There may be no hotter topic in telecom right now than IP Multimedia Subsystem (IMS), an evolving standard that promises to offer a common way for multiple wireless and wireline networks to deliver multimedia applications.

Fixed and mobile network operators are expected to invest $10.1 billion in IMS capital infrastructure between 2006 and 2011, and generate $49.6 billion in service revenue from IMS-enabled applications within that time, according to ABI Research.

But there may be no more discouraging a topic than securing an IMS network. Recent events and published reports indicate that IMS security specifications are lacking, and that the architecture may open up more vulnerabilities than benefits.

“There definitely were security gaps in the standard right out of the gate,” says Tom Valovic, a telecom analyst at IDC. “Many vendors are somewhat vague concerning the types of security issues associated with wireless.”

Gaps in fixed-line applications are being addressed with standards efforts such as TISPAN and products such as session border controllers, Valovic says. Yet wireless remains a challenge, he says.

“I’ve seen less definition on the wireless side,” Valovic says.

That’s one of the reasons Verizon Wireless decided to develop Advances to IMS (A-IMS), a framework for mobile networks that attempts to fill in perceived gaps in IMS. And Sipera Systems, a maker of products for VoIP, mobile and multimedia security, recently authored an article in a monthly industry periodical describing a litany of vulnerabilities unique to and inherited by IMS.

In that article, Sipera claims to have identified in its labs more than 90 “major classes” of unique vulnerabilities and over 20,000 attacks that can be launched against IMS networks. Most of these vulnerabilities and attacks, however, are common to IP data and VoIP networks as well, says Sipera CTO Krishna Kurapati.

But securing IMS is a much tougher task.

For the complete article, please go here.