1. Essentials Guide
  2. Oracle USM Supporting the IMS Core
  3. IMS-AKA Support

IMS-AKA Support

The Oracle Communications Unified Session Manager also supports IMS-AKA for secure authentication end-to-end between UAs in an LTE network and an IMS core. It supports IMS-AKA in compliance with 3GPP specifications TS 33-203 and TS 33-102.

The goal of IMS-AKA is to achieve mutual authentication between end station termination mechanisms, such as an IP Multimedia Services Identity Module (ISIM), and the Home Network (IMS Core). Achieving this goal requires procedures both inside and outside the core. Ultimately, IMS performs the following:

  • Uses the IMPI to authenticate the home network as well as the UA;
  • Manages authorization and authentication information between the HSS and the UA;
  • Enables subsequent authentication via authentication vectors and sequence information at the ISIM and the HSS.

The Oracle Communications Unified Session Manager authenticates registrations only. This registration authentication process is similar to SIP Digest. The process accepts REGISTER requests from UAs, conducts authorization procedures via UAR/UAA exchanges and conducts authentication procedures via MAR/MAA exchanges and challenges with the UA.

Configuration and operational support are not the same on the Oracle USM and Oracle CSM. This is because the Oracle USM can perform the P-CSCF role as well as the I-CSCF and S-CSCF roles. Applicable configuration to support IMS-AKA on the P-CSCF access interface is documented in the Security chapter of the Oracle Communications Session Border Controller ACLI Configuration Guide. This configuration includes defining an IMS-AKA profile, enabling the sip-interface for IMS-AKA and configuring the sip-port to use the profile.

There is no configuration required for the S-CSCF role, but there is an optional configuration that specifies how may authentication vectors it can accept from the HSS. The S-CSCF stores these authentication vectors for use during subsequent authentications. Storing vectors limits the number of times the device needs to retrieve them from the HSS. The default number of authentication vectors is three.