3GPP IMS and UMTS Specifications -- 33 Series:
Security aspects
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.102 |
SA3 |
|
Security Architecture |
|
This TS defines the security architecture, i.e., the security features and the security mechanisms,
for the third generation mobile telecommunication system.
A security feature is a service capability that meets one or several security requirements.
The complete set of security features address the security requirements as they are defined in "3G Security:
Threats and Requirements" (3GPP TS 21.133) and implement the security objectives and principles described in
3GPP TS 33.120.
A security mechanism is an element that is used to realise a security feature.
All security features and security mechanisms taken together form the security architecture.
An example of a security feature is user data confidentiality.
A security mechanism that may be used to implement that feature is a stream cipher using a derived cipher key.
|
|
|
| |
| Up |
Rapporteur: Marc Blommaert |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.107 |
SA3 |
|
Lawful Interception Architecture and Functions |
|
This TS describes the architecture and functional requirements within a Third Generation Mobile
Communication System (3GPP MS).
The specification shows the service requirements from a Law Enforcement point of view only.
The aim of this document is to define a 3GPP MS interception system that supports a number of regional
interception regulations, but these regulations are not repeated here as they vary.
Regional interception requirements shall be met in using specific (regional) mediation functions
allowing only required information to be transported.
The handover interfaces for Lawful Interception (LI) of Packet-Data Services, Circuit Switched Services,
and Multimedia Services within the UMTS network for Stage 3 are described in
3GPP TS 33.108.
|
|
|
| |
| Up |
Rapporteur: Berthold Wilhelm |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.108 |
SA3 |
|
Handover Interface for Lawful Interception (LI) |
|
This TS addresses the handover interfaces for Lawful Interception (LI) of Packet-Data Services,
Circuit Switched Services, and Multimedia Services within the UMTS network. The handover interface
in this context includes the delivery of Intercept Related Information (HI2) and Content of
Communication (HI3) to the Law Enforcement Monitoring Facility.
|
|
|
| |
| Up |
Rapporteur: Ronald D. Ryan |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.110 |
SA3 |
|
Key establishment between a Universal Integrated Circuit Card (UICC) and a terminal |
This TS describes the security features and mechanisms to provision a shared key between a UICC and a terminal that may host the UICC or be connected to the device hosting the UICC via a local interface. Candidate applications to use this key establishment mechanism include but are not restricted to secure channel between a UICC and a terminal.
The scope of this specification includes an architecture overview and the detailed procedure how to establish the shared key between the UICC and the terminal.
|
|
|
| |
| Up |
Rapporteur: Mireille Pauliac |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.141 |
SA3 |
|
Presence Service - Security |
|
This TS is the Stage 2 specification for the security requirements, security architecture, security features
and security mechanisms for the Presence Service, which includes the elements necessary to realise the
requirements in
3GPP TS 22.141
and
3GPP TS 23.141.
As far as SIP-based procedures are concerned, this specification refers to
3GPP TS 33.203.
The main content of this specification is the security for the Ut reference point, which is HTTP-based,
as applied in presence services.
The present document includes information applicable to network operators, service providers and manufacturers.
|
|
|
| |
| Up |
Rapporteur: Krister Boman |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.203 |
SA3 |
|
Access Security for IP-based Services |
|
The scope for this TS is to specify the security features and mechanisms for secure access to the IM
subsystem (IMS) for the 3G mobile telecommunication system.
The IMS in UMTS will support IP Multimedia applications such as video, audio and multimedia conferences.
This specification only deals with how the SIP signalling is protected between the subscriber and the
IMS, how the subscriber is authenticated and how the subscriber authenticates the IMS.
|
|
|
| |
| Up |
Rapporteur: Krister Boman |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.204 |
SA3 |
|
Network Domain Security (NDS) -
Transaction Capabilities Application Part (TCAP) User Security |
|
This TS covers the security mechanisms and procedures necessary to protect all TCAP user messages which
are sent between different security domains. The complete set of enhancements and extensions to
facilitate security protection for the TCAP protocol is termed TCAPsec and it covers transport
security in the TCAP protocol itself and the security management procedures.
