Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 29.109  Word version:  18.0.0

Top   Top   None   None   Next
1…   4…

 

1  Scopep. 5

The present stage 3 specification defines the Diameter based implementation for bootstrapping Zh interface (BSF-HSS) and Dz interface (BSF-SLF) for HSS resolution for the BSF, the MAP based implementation for bootstrapping Zh' interface (BSF-HLR) and GAA Application Zn interface (BSF-NAF) in Generic Authentication Architecture (GAA). This specification also defines the Web Services based implementation for GAA Application Zn reference point (BSF-NAF). The definition contains procedures, message contents and coding. The procedures for bootstrapping and usage of bootstrapped security association are defined in TS 33.220.
The present document also specifies the Diameter and Web Services based implementation for the GAA Application Push Function Zpn reference point (BSF-NAF). The procedures for bootstrapping are defined in TS 33.223.
This specification is a part of the Generic Authentication Architecture (GAA) specification series.
The diameter based implementation for the Zh interface is based on re-usage of Cx interface Multimedia-Auth-Request/Answer messages originally between CSCF and HSS. These messages are defined in TS 29.229. The 3GPP IMS mobility management uses the same definitions between CSCF and HSS. The present document defines how the defined messages are used with the bootstrapping and GAA application procedures (e.g. subscriber certificates) and the application logic that is needed in GAA network elements (BSF, HSS, and NAF).
Figure 1.1 depicts the relationships of these specifications to the other specifications for the Diameter based implementations.
Copy of original 3GPP image for 3GPP TS 29.109, Fig. 1.1:  Relationships to other specifications
Figure 1.1: Relationships to other specifications
(⇒ copy of original 3GPP image)
Up
Figure 1.2 provides an informal overall quick introduction to the whole signalling procedures in GAA system. The important identifiers are marked bold and optional data items are italicised. The Ub and Ua interfaces, not defined in this TS, are simplified.
Copy of original 3GPP image for 3GPP TS 29.109, Fig. 1.2: The whole signalling procedure in GAA system
Up
Figure 1.3 provides an informal overall quick introduction to the whole signalling procedures in GAA Push Function. The important identifiers are marked bold and optional data items are italicised. The Ua and Upa interfaces, not defined in this TS, are simplified.
Copy of original 3GPP image for 3GPP TS 29.109, Fig. 1.3: Signalling procedure in GAA Bootstrapping Push Function
Up

2  Referencesp. 9

The following documents contain provisions that, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]  Void.
[2]
TS 29.228: "IP Multimedia (IM) Subsystem Cx and Dx Interfaces; Signalling flows and message contents".
[3]
TS 29.229: "Cx and Dx interfaces based on the Diameter protocol".
[4]
TR 33.919: "Generic Authentication Architecture (GAA); System Description".
[5]
TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture".
[6]
TS 33.221: "Generic Authentication Architecture (GAA); Support for Subscriber Certificates".
[7]
TS 24.109: "Bootstrapping interface (Ub) and Network application function interface (Ua);Protocol details".
[8]
TS 29.230: "Diameter applications; 3GPP specific codes and identifiers"
[9]
RFC 3589:  "Diameter Command Codes for Third Generation Partnership Project (3GPP)".
[10]
TS 23.008: "Organisation of subscriber data"
[11]
TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using secure hypertext transfer protocol (HTTPS)".
[12]
TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2"
[13]
W3C: "Web Services Activity", http://www.w3.org/2002/ws/.
[14]
W3C: "Web Services Description Language (WSDL) Version 2.0 Part 0: Primer", http://www.w3.org/TR/2005/WD-wsdl20-primer-20050803/.
[15]
TR 33.980: "Liberty Alliance and 3GPP Security Interworking; Interworking of Liberty Alliance ID-FF, ID-WSF and Generic Authentication Architecture".
[16]
Liberty Alliance Project: "Liberty ID-FF Authentication Context Specification".
[17]
TS 33.110: "Key establishment between a Universal Integrated Circuit Card (UICC) and a terminal"
[18]
TS 33.259: "Key establishment between a UICC Hosting Device and a Remote Device"
[19]
TS 29.002: "Mobile Application Part (MAP) Specification"
[20]
TS 33.102: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security architecture".
[21]
TS 23.003: "Numbering, addressing and identification".
[22]
OASIS Standard: "Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0 OASIS Standard, 15 March 2005, saml-authn-context-2.0-os".
[23]
TS 33.223: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) Push Function".
[24]
TS 33.402: "3GPP System Architecture Evolution (SAE); Security aspects of non-3GPP accesses".
[25]  Void
[26]
TS 26.237: "IP Multimedia Subsystem (IMS) based Packet Switched Streaming (PSS) Multimedia Broadcast/Multicast Services (MBMS); User Service; Protocols".
[27]  Void
[28]  Void
[29]
TR 33.924: "Identity Management and 3GPP Security Interworking; Identity Management and Generic Authentication Architecture (GAA) Interworking".
[30]
TS 33.224: "Generic Authentication Architecture (GAA); Generic Push Layer".
[31]
TS 33.203: "Access security for IP-based services".
[32]
TS 29.329: " Sh Interface based on the Diameter protocol; Protocol details".
[33]
RFC 6733:  "Diameter Base Protocol".
Up

