PUCI

Protection against Unsolicited Communication for IMS

Security
Introduced in Rel-9
PUCI is a 3GPP security framework within IMS to identify and block unsolicited communication like spam calls and messages. It protects users from fraud and annoyance by defining detection mechanisms and network policies. This is crucial for maintaining trust in IP-based telephony services.

Description

Protection against Unsolicited Communication for IMS (PUCI) is a standardized security mechanism defined by 3GPP to combat spam and other unwanted communications within the IP Multimedia Subsystem (IMS) network. IMS, being an all-IP architecture for delivering multimedia services, is inherently vulnerable to the same types of unsolicited traffic that plague the internet, such as spam over IP telephony (SPIT) and unsolicited instant messages. PUCI provides a framework for identifying, reporting, and mitigating these communications to protect the end-user experience and network resources.

The architecture of PUCI involves several functional entities within the IMS core. Key components include the PUCI Application Server (AS), which hosts the logic for analyzing signaling and media to detect patterns indicative of spam. This AS can interface with the Serving-Call Session Control Function (S-CSCF) via the ISC interface to inspect SIP messages. It may also utilize or interact with a Reputation Database that stores information about sources (e.g., SIP URIs, IP addresses) known to originate unsolicited communications. The framework defines procedures for how a user or a network operator can report a communication as unsolicited, triggering analysis and potential blacklisting.

Operationally, PUCI works through a combination of network-based and user-assisted mechanisms. The network can employ heuristic analysis on SIP signaling parameters, call patterns (e.g., high frequency of calls to disparate numbers), or even content analysis. When a communication is deemed unsolicited, the network can apply policies such as blocking the call/session establishment, redirecting it to an announcement server, or allowing it through but tagging it with a warning for the user. The user can typically activate a personal blacklist or report spam via their User Equipment (UE), which sends a report to the PUCI AS. The framework's role is to standardize these interactions between the UE, the IMS core, and the application layer, ensuring interoperability between different vendors' equipment and service providers' networks.

Purpose & Motivation

PUCI was created to address the growing threat of spam and fraud in IP-based telecommunication services, specifically within the 3GPP IMS ecosystem. As voice and messaging services migrated from traditional circuit-switched networks to packet-switched IMS networks, they became exposed to well-known internet abuses. The primary problem PUCI solves is the degradation of user trust and service quality due to unsolicited, often fraudulent, communications which can lead to financial loss, privacy invasion, and simple annoyance.

Historically, circuit-switched telephony had some inherent barriers to mass spam due to its cost structure and tighter control, but VoIP and IMS lowered these barriers significantly. Prior to PUCI's standardization, operators might have deployed proprietary, non-interoperable solutions, leading to a fragmented defense and a poor experience for users roaming between networks. The motivation for PUCI was to provide a unified, standards-based approach that all 3GPP network operators could implement, creating a more consistent and effective barrier against spam across the global mobile ecosystem.

By defining a common framework, PUCI enables information sharing about spam sources between networks and allows for the development of consistent user controls. It addresses the limitation of previous ad-hoc approaches by ensuring that spam mitigation is a core, integrated network function rather than a bolt-on application, improving both its effectiveness and scalability as IMS becomes the foundation for all communication services, including VoLTE and VoNR.

Key Features

  • Standardized framework for spam detection within IMS
  • Integration with IMS core via the PUCI Application Server
  • Support for both network-initiated and user-reported spam analysis
  • Defines procedures for communication blocking and warning delivery
  • Can interface with reputation databases for source scoring
  • Applicable to various IMS communication services (voice, video, messaging)

Evolution Across Releases

Rel-9 Initial

Introduced the initial PUCI framework in 3GPP. Defined the basic architecture involving a PUCI Application Server, the procedures for unsolicited communication identification, and the network policies for handling such sessions. Established the foundational mechanisms for reporting and mitigation within the IMS core.

TS 33.838TS 33.937

Defining Specifications

SpecificationTitle
TS 33.838 3GPP TR 33.838
TS 33.937 3GPP TR 33.937