The IMS defines service provision architecture, and it can be considered as the next generation service delivery platform framework. It consists of modular design with open interfaces and enables the flexibility for providing multimedia services over IP technology. The IMS does not standardize specific services but uses standard service enablers e.g. presence, and supports inherently multimedia over IP, VoIP, IM and presence . In the IMS architecture, the SIP protocol is used to establishes, controls, modifies and terminates voice, video and messaging sessions. The related signalling servers in the architecture are referred to as Call State Control Functions (CSCFs) and distinguished by their specific functionalities. IMS layered architecture consists of three planes as shown in figure below: the user, control, and application planes. In spite of the fact that IMS was initially designed (in release 5) for cellular IP networks (GPRS and UMTS), all access-specific issues have been separated in release 6 from the IMS core. This means that transport and bearer services (user plane) are separated from signalling network and session handling services (control plane).
It is important to note that an IMS compliant end user system has to provide the necessary IMS protocol support, namely SIP, and the service related media codecs for the multimedia applications in addition to the basic connectivity support, e.g. GPRS, WLAN, etc.
The important IMS components and protocols are follows:
IMS Components and Entities
The IMS entities and key functionalities can be classified in six categories i.e. session management and routing family (CSCFs), databases (HSS, SLF), interworking elements (BGCF, MGCF etc.), services (application server, MRCF,
MRFP), support entities (THIG, SEG, PDF) and charging.
Proxy Call State Control Function (P-CSCF):
It is the first contact point within the IP Multimedia Core Network subsystem. Its address is discovered by UEs following Packet Data Protocol (PDP) context activation. The P-CSCF behaves like a proxy accepting requests and services them internally or forwards them. It performs functions like authorize the bearer resources for the appropriate QoS level, emergency calls, monitoring, header (de)compression and identification of I-CSCF.
Interrogating Call State Control Function (I-CSCF):-
It is the contact point within an operator’s network for all connections destined to a subscriber of that network operator, or a roaming subscriber currently located within that network operator’s service area. There may be multiple I-CSCFs within an operator’s network. I-CSCF performs functions like assigning an S-CSCF to a user performing SIP registration/charging and resource utilisation i.e. generation of Charging Data Records
(CDRs)/acting as a Topology Hiding Inter-working Gateway (THIG).
Serving Call State Control Function (S-CSCF):-
It performs the session control services for the endpoint and maintains session state as needed by the network operator for support of the services. The important functions performed by S-CSCF include user registration/interaction with services platforms for the support of services. The S-CSCF decides whether an AS is required to receive information related to an incoming SIP session request to ensure appropriate service handling. The decision at the S-CSCF is based on filter information received from the HSS. This filter information is stored and conveyed on a per application server basis for each user.
Home Subscriber Server: –
The HSS is equivalent of the HLR (Home Location Register) in 2G systems; however, extended with two Diameter based reference points. It is the master database of IMS that stores IMS user profiles including individual filtering information, user status information and application server profiles.
Application Servers: –
It provides service platform in IMS environment. It does not address how multimedia/value added applications are programmed but only well defined signalling and administration interfaces (ISC and Sh) and SIP and Diameter
protocols are supported. The SIP AS is triggered by the S-CSCF which redirects certain sessions to the SIP AS based on the downloaded filter criteria or by requesting filter information from the HSS in a user based paradigm. The SIP AS itself comprises filter rules to decide which of the applications deployed on the server
should be selected for handling the session.
Media Processing: –
The Media Resource Function (MRF) can be split up into Media Resource Function Controller (MRFC) and Media Resource Function Processor (MRFP). It provides media stream processing resources like media mixing, announcements, analysis and media transcoding as well speech. The other three components are Border Gateway Control Function (BGCF), Media Gate Control Function (MGCF) and Media Gate (MG) which perform the bearer interworking between RTP/IP and the bearers used in the legacy networks.
IMS End User System:
It is important to note that an IMS compliant end user system has to provide the necessary IMS protocol support, namely SIP, and the service related media codecs for the multimedia applications in addition to the basic
connectivity support, e.g. GPRS, WLAN, etc
IMS Key Protocols
The IMS is based on Internet protocols defined by IETF, basically Session Initiation Protocol (SIP)  is used for session control, the Diameter is for Authentication, Authorisation, and Accounting (AAA) and Real-time Transport Protocol (RTP) is for media transport.