3  Definitions, symbols and abbreviationsp. 11

3.1  Definitionsp. 11

For the purposes of the present document, the terms and definitions given in TS 23.008, TR 33.919, TS 33.220 apply with following additions.
Bootstrapping information (Bootstrapped data) in a BSF:
consists of a bootstrapping transaction identifier (B-TID), a key material (Ks), the key lifetime (expiry time), the boostrapinfo creation time, the IMPI and the GUSS (if received from HSS) with BSF control information. Each bootstrapping procedure creates a bootstrapped data entity with B-TID as retrieval key..
GAA application:
an application that uses the security association created by GBA Bootstrapping procedure.
GAA service:
an operator specific end user service that uses the security association created by GAA Bootstrapping procedure. GAA services are identified by GAA Service Identifiers. A GAA service is implemented using some standardised or propriatary GAA application defined by GAA application type.
NAF specific Bootstrapping information:
transferred from a BSF to a NAF contains NAF and its service specific parts from bootstrapped data and needed key information derived from the bootstrapped data.
Service/Application:
The term service is used here in its common meaning. A service is something that a MNO offers to subscribers. GAA Services are identified by GAA Service Identifier (GSID). In stage 2 documents ([4], [5], [6] and [11]) the term application is used in the same meaning i.e. MNOs offer applications to subscribers. There is a reason to avoid the usage of the term application here. The application is an already reserved term in Diameter. In Diameter applications are identified by Application Identifiers.
Up

3.2  Symbolsp. 11

For the purposes of the present document, the terms and definitions given in TS 23.008.

3.3  Abbreviationsp. 12

For the purposes of the present document, the following abbreviations apply:
AK
Anonymity Key
AKA
Authentication and Key Agreement
AUTN
Authentication token
AV
Authentication Vector. 3GPP AV=[RAND,AUTN,XRES,CK,IK].
AVP
Attribute-Value-Pair in Diameter messages.
BIA
BootstrappingInfo-Answer message
BIR
BootstrappingInfo-Request message
BS
BootStrapping Procedure
BSF
Bootstrapping server functionality. BSF is hosted in a network element under the control of an MNO.
B-TID
Bootstrapping Transaction Identifier
CA
Certificate Authority
CK
Confidential Key
FQDN
Full Qualified Domain Name in URI (e.g. http://FQDN:80)
GAA
Generic Authentication Architecture
GBA
Generic Bootstrapping Architecture
GPI
GBA Push Information
GSID
GAA Service Identifier
GUSS
GBA User Security Settings
HSS
Home Subscriber System
IK
Integrity Key
IMPI
IP Multimedia Private Identity
IMPU
IP Multimedia Public Identity
Ks
Key Material
Ks_ext_NAF
MEbased key for a specific NAF
Ks_int_NAF
UICC based key for a specific NAF
ME
Mobile Equipment
MNO
Mobile network operator
NAF
Operator-controlled network application function functionality. NAF is hosted in a network element under the control of an MNO.
P-TID
Push Temporary Identifier
RAND
Random challenge in authentication
REQ
In Diameter header indicates that the message is a Request.
SCTP
Stream Control Transmission Protocol
SLF
Subscription Location Function
SSC
Subscriber Certificate Procedure
Ua
UE-NAF interface for GAA applications
Ub
UE-BSF interface for bootstrapping
UE
User Equipment
USS
User Security Settings (a part of GUSS)
XRES
Expected response in authentication
Zh
BSF-HSS interface for bootstrapping procedure
Zh'
BSF-HLR interface for bootstrapping procedure
Zn
BSF-NAF interface for GAA applications
Zpn
BSF-NAF interface for GBA push.
Up

Up   Top   ToC