最新消息:20210917 已从crifan.com换到crifan.org

【已解决】rcsjta项目RCS中IMS认证方式GIBA和DIGEST区别

RCS crifan 534浏览 0评论
折腾:
【已解决】搞懂rcsjta的core的Provisioning中IMS name合法用户账号的写法和逻辑
期间,从RCS的core的api:Provisioning 中
看到 IMS的认证有2种:
  • GIBA
  • DIGEST
需要去搞清楚含义。
找到了相关注册部分的代码
src/com/gsma/rcs/core/ims/network/ImsNetworkInterface.java
/**
 * Load the registration procedure associated to the network access
 */
public void loadRegistrationProcedure() {
    switch (mImsAuthentMode) {
        case GIBA:
            if (sLogger.isActivated()) {
                sLogger.debug("Load GIBA authentication procedure");
            }
            mRegistrationProcedure = new GibaRegistrationProcedure();
            break;
        case DIGEST:
        default:
            if (sLogger.isActivated()) {
                sLogger.debug("Load HTTP Digest authentication procedure");
            }
            mRegistrationProcedure = new HttpDigestRegistrationProcedure();
            break;
    }
}
RCS GIBA DIGEST
IMS/RCS Technology – Public Schedule – Leliwa
  • Training contents
    • Introduction
      • (IMS and RCS standardisation, horizontally and vertically integrated networks, RCS-e and RCS R1-R5 services),
    • Architecture
      • (basic IMS architecture, RCS R1-R5 architecture, IPX architecture, numbering and addressing, ENUM in IMS, DNS and ENUM in RCS/IPX),
    • Access networks
      • (PS bearer services in GSM/GERAN, UMTS/UTRAN, LTE/E-UTRAN, Broadband Access – I WLAN, QoS, Policy Control and Charging – PCC),
    • Signalling procedures
      • (SIP & SDP, SIP signalling bearer establishment, media bearer establishment, IMS discovery, registration, subscriber profile, initial filter criteria, mobile-to-mobile call, mobile-to-PSTN call, multi-device environment and SIP forking),
    • Security
      • (IMS authentication, SIP confidentiality and integrity, SIP Digest, SIP Digest with TLS, GPRS-IMS-Bundled Authentication – GIBA, Generic Authentication Architecture – GAA),
    • Enhanced address book & Presence service
      • (Enhanced address book and Presence service in RCS R1-R5, network address book, address book synchronisation in single and multi-device environment, presence information sharing, service availability/capability discovery, social presence relationship, geo-localisation, VIP contacts, 3GPP IMS Presence service, Presence Server, Resource List Server, OMA XDMS, XCAP, OMA Presence Service, service capability discovery via SIP options in RCS-e),
    • Image Share & Video Share
      • (service capability discovery for IS&VS, IS&VS session setup, IS&VS in RCS R1-R5e, multi-device environment),
    • Messaging & File transfer
      • 3GPP IMS Messaging
        • (immediate messaging, session-based messaging, SMS over generic IP-CAN),
      • OMA Instant Messaging (IM)
        • (pager mode, large message mode, session mode, file transfer mode, 1-to-1, peer to peer, 1-to-many chat, predefined and ad-hoc group chat, deferred delivery, history and search, IM baring, final delivery reports),
      • OMA Converged IP Messaging (CPM)
        • (store and forward, common message store, CPM – SMS/MMS interworking),
      • RCS-e/RCS5 Messaging
        • (multi-device environment, 3GPP and OMA messaging services in RCS-e/RCS5),
      • Geolocation services
        • (geolocation PUSH and PULL).
    • IP Voice and IP Video Call overview*
      • (VoLTE and VoHSPA overview, MMTel architecture, call setup, supplementary services),
    • Auto configuration and provisioning
      • (RCS managed objects, first time registration and client configuration provisioning, re-registration, OMA DM, OMA CP).
另外也找到几处提到了GIBA:
https://www.gsma.com/futurenetworks/wp-content/uploads/2013/05/RCS-5.1-V2.0-UNI.pdf
https://www.gsma.com/futurenetworks/wp-content/uploads/2012/03/rcs-e_advanced_comms_specification_v1_2_2_approved.pdf