Session Initiation Protocol (SIP)
The Session Initiation Protocol (SIP) is an application layer protocol for establishment, modification and termination of multimedia sessions. It has support for registration and modification of multiple user location information, caller and callee authentication/call authorization, and privacy for call signalling and media streams and media path with ensured QoS. The SIP was created with the design goals to provide transport protocol neutrality, request routing direct or through proxy, separation of signalling and media description, extensibility and roaming. SIP as part
of IETF process, is based on the Hyper Text Transfer Protocol (HTTP) and the Simple Network Management Protocol (SNMP). SIP has some inbuilt service capabilities, allowing SIP elements to implement some intelligent network services like call forwarding, call screening, etc.
Based on requirements of standardization bodies (such as IETF groups or 3GPP) and the industry, the IETF AAA Working Group  designed Diameter  which includes major improvements to existing AAA protocol RADIUS . The Diameter is defined in terms of base protocol and set of applications. The base protocol provides an extensible framework for the use of AAA services. Each application relies on services of the base protocol to support a specific type of AAA requests. While applications may reuse the Diameter base protocol accounting commands, the base protocol is always used in combination with a particular application which implements the actual authentication and authorization. This design allows the protocol to be extended to new access technologies by specifying a new diameter application. All Diameter clients and servers must use the base protocol in conjunction with at least one diameter application e.g. diameter relay agents only needs to implement the base protocol since it does not need authentication or authorization functionality.
The Diameter is a peer-to-peer protocol and any diameter node can initiate a request. Diameter has three kinds of network nodes: servers, clients and agents. A diameter server handles the authentication, accounting and authorization requests from the clients. Diameter clients are usually the end devices of the network that perform
access control and originate AAA requests. The agent provides relay, proxy, redirect or translation services. Diameter messages are routed according to the network access identifier of a particular user. The flexibility to define new Diameter applications and vendor-specific attributes allows customization without threatening interoperability. This feature of Diameter is recognized by standardization bodies worldwide and 3GPP chose it as the AAA protocol in IMS.
Real-time Transport Protocol (RTP)
The other protocol which is important for multimedia contents is Real-time Transport Protocol (RTP). It provides end-to-end delivery for real-time data. It also contains end-to-end delivery services like payload-type (codec) identification, sequence numbering, time stamping and delivering monitoring for real-time data. RTP provides QoS monitoring (but does not address resource reservation or QoS guarantees) using the Real Time Transfer Control Protocol (RTCP). This monitoring of data delivery provides minimal control and identification functionality, such as provision of information about reception quality which the application can use to make local adjustments (e.g. when congestion is forming, the application could decide to lower the data rate. RTCP also conveys information about media session participants.
IMS Reference Points and Interfaces
To connect different IMS entities with each other and carrying signal and information, interfaces and reference points are defined by 3GPP. We will discuss only those interfaces where signalling information is necessary to protect because we are proposing security solution for IMS signalling. In this context, the terms interfaces and reference points are used synonymously.
It connects user equipment (UE) to the IMS Core Network. It is used to transport all SIP signalling messages between the UE and the P-CSCF. Procedures in the Gm reference point can be divided into three main categories: registration, session control and transactions.
This reference point is located between HSS and I- or S-CSCF. Subscriber and service data are permanently stored in the HSS. This centralized data is utilized by the I-CSCF and the S-CSCF when the user registers or receives sessions using Cx reference point and the selected protocol is Diameter. The procedure can be divided into three main categories: location management, user data handling and user authentication.
The IMS Service Control (ISC) interface is located between an S-CSCF and an application server. The AS could behave as an SIP UA or SIP Proxy on this interface. The S-CSCF process the received SIP messages based on the filter criteria stored in the user profile obtained from the HSS.
It connects Application Server with the HSS and the used protocol is Diameter. It enables the AS to obtain user data or to get to know the S-CSCF to send SIP request.
It is located between a UE and an AS. HTTP is the chosen data protocol
and any further communication protocol needed between user and application has to
rely on HTTP.
It is the reference point between different CSCFs i.e. between P-CSCF and I-
CSCF & S-CSCF. The procedures in the Mw reference point can also be divided into
three main categories: registration, session control and transactions.