THIG

Topology Hiding Inter-network Gateway

Core Network →
Introduced in Rel-5 Also in: Services

THIG is a SIP application-level gateway deployed at network borders to conceal internal IMS topology by modifying SIP message headers, enhancing security and operator confidentiality.

Category
Core Network
Introduced
Rel-5
Where
Core Network › Evolved Packet Core
Also touches
1 segments
Specifications
6 specs
THIG Description Purpose Related Classification Detected Changes Specifications

Description

The Topology Hiding Inter-network Gateway (THIG) is a critical security and privacy component within the IP Multimedia Subsystem (IMS) architecture, operating at the application layer for SIP signaling. Its primary function is to obscure the internal structure, node addresses, and network topology of an IMS operator's network from peering or visited networks. It achieves this by acting as a Back-to-Back User Agent (B2BUA) or a SIP proxy for all cross-network SIP signaling messages, including INVITE, REGISTER, and MESSAGE. When a SIP message traverses from the internal network to an external network, the THIG scrutinizes and modifies specific SIP headers.

The key headers targeted for modification are the Via, Record-Route, and sometimes the Contact and Path headers. The Via header stack, which records the path a request has taken, is the primary focus. The THIG removes internal Via entries that contain private IP addresses or revealing domain names before forwarding the message externally. It often replaces them with a single Via entry pointing to itself, making it appear as the sole entry point. Similarly, for routing future requests within a dialog, the THIG may modify Record-Route headers to insert itself, ensuring subsequent in-dialog messages also pass through it for topology hiding. The THIG maintains state for ongoing sessions to correctly route responses and subsequent requests back to the original internal nodes, even though their identities are hidden from the external side.

Architecturally, the THIG is typically deployed at the network border, often co-located with or integrated into the Interconnection Border Control Function (IBCF) as defined in later releases. It interfaces with the S-CSCF and other IMS core nodes internally and with external networks via the Mm reference point. Its operation is transparent to the end-user service but vital for the network operator. By hiding internal IP addresses, server hostnames, and network architecture, the THIG mitigates security threats such as topology-based attacks, reconnaissance, and traffic interception targeting specific internal elements. It is a fundamental element in enabling secure IMS peering and interconnection between different administrative domains.

Purpose & Motivation

The THIG was created to address significant security and operational concerns arising from the openness of SIP protocol and IMS interconnection. The SIP protocol, by design, includes routing information in message headers to ensure reliable delivery. However, when used across untrusted administrative boundaries, this information leak exposes an operator's internal network architecture—including the number, types, and addresses of core servers like CSCFs. This exposure creates a vulnerability, allowing potential attackers to map the network for targeted attacks, such as Denial-of-Service (DoS) on specific internal nodes or exploitation of known software vulnerabilities on revealed server types.

Introduced in 3GPP Release 5 with the initial IMS specifications, the THIG solved this problem by standardizing a method for topology hiding. Prior to its definition, operators might have used generic firewalls or Network Address Translation (NAT), but these are insufficient for application-layer protocols like SIP where routing information is embedded in the payload. The THIG provides an application-aware solution. Its development was motivated by the commercial need for operators to keep their network investments and configurations confidential while still participating in global multimedia service interoperability.

Furthermore, the THIG supports regulatory and business requirements for interconnection privacy. It allows operators to peer with competitors without revealing capacity or architectural details that could be used for competitive analysis. As IMS evolved into the core for VoLTE and VoNR, the role of the THIG became even more critical for securing the voice and messaging infrastructure, ensuring that the move to all-IP networks did not come at the cost of reduced network security and operator confidentiality.

Classification

Part ofIMS
Related approachesSIP

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (19 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-5, normative work from Rel-15.

Rel-15 3 changes

In Release 15, the specification for the THIG function was updated to mandate the use of TCP for SIP signaling in scenarios involving voice fallback to EPS when the N26 interface is not present. Additionally, the architecture description for deployments without IMS-level roaming interfaces was aligned to reference the corresponding definition established for the 5GS case.

  • Use TCP for SIP signaling in case of voice fallback to EPS without N26 interface TS 24.173CR0131
  • Clause W.2 on "Architecture without IMS-level roaming interfaces" to refer to clause Y.9.2 that defines it for the 5GS case. TS 23.228CR1196
  • Removal of Editor´s notes for supplementary services interworking TS 29.235CR0113
Rel-16 5 changes

In Release 16, the THIG function was enhanced to support the DBI (Deferred Billing Information) capability, requiring updates to the interworking requirements between the IBCF (Interconnection Border Control Function) and the TrGW (Transition Gateway). Additionally, the release introduced clarifications and procedures for HSS (Home Subscriber Server) discovery and interface type selection, refining how network elements locate and interact with the HSS.

  • HSS Discovery and Interface Type Selection TS 23.228CR1201
  • Allowing IMS to use N5 interface to interact with PCF TS 23.228CR1203
  • Additional corrections for allowing IMS to use N5 interface to interact with PCF TS 23.228CR1204
  • Update IBCF and TrGW interworking requirements for DBI support TS 29.162CR0159
  • Clarification for HSS Discovery and Interface Type Selection TS 23.228CR1212
Rel-18 1 change

In Release 18, the primary update for the Topology Hiding Inter-network Gateway (THIG) function was the clarification of interfaces and reference points used for Data Channel (DC) handling. This specifically involved detailing the interactions for the bootstrap data channel and the interfaces between functional entities like the DC Application Server, DCSF, and DC media function. The work ensured proper procedures for establishing these data channels within an IMS session for application traffic.

  • Clarification on Interfaces and Reference Points Used for DC TS 23.228CR1325
Rel-19 10 changes

In Release 19, the THIG function was enhanced to support IMS data channel (DC) interworking, specifically for sessions between a DCMTSI UE and an MTSI UE. This involved updates to the signalling procedures for application data channel interworking via the Media Function (MF) and the DC Application Server (AS). Furthermore, corrections and enhancements were made to the service-based interfaces and the Rx interface to align with these new interworking capabilities.

  • Support of IMS data channel interworking between DCMTSI UE and MTSI UE TS 23.228CR1418
  • KI#3: DC interworking with MTSI UE TS 23.228CR1479
  • Update on support of DC interworking TS 23.228CR1465
  • KI#3: Update to DC interworking with MTSI UE TS 23.228CR1539
  • Updates on procedure and service of DC interworking via DC AS TS 23.228CR1551
  • Correction to 3GPP PS Data Off Exempted Services for DC interworking TS 23.228CR1651

+ 4 more changes

Explore further

Broader topics and technologies where THIG plays a role.

Topics
IMS & Voice (VoLTE, VoNR)Privacy (SUPI, SUCI)LTE / LTE-Advanced5G NR (New Radio)Lawful InterceptSMS & Messaging
Technologies
LTE

Defining Specifications

3GPP specifications that define or reference THIG, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.228 vj50 IMS Stage-2 Service Description Rel-19
TS 24.173 vj00 Multimedia Telephony Service and Supplementary Services in IMS Rel-19
TS 24.406 v810 Message Waiting Indication (MWI) Protocol Rel-8
TS 29.162 vj00 IMS-IP Network Interworking Rel-19
TS 29.235 vj00 SIP-I CS Core Network Interworking Rel-19
TS 32.849 vd00 IMS Roaming Charging Study Rel-13