Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.223  Word version:  17.1.0

Top   Top   None   None   Next
0…   4…
0 Introduction1 Scope2 References3 Definitions, symbols and abbreviations3.1 Definitions3.2 Abbreviations
...

 

0  Introductionp. 5

3GPP defined the Generic Authentication Architecture (GAA). The adoption of GAA by other standardization bodies showed that some services can not make the assumption that the User Equipment (UE) has always the possibility to connect to the Bootstrapping Server Function (BSF) or that the UE for different reasons has not performed a bootstrapping procedure directly with the BSF. Hence, this specification introduces and specifies a GBA Push Function.

1  Scopep. 6

The present document specifies a Push Function as a functional add-on for the Generic Authentication Architecture (GAA) [1].

2  Referencesp. 6

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TS 33.220: "Generic Authentication Architecture (GAA); Generic bootstrapping architecture".
[2]
TR 21.905: "Vocabulary for 3GPP Specifications".
[3]
TS 33.210: "3G Security; Network Domain Security; IP network layer security".
[4]  Void
[5]  Void.
[6]
TS 33.102: "3G Security; Security architecture".
[7]
FIPS PUB 180-2 (2002): "Secure Hash Standard".
[8]
RFC 2104  (1997): "HMAC: Keyed-Hashing for Message Authentication".
[9]
ISO/IEC 10118-3:2004: "Information Technology - Security techniques - Hash-functions - Part 3: Dedicated hash-functions".
[10]
NIST Special Publication 800-38A: "Recommendation for Block Cipher Modes of Operation"
[11]
FIPS PUB 197: "Advanced Encryption Standard"
[12]  Void
[13]
TS 33.222: "Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)".
[14]
TS 29.109: "Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol; Stage 3".
[15]
TS 33.224: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) Push Layer".
[15a]
TS 31.101: "UICC-terminal interface; Physical and logical characteristics".
[16]
RFC 4330:  "Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI".
[17]
TS 23.502: "Procedures for the 5G System (5GS)".
[18]
TS 23.501: "System architecture for the 5G System (5GS)"
Up

3  Definitions, symbols and abbreviationsp. 7

3.1  Definitionsp. 7

For the purposes of the present document, the terms and definitions given in TR 21.905, TS 33.220 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
AUTN(*):
In GBA context, GBA_ME relies on AUTN value to verify that the authentication vector is from an authorised network, while GBA_U relies on AUTN* to perform network authentication as described in [1]. AUTN(*) is used to refer both to AUTN and AUTN*.
AUTS:
Defined in TS 33.102.
Disposable-Ks model:
The keying model used in GBA-push. Only one NAF-key is generated per Ks and the Ks cannot be reused.
GBA_U aware UICC:
A UICC which supports GBA_U which means that the Ks will never leave the UICC.
GBA-Push-Info:
GBA-Push-Info contains data relevant for key derivation in GBA Push. GBA-Push_Info is sent via the Upa-reference point from the NAF to the UE.
NAF_Id:
The FQDN of the NAF, concatenated with the Ua security protocol identifier,
NAF-key:
A NAF-key derived from Ks. It can be used to refer to Ks_(int/ext)_NAF or Ks_NAF.
NAF SA:
A security association between a NAF and a UE based on a NAF-key.
Push-message:
This is a message that is sent on a Ua-reference point from the NAF to the UE and has applied GBA keys that were bootstrapped via the Upa-reference point.
Push-NAF:
A NAF authorized for using GBA-Push.
UE_Trp:
The transport address used for delivery of GPI to the UE.
Up

3.2  Abbreviationsp. 7

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
BSF
Bootstrapping Server Function
B-TID
Bootstrapping Transaction Identifier
FQDN
Fully Qualified Domain Name
GAA
Generic Authentication Architecture
GBA
Generic Bootstrapping Architecture
GBA_ME
ME-based GBA
GBA_U
GBA with UICC-based enhancements
GPI
GBA Push Info
GUSS
GBA User Security Settings
HLR
Home Location Register
HSS
Home Subscriber Server
Ks_NAF
NAF-key in GBA_ME mode
Ks_int_NAF
UICC internal NAF-key in GBA_U
Ks_ext_NAF
UICC external NAF-key in GBA_U
ME
Mobile Equipment
NAF
Network Application Function
P-TID
Push Temporary Identifier
SA
Security Association
UE
User Equipment
USS
User Security Setting
Up

Up   Top   ToC