBCF and the TrGW
    • Ici interface between the IBCF and IP Multimedia Networks
    • Console interface, for local access: local interface on the IBCF
    • OAM interface, for remote access: interface between the IBCF and the OAM system
  • IBCF Software: binary code or executable code
Up

O.5.2  Threats related to network hidingp. 74

O.5.2.1  encryption in network hidingp. 74

  • Threat name: Encryption in network hiding
  • Threat Category: Spoofing identity, Tampering of data, Information Disclosure
  • Threat Description: In cases of the encryption of the hiding information as network hiding mechanism is used and the operator policy states that the topology shall be hidden, and the encryption of the hiding information elements is not performed when the IBCF forwards SIP Request or Response messages outside the hiding network's domain, and the decryption of the hiding information elements is not performed when the IBCF receives a SIP Request or Response message from the outside of the hiding network's domain, the identities of the SIP proxies and the topology of the hiding network will not be protected, and an attacker can read or modify these information elements.
  • Threatened Asset: IMS signalling
Up

O.5.2.2  replacement in network hidingp. 74

  • Threat name: Replacement in network hiding
  • Threat Category: Spoofing identity, Tampering of data, Information Disclosure
  • Threat Description: In cases of the replacement of the hiding information as network hiding mechanism is used and the operator policy states that the topology shall be hidden, and the hiding information elements are not replaced to constant values when the IBCF forwards SIP Request or Response messages outside the hiding network's domain, and the constant values are not replaced to the hiding information elements when the IBCF receives a SIP Request or Response message from the outside of the hiding network's domain, the identities of the SIP proxies and the topology of the hiding network will not be protected, and an attacker can read or modify these information elements.
  • Threatened Asset: IMS signalling
Up

O.6  Assets and threats specific to the ASp. 74

O.6.1  Critical assetsp. 74

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the AS deployed in the user's home network to be protected are:
  • AS Application
  • IM service data
  • Security data, i.e. cryptographic materials for Ma, Ms, ISC, Rc, Cr, Sh, and Dh interfaces
  • The interfaces of the IBCF to be protected and which are within SECAM scope:
    • Ma interface between the AS and I-CSCF
    • Ms interface between the AS and the IBCF
    • ISC interface between the AS and S-CSCF
    • Rc interface between the AS and MRB
    • Cr interface between the AS and MRFC
    • Sh interface between the AS and HSS
    • Dh interface between the AS and SLF
    • Console interface, for local access: local interface on the AS
    • OAM interface, for remote access: interface between the AS and the OAM system
  • AS Software: binary code or executable code
Up

O.6.2  Threats related to authorizationp. 75

O.6.2.1  No user authorizationp. 75

  • Threat name: No user identity authorization
  • Threat Category: Elevation of privilege
  • Threat Description: It was described that once the AS have tried to verify the identity of the user, the AS either has a verified identity of the user or it considers the user as anonymous. If the AS configured that anonymous user is not allowed, does not reject the anonymous service request, the attacker could request functioanlity using the anonymous idenity without any authorization.
  • Threatened Asset: IMS signalling, security data
Up

O.6.2.2  No ID privacyp. 75

  • Threat name: No ID privacy
  • Threat Category: Information Disclosure
  • Threat Description: It was described where privacy is required, in any initial request for a dialog or request for a standalone transaction, the AS shall set a display-name of the From header field to "Anonymous"and set an addr-spec of the From header field to Anonymous User Identity. If the AS does not set the ID to anonymous, the content of the From header field will be leaked.
  • Threatened Asset: IMS signalling, security data
Up

O.7  Assets and threats specific to the MRFCp. 75

O.7.1  Critical assetsp. 75

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the MRFC to be protected are:
  • MRFC Application
  • Media stream resource, Charging data records
  • Security data, i.e. cryptographic materials for Mp, Mr, and Cr/Mr' interfaces
  • The interfaces of the MRFC to be protected and which are within SECAM scope:
    • Mp interface between the MRFC and MRFP
    • Mr interface between the MRFC and the S-CSCF
    • Cr/Mr' interface between the MRFC and AS
    • Console interface, for local access: local interface on the MRFC
    • OAM interface, for remote access: interface between the MRFC and the OAM system
  • MRFC Software: binary code or executable code
Up

O.8  Assets and threats specific to the IMS AGWp. 76

O.8.1  Critical assetsp. 76

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the IMS AGW to be protected are:
  • IMS AGW Application;
  • Media stream resource;
  • Security data, i.e. cryptographic materials for Iq and Mp interfaces
  • The interfaces of the IMS AGW to be protected and which are within SECAM scope:
    • Iq interface between the IMS AGW and P-CSCF
    • Mb interface between the IMS AGW and IMS MGW
    • Console interface, for local access: local interface on the IMS AGW
    • OAM interface, for remote access: interface between the IMS AGW and the OAM system
  • IMS AGW Software: binary code or executable code
Up

O.9  Assets and threats specific to the MRFPp. 76

O.9.1  Critical assetsp. 76

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the MRFP to be protected are:
  • MRFP Application
  • Media stream resource
  • Security data, i.e. cryptographic materials for Mp interface
  • The interfaces of the MRFP to be protected and which are within SECAM scope:
    • Mp interface between the MRFC and MRFP
    • Console interface, for local access: local interface on the MRFP
    • OAM interface, for remote access: interface between the MRFP and the OAM system
  • MRFP Software: binary code or executable code
Up

O.10  Assets and threats specific to the IMS MGWp. 77

O.10.1  Critical assetsp. 77

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the IMS MGW to be protected are:
  • IMS MGW Application;
  • Media stream resource;
  • Security data, i.e. cryptographic materials for Mn, Mb, and CS interfaces
  • The interfaces of the IMS MGW to be protected and which are within SECAM scope:
    • Mn interface between the IMS MGW and MGCF
    • Mb interface between the IMS MGW and MRFP/IMS AGW
    • CS interface between the IMS MGW and CS Network
    • Console interface, for local access: local interface on the IMS AGW
    • OAM interface, for remote access: interface between the IMS MGW and the OAM system
  • IMS MGW Software: binary code or executable code
Up

O.11  Assets and threats specific to the TrGWp. 77

O.11.1  Critical assetsp. 77

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the TrGW to be protected are:
  • TrGW Application;
  • Media stream resource;
  • Security data, i.e. cryptographic materials for Ix and Izi interfaces
  • The interfaces of the TrGW to be protected and which are within SECAM scope:
    • Ix interface between the TrGW and IBCF
    • Izi interface between the TrGW and IP Multimedia Network
    • Console interface, for local access: local interface on the TrGW
    • OAM interface, for remote access: interface between the TrGW and the OAM system
  • TrGW Software: binary code or executable code
Up

O.12  Assets and threats specific to the MGCFp. 78

O.12.1  Critical assetsp. 78

In addition to the critical assets of a GNP has been described in clause 5.2 of the present document, the critical assets specific to the IMS AGW to be protected are:
  • MGCF Application;
  • Media stream resource;
  • Security data, i.e. cryptographic materials for Mg, Mj, CS, and Mn interfaces
  • The interfaces of the MGCF to be protected and which are within SECAM scope:
    • Mg interface between the MGCF and I-CSCF
    • Mj interface between the MGCF and BGCF
    • CS interface between the MGCF and CS Network
    • Mn interface between the MGCF and IM MGW
    • Console interface, for local access: local interface on the IMS AGW
    • OAM interface, for remote access: interface between the IMS AGW and the OAM system
  • IMS AGW Software: binary code or executable code
Up

Up   Top   ToC