This TS contains the stage 2 specification for security protection of the TCAP protocol.
The actual implementation (stage 3) specification can be found in
3GPP TS 29.204.
|
|
|
| |
| Up |
Rapporteur: Marc Blommaert |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.210 |
SA3 |
|
IP Network Layer Security |
|
This TS defines the security architecture for the UMTS network domain IP based control plane. The
scope of the UMTS network domain control plane security is to cover the control signalling on selected interfaces
between UMTS network elements. Annex C is related to IMS protocols.
|
|
|
| |
| Up |
Rapporteur: Geir Koien |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.220 |
SA3 |
|
GAA - Generic Bootstrapping Architecture |
This TS describes the security features and a mechanism to bootstrap authentication and key agreement
for application security from the 3GPP AKA mechanism. Candidate applications to use this bootstrapping
mechanism include but are not restricted to subscriber certificate distribution
3GPP TS 33.221.
Subscriber certificates support services whose provision mobile operator assists, as well as services
that mobile operator provides.
The scope of this specification includes a generic AKA bootstrapping function, an architecture overview
and the detailed procedure how to bootstrap the credential.
Clause 4 of this specification describes a mechanism, called GBA_ME, to bootstrap authentication
and key agreement, which does not require any changes to the UICC. Clause 5 of this specification
describes a mechanism, called GBA_U, to bootstrap authentication and key agreement, which does
require changes to the UICC, but provides enhanced security by storing certain derived keys on the UICC.
|
|
|
| |
| Up |
Rapporteur: Silke Holtmanns |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.221 |
SA3 |
|
GAA - Support for Subscriber Certificates |
|
This TS describes subscriber certificate distribution by means of generic bootstrapping architecture (GBA)
3GPP TS 33.220.
Subscriber certificates support services whose provision the mobile operator assists, as well as services
that are offered by the mobile operator.
The scope of this specification presents signalling procedures for support of issuing certificates
to subscribers and the standard format of certificates and digital signatures. It is not intended
to duplicate existing standards being developed by other groups on these topics, and will reference
these where appropriate.
|
|
|
| |
| Up |
Rapporteur: Silke Holtmanns |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.222 |
SA3 |
|
GAA - Access to Network Application Functions using HTTPS |
This TS specifies secure access methods to Network Application Functions (NAF) using HTTP over TLS in
the Generic Authentication Architecture (GAA), and provides Stage 2 security requirements, principles
and procedures for the access. The present document describes both direct access to an Application
Server (AS) and access to an Application Server through an Authentication Proxy (AP).
NOTE: Any application specific details for access to Applications Servers are not in scope
of this specification and are covered in separate documents. An example of such a document is
3GPP TS 33.141,
which specifies the security for presence services.
|
|
|
| |
| Up |
Rapporteur: Bengt Sahlin |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.234 |
SA3 |
|
WLAN Interworking Security |
|
This TS specifies the security architecture; trust model and security requirements for the interworking of
the 3GPP System and WLAN Access Networks.
Specifications of the appropriate mechanisms for user and network authentication, key management,
service authorization, confidentiality and integrity protection of user and signalling data are also provided.
|
|
|
| |
| Up |
Rapporteur: Luis Lopez Soria |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.246 |
SA3 |
|
Security of Multimedia Broadcast/Multicast Service (MBMS) |
This TS covers the security procedures of the Multimedia Broadcast/Multicast Service (MBMS) for
3GPP systems (UTRAN and GERAN). MBMS is a 3GPP system network bearer service over which many
different applications could be carried. The actual method of protection may vary depending on
the type of MBMS application.
