Abstract

The IP multimedia subsystem (IMS) portends major changes for all parties involved in the exchange of digital content and services. As the IMS architecture moves from specifications to implementations, real-world considerations can influence deployments in ways that have noteworthy security implications. In this work, we present and exemplify a systematic security evaluation of IMS deployments using a threat modeling approach. We also offer suggestions for possible mitigations where appropriate. The experiments conducted are on a production-class IMS deployment and a separate IMS testing environment.