Tech-invite   3GPPspecs   Glossaries   IETFRFCs   Groups   SIP   ABNFs   Ti+   Search in Tech-invite

Top   in Index   Prev   Next

TR 29.828 (CT4)
Study on Extended IMS Media Plane Security Features
and TCP-related Network Address Translation (NAT) Traversal support –
IMS H.248 Profiles aspects

3GPP‑Page   full‑ToC    
use "3GPP‑Page" to get the Word version
for a better overview, the Table of Contents (ToC) is reproduced
V12.1.0 (Wzip)  2015/01  111 p.


Rapporteur:  Mr. Landais, Bruno

The present document investigates the IMS H.248 profiles requirements and procedures to support the stage 2 requirements specified in TS 33.328 for Extended IMS media plane security features.

This includes in particular the following aspects:
  • Provide end-to access edge protection of session based messaging (MSRP) traffic using TLS and certificates fingerprints exchanged over SDP;
  • Provide end-to-end protection of session based messaging (MSRP) traffic using TLS;
  • Provide end-to access edge protection of BFCP based traffic, using TLS and certificates fingerprints exchanged over SDP;
  • Provide optional support of TLS protection of BFCP and MSRP based traffic at the Conference Server.
  • Analyse requirements and procedures for end-to-end TCP bearer connection control and related NAT traversal support.
    NOTE:  this aspect is not specific to media security and may result in normative work via another work item.
  • Provide support of TCP-based IP transport connections for TLS security sessions, which includes possible NAT traversal support during the TCP connection establishment phase, possible correlations between the establishment (and release) events of TCP connections with TLS session establishment (and release).
  • Provide end-to access edge protection of T.38 fax using DTLS.
This study will cover:
  • Identification of the key issues and the main design considerations that should drive the definition of stage 2 requirements and procedures for the Iq, Ix and Mp profiles;
  • Identification of the requirements and procedures for the Iq, Ix and Mp profiles for support of end-to-access edge and end-to-end media security for session-based messaging (MSRP) and conferencing (BFCP);
  • Identification of the requirements and procedures for the Iq profile for support of end-to-access edge media security for T.38 fax over UDPTL/UDP transport;
  • Identification of the ITU-T H.248 extensions necessary to fulfil the 3GPP requirements and identification of potential missing gaps that should be taken into account by ITU-T Q3/16;
  • Conclusions and Recommendations for the normative work.
The results of this study will be used to identify the changes required in the 3GPP specifications to support Extended IMS media plane security.

full Table of Contents for  TR 29.828  Word version:   12.1.0

 

Here   Top

 

 

1  ScopeWord-p. 8
2  References
3  Definitions and abbreviationsWord-p. 11
4  Key issues and Design considerations for Extended IMS media plane security featuresWord-p. 13
4.1  Media security for Session based messaging (MSRP)
4.2  Media security for conferencing (BFCP)Word-p. 20
4.3  TLS proceduresWord-p. 22
4.4  TCP procedures
4.5  MGC information baseline for gateway control decisionsWord-p. 35
4.6  Media security for T.38 fax over UDPTL/UDP transport
5  IMS-ALG/ IMS-AGW interface (Iq)Word-p. 38
5.1  Requirements
5.1.1  End-to-access edge security for TCP-based media using TLS
5.1.2  End-to-end security for TCP-based media using TLS
5.1.3  End-to-access edge security for UDP-based media using DTLS
5.1.4  MSRP handlingWord-p. 43
5.2  ProceduresUp
5.2.1  End-to-access edge security for TCP-based media using TLS
5.2.2  End-to-end security for TCP-based media using TLSWord-p. 62
5.2.3  End-to-access edge security for UDP-based media using DTLS
6  IBCF/ TrGW interface (Ix)Word-p. 67
7  MRFC/ MRFP interface (Mp)Word-p. 68
8  3GPP- ITU-T H.248 requirements gap analysisWord-p. 81
9  Conclusions and recommendationsWord-p. 82
A  Impacts on existing specificationsWord-p. 83
B  Release 12 requirements and procedures for extended media securityWord-p. 84
C  Interworking between sessmatch and CEMAWord-p. 97
D  Preventing TLS establishment collision without a TLS B2BUAWord-p. 101
E  Example end-to-end network scenarioWord-p. 102
F  Example traffic flow (communication establishment phase)Word-p. 108
G  Change historyWord-p. 111

Up   Top