MBMS introduces the concept of a point-to-multipoint service into a 3GPP system. A requirement of a MBMS User Service is to be able to securely transmit data to a given set of users. In order to achieve this, there needs to be a method of authentication, key distribution and data protection for a MBMS User Service.
|
|
|
| |
| Up |
Rapporteur: Adrian Escott |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.259 |
SA3 |
|
Key establishment between a UICC Hosting Device and a Remote Device |
This TS describes the security features and mechanisms to provision a shared key between a UICC Hosting Device and a Remote Device connected via a local interface. The shared secret is then intended to be used to secure the interface between the Remote Device and the UICC hosting device. Candidate applications to use this key establishment mechanism include but are not restricted to Personal Network Management
(see 3GPP TS 22.259).
The scope of this specification includes an architecture overview and the detailed procedure how to establish the shared key between the UICC Hosting Device and the Remote Device. This is different from the Technical Specification
3GPP TS 33.110 that describes an architecture overview and the detailed procedure how to establish the shared key between the UICC itself and the terminal hosting the UICC. The use cases utilizing the mechanisms described in this specification are seen to be different to the use cases where "Key establishment between a UICC and a terminal", IETF RFC 4279 is utilized.
The solution described in this document is built on the existing infrastructure defined in "GBA",
3GPP TS 33.220.
|
|
|
| |
| Up |
Rapporteur: Vesa Lehtovirta |
|
|
|
|
|
|
|
|
| | |
|
3GPP TS 33.310 |
SA3 |
|
Network Domain Security (NDS) -
Authentication Framework (AF) |
The scope of this TS is limited to authentication of network elements, which are using NDS/IP or TLS,
and located in the inter-operator domain.
In the case of NDS/IP this Specification concentrates on authentication of Security Gateways (SEG),
and the corresponding Za-interfaces. Authentication of elements in the intra-operator domain is
considered an internal issue for operators. This is quite much in line with
3GPP TS 33.210 which states that
only Za is mandatory, and that the security domain operator can decide if the Zb-interface
is deployed or not, as the Zb-interface is optional for implementation. However, NDS/AF can
easily be adapted to intra-operator use since it is just a simplification of the inter-operator
case when all NDS/IP NEs and the PKI infrastructure belong to the same operator. Validity of
certificates may be restricted to the operator's domain.
|
| NOTE: |
In case two SEGs interconnect separate network regions under a single administrative authority
(e.g. owned by the same mobile operator) then the Za-interface is not subject to interconnect agreements,
but the decision on applying Za-interface is left to operators.
|
The NDS architecture for IP-based protocols is illustrated in the following figure:
In the case of TLS this TS concentrates on authentication of TLS entities across inter-operator links. For
example, TLS is specified for inter-operator communications between IMS and non-IMS networks
3GPP TS 33.203 and on the Zn'
interface in GBA 3GPP TS 33.220. Authentication of TLS entities across intra-operator links is considered an internal issue for
operators. However, NDS/AF can easily be adapted to the intra-operator use case since it is just a simplification of the
inter-operator case when all TLS NEs and the PKI infrastructure belong to the same operator. Validity of certificates
may be restricted to the operator's domain.
|
|
|
| |
| Up |
Rapporteur: Tiina Koskinen |
|
|
|
|
|
|
|
|
| | |
|
3GPP TR 33.803 |
SA3 |
|
Coexistence between TISPAN and 3GPP Authentication Schemes |
This TR
studies from a security point of view the coexistence between TISPAN authentication methods (as specified in TISPAN release 1) and existing 3GPP authentication schemes, i.e. both the IMS AKA (as specified in
3GPP TS 33.203 and
3GPP TS 24.229) and the early IMS security (as specified in
3GPP TR 33.978). This document also aims to provide solutions to handle potential compatibility issues. These issues are listed in detail in section 5 of this document.