“IMS/RCS Technology” Chapter 05 Security (sample) by Leliwa – issuu
参考资料
US20120036270A1 – IP Multimedia Subsystem User Identity Handling – Google Patents
IP Multimedia Services Identity Module – Wikipedia
IP Multimedia Subsystem – Wikipedia
RCS UICC 
Universal integrated circuit card – Wikipedia
File:Sim card.png – Wikipedia
Carrier Network – an overview | ScienceDirect Topics
然后去整理RCS中安全Security相关内容。
IMS Identification and numbering
【总结】
略微有点理解了
IMS认证,属于安全security方面的内容
  • Security涉及到
    • IMS authentication
    • SIP confidentiality and integrity
    • SIP Digest
    • SIP Digest with TLS
    • GIBA=GPRS-IMS-Bundled Authentication
    • GAA=Generic Authentication Architecture
其中:
  • DIGEST=SIP DIGEST
  • GIBA=GPRS-IMS-Bundled Authentication
  • RCS的Security安全
    • IMS authentication
      • 认证总体流程
        • 3GPP网络环境中,即使IMS(订阅)用户通过了PS域的认证,也还要经过IMS的IMPI的认证,才能继续访问IMS的服务
        • -》即2步认证
          • 第一步:PS的认证
            • 具体实现:3GPP AKA
          • 第二步:IMS的IMPI
            • 具体实现:IMS AKA
      • 相关名词
        • IMPI=IP Multimedia Private Identity=IP多媒体私有识别码
        • AKA=Authentication and Key Agreement=认证和密钥协商
          • 常称为:3GPP AKA
      • UTMS AKA
        • UTMS中的双向认证机制叫做:UTMS AKA
      • IMS AKA
        • 认证流程
          • 认证成功
          • 用户认证失败
          • 网络认证失败
          • 同步失败
        • SIM
          • 相关名词
            • UICC=Universal integrated circuit card
                • 别称:SIM卡
              • 含义:在GSM或UTMS网络中移动终端中的智能卡 =SIM卡
              • 细节
                • 包含应用(程序)
                  • 不同网络
                    • GSM网络中,UICC中包含一个SIM应用
                    • UTMS网络中,UICC中包含一个USIM应用
                    • cdmaOne/CDMA2000网络中,UICC除了包含USIM和SIM外,还包含一个CSIM应用
                  • 一张卡可能包含多个程序
                    • 一张卡可能同时支持GSM和UTMS
            • ISIM = IMS SIM
              • 是什么:一种应用程序application
            • UICC vs SIM vs ISIM vs USIM vs CSIM 关系
            • USIM = Universal SIM = SIM
    • 以及:
      • 【整理】IMS系统中的User Identity用户标识用户身份相关基础知识
    • SIP confidentiality and integrity
      • 期间先去:
        • 【未解决】运行RCS服务是否需要IMS的AS服务器以及P-CSCF等相关名词含义
      • 相关
        • ESP=(IPsec 的)Encapsulating Security Payload
        • SA=Security Association=安全关联
      • 建立安全关联
      • SA1和SA2的使用
    • SIP Digest
      • 是一种认证方法,只适用于非3GPP的访问网络
      • 基于HTTP DIGEST,实现UE和HE之间的双向认证
      • SIP Digest
    • SIP Digest with TLS
      • SIP Digest with TLS
    • GIBA=GPRS-IMS-Bundled Authentication
      • 背景:
        • 3GPP的IMS安全功能,很好
        • 但是早期的时候,早期设备,并不能很好的支持这方面的功能
        • 比如早期的2G手机,不支持USIM、ISIM
          • 因为本身不支持IPsec
        • 需要一个简单但够用的安全机制
        • -》出现了:GIBA
      • 别名:early IMS security=-早期IMS安全(机制)
      • 原理
        • 在HSS中创建一个安全绑定
          • 在两者之间
            • SIP级的标识 :公开/私有的用户身份
            • GRPS级别的 承载/网络层的标识:IP地址
      • GIBA认证流程
    • GAA=Generic Authentication Architecture
      • 背景:
        • 许多应用(程序)都有个需求是,在通讯之前,实现互相认证,以实现在一个客户端(比如UE)和一个AS(应用程序服务器)的通讯
        • 所以需要一个通用认证的架构
        • -》GAA
      • GAA应用举例
      • GAA机制签发资格证书
    • GBA
      • =Generic Bootstrapping Architecture=通用引导架构
      • GBA架构
      • 服务发现过程
        • BSF地址
      • 引导初始化
        • GBA的引导过程的初始阶段
        • GBA引导过程
        • GBA引导使用过程
      • SSC架构
        • 签发证书
      • 相关
        • BSF= Bootstrapping Server Function
        • NAF=Network Application Function
结论:
  • RCS的认证,是用的RCS所依赖的IMS的认证
    • IMS的认证
      • 有两种
        • GIBA
          • 旧手机,比如2G手机,不支持USIM/ISIM的,采用GIBA
            • 简介实现最基本的账号的安全认证
        • (基于HTTP的,SIP协议的)DIGEST
          • 对比:另外一种是(基于HTTPS的,即TLS的,SIP协议的DIGEST)
          • 概述:是最新的认证方式
            • 最新手机和终端和账号,一般都用这个

转载请注明:在路上 » 【已解决】rcsjta项目RCS中IMS认证方式GIBA和DIGEST区别

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
90 queries in 0.208 seconds, using 23.35MB memory