Which security mechanism protects SIP signaling between UE and P-CSCF?

Q. Which security mechanism protects SIP signaling between UE and P-CSCF?

a) TLS on port 5061
b) SSH
c) SRTP
d) IPsec ESP tunnels (IMS AKA derived keys)


Check 🔎

:arrow_right: Correct answer: Letter d.

In IMS networks, SIP signaling between the UE and the P-CSCF is protected using IPsec ESP (Encapsulating Security Payload) tunnels.

  • These tunnels use IMS AKA-derived keys for integrity and confidentiality.
  • The protection includes authentication headers (AH) and/or encryption (ESP).
  • This mechanism ensures that SIP messages are secure from eavesdropping or tampering during transport.

Q. Which security mechanism protects SIP signaling between UE and P-CSCF?

a) :x: TLS on port 5061
→ Incorrect. TLS can secure SIP in other scenarios (like IBCF or between core IMS nodes), but not typically used between UE and P-CSCF.

b) :x: SSH
→ Incorrect. SSH is not used in SIP/IMS for signaling protection.

c) :x: SRTP
→ Incorrect. SRTP protects media (RTP), not signaling.

d) :white_check_mark: IPsec ESP tunnels (IMS AKA derived keys)
→ Correct. IPsec is the standard method to secure SIP signaling between UE and P-CSCF using IMS AKA-based keys. IMS mandates IPsec ESP between UE and P-CSCF to secure SIP.