This document is meant to ensure that the same IMS core network entities can be used to support both 3GPP and TISPAN authentication schemes. In this context, rules are developed how an x-CSCF can decide from a registration request which authentication scheme to apply. If these rules are not adhered to compatibility problems may arise.
|
|
|
| |
| Up |
Rapporteur: Sylvie Fouquet |
|
|
|
|
|
|
|
|
| | |
|
3GPP TR 33.919 |
SA3 |
|
Generic Authentication Architecture (GAA) - System Description |
This TR
aims to give an overview of the different mechanisms that mobile applications can rely upon for authentication between server and client (i.e. the UE). Additionally it provides guidelines related to the use of GAA and to the choice of authentication mechanism in a given situation and for a given application.
To this end the TR puts the different 3GPP GAA related specifications, into perspective. It clarifies the logic for having the technical specifications and technical reports, sketches their content and explains the inter-relation between these 3GPP TSs and TRs and their relation with this TR.
The heart of GAA consists out of the Generic Bootstrapping Architecture (GBA): The GBA core specifications consist out of
3GPP TS 33.220,
3GPP TS 24.109
and 3GPP TS 29.109.
|
|
|
| |
| Up |
Rapporteur: Annelies Van Moffaert |
|
|
|
|
|
|
|
|
| | |
|
3GPP TR 33.920 |
SA3 |
|
SIM Card based Generic Bootstrapping Architecture (GBA) -
Early Implementation Feature |
3GPP defined the Generic Bootstrapping Architecture (GBA) in Release 6. The Release 6 GBA is based on 3G USIMs and ISIMs, i.e., 3GPP TS 33.220. The security level of 3G Authentication and Key Agreement is higher than the 2G SIM authentication. On the other hand, there are more than one billion people with SIMs in their phones and it will take long time to provision UICCs capable of 3G authentication to such a large population. Meanwhile there should be a way to offer services whose authentication is based on GAA also to 2G subscribers.
Mobile network operators could try first out the success of services without handing out new cards and after successful service usage migrate seamlessly to UICCs. This option leverages the mobile network operators investments into their SIM cards, while still provide easy migration. This could lower the threshold for operators to deploy more sophisticated services that usually would require a UICC from the start. In this way, it might even speed up the process of handing out UICCs to the subscribers. The initial roll-out phases of services and service success testing would not need to rely on passwords. In addition, the introduction of 2G GBA-based authentication provides a security and operational enhancement for users that rely on SIM. Also, the availability of 2G GBA will allow building services where authentication is performed and managed in an analogous way as using USIM. The protocol wherein the SIM card is used, decides the strength of the security of the whole system. Therefore, the solution described for an early implementation feature in this specifications targets to enhance GSM security to address the known GSM vulnerabilities when using 2G GBA.
It should be noted that the work outlined in this feature does not require any change to the existing SIM specifications, in particular GBA_U as in 3G GBA will not be included in 2G GBA.
This TR describes which change requests are to be implemented in addition to the Release 6 specifications
3GPP TS 33.220,
3GPP TS 24.109
and 3GPP TS 29.109
to enable the usage of 2G GBA.
|
|
|
| |
| Up |
Rapporteur: Silke Holtmanns |
|
|
|
|
|
|
|
|
|
|
| |
| Up |
Rapporteur: Peter Howard |
|
|
|
|
|
|
|
|
| | |
|
3GPP TR 33.980 |
SA3 |
|
Liberty Alliance Identity Federation Framework (ID-FF),
Identity Web Services Framework (ID-WSF)
and GAA |
|
This TR
provides guidelines on the interworking of the Generic Authentication Architecture (GAA) and the Liberty Alliance architecture. The document studies the details of possible interworking methods between the Security Assertion Markup Language v2.0, SAML v2.0 (or alternatively the Liberty Alliance Identity Federation Framework, ID-FF), the Identity Web Services Framework (ID-WSF) , the Security Assertion Markup Language (SAML) and a component of GAA called the Generic Bootstrapping Architecture (GBA). This document only applies if Liberty Alliance and GBA or SAML v2.0 and GBA are used in combination.
|
|
|
| |
| Up |
Rapporteur: Silke Holtmanns |
|
|
|
|
|
|
|
|
|
|
