The present document is part of a TS-family covering the 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Telecommunication management; as identified below:
TS 32.371: "Security Management concept and requirements".
TS 32.372: "Security services for Integration Reference Points (IRP); Information Service (IS)".
TS 32.376: "Security services for Integration Reference Point (IRP); Solution Set (SS) definitions".
In 3GPP SA5 context, IRPs are introduced to address process interfaces at the Itf-N interface. The Itf-N interface is built up by a number of Integration Reference Points (IRPs) and a related Name Convention, which realise the functional capabilities over this interface. The basic structure of the IRPs is defined in TS 32.101
and TS 32.102
. An IRP consists of IRPManager and IRPAgent. Usually there are three types of transaction between IRPManager and IRPAgent, which are operation invocation, notification, and file transfer.
However, there are different types of intentional threats against the transaction between IRPManagers and IRPAgents. All the threats are potential risks of damage or degradation of telecommunication services, which operators should take measures to reduce or eliminate to secure the telecommunication service, network, and data.
By introducing Security Management, the present document describes security mechanisms to relieve the threats between IRPManagers and IRPAgents.
As described in TS 32.101
, the architecture of Security Management is divided into two layers:
Layer A - Application Layer.
Layer B - O&M IP Network.
The threats and Security Management requirements of different layers are different, which should be taken into account respectively.
3GPP defines three types of IRP specifications, (see TS 32.102
). One type relates to the definitions of the interface deployed across the Itf-N. These definitions need to be agreed between the IRPManagers and IRPAgents so that meaningful communication can occur between them. An example of this type is the Alarm IRP.
The other two types (NRM IRP and Data Definition IRP) relate to the network resource model (schema) of the managed network. This network schema needs to be agreed between the IRPManagers and IRPAgents so that the IRPAgent can provide network management services to the IRPManager. An example of this type is the UTRAN NRM IRP.
This Information Service specification is applicable to the Interface IRP specifications. That is to say, it is concerned only with the security aspects of operations/notifications/files deployed across the Itf-N.
The purpose of the present document is to specify the necessary security features, services and functions to protect the network management data, including Requests, Responses, Notifications and Files, exchanged across the Itf N.
The present document specifies the Security Service for IRP Information Service.
This Security Service for IRP IS defines the semantics of management information visible across the Itf-N in a protocol and technology neutral way. It does not define the syntax or encoding of the operations and their parameters.
This Information Service specification is related to TS 32.371