Top   in Index   Prev   Next

TR 29.800
Signalling System No. 7 (SS7) Security Gateway;
Architecture, functional description and protocol details

3GPP‑Page   ToC  
V7.0.0 (Wzip)  2006/03  42 p.
Mr. Wiehe, Ulrich
Nokia Solutions & Networks (S)

full Table of Contents for  TR 29.800  Word version:  7.0.0

Here   Top

0  Introductionp. 4

Starting with 3GPP Release 4, the MAP protocol [1] allows for secure transport of signalling messages between MAP network entities (NEs). However, the standardized Rel-4 solution has several shortcomings:
  1. It is limited to secure MAP [1]. For other TCAP user like CAP [2] or SSAP [3] secure transport is not specified.
  2. It strongly impacts all MAP NEs (HLR, MSC-VLR, SGSN, gsmSCF, ...) resulting in high implementation costs.
For these and other reasons, GSMA IREG have requested to complete the gateway design and specification (see N4-041252). As a consequence SA3 have further refined their requirements (see C4-050523):
  1. The gateway concept will only include two 'protection profiles': 'Integrity only' and 'integrity and confidentiality'.
  2. The security mechanism will be applied by the gateway above the TCAP layer. The target is to apply protection in a way which is agnostic to the application protocol, so that it can protect other protocols in addition to MAP. It is also hoped that the message format, security header, etc. from the MAPsec Rel-4 specification can be re-used.
  3. Explicit verification of SCCP and MAP-payload addresses against MAPsec SPI will be studied.
  4. The MAPsec gateway concept and the MAPsec Rel-4 NE-based solution need not coexist. A solution will be found, in co-operation with the specification manager, e.g. to 'delete' the MAPsec Rel-4 NE-based solution from the 3GPP specs, or to make it clear in the gateway specifications that interworking with the MAPsec Rel-4 NE-based solution is not supported.

1  Scopep. 5

The present document is a temporary container for the functional description of the SS7 Security Gateway. The document covers also network architecture, routeing considerations, and protocol details. The contents of this report when stable will be moved into a Technical Specification 3GPP TS ab.cde. At the same time specific material related to MAPsec will be removed from TS 29.002.

2  Referencesp. 5

3  Definitions, symbols and abbreviationsp. 5

4  Network Architecturep. 6

5  Detailed Behaviour of the SS7 Security Gatewayp. 13

A  Migration Strategyp. 40

$  Change historyp. 42

Up   Top