Tech-invite  3GPPspecsRELsGlossariesSIP

Top   in Index   Prev   Next

TS 33.210SA3
3G Security –
Network Domain Security (NDS)
IP Network Layer Security

use "3GPP‑Page" to get the Word version
use "ETSI‑search" to get the PDF version
for a better overview, the Table of Contents (ToC) is reproduced
V16.3.0 (Wzip)2020/03  27 p.
V15.2.2 (PDF)  2019/09  30 p.
V14.0.0  2016/12  26 p.
V13.0.0  2015/12  25 p.
V12.2.0  2012/12  26 p.
V11.4.0  2012/09  26 p.
V10.3.0  2011/06  26 p.
V9.1.0  2010/06  25 p.
V8.3.0  2009/06  25 p.
V7.3.0  2007/09  23 p.
V6.6.0  2006/10  23 p.
V5.5.0  2003/09  21 p.

Rapporteur:  Mr. Kohalmi, Steve

This TS defines the security architecture for network domain IP based control planes, which shall be applied to NDS/IP-networks (i.e. 3GPP and fixed broadband networks). The scope of network domain control plane security is to cover the control signalling on selected interfaces between network elements of NDS/IP networks.
3GPP 33.210 - NDS architecture for IP-based protocols
An identified security weakness in GPRS systems is the absence of security in the core network. This was formerly perceived not to be a problem, since the GPRS networks previously were the provinces of a small number of large institutions. This is no longer the case, and so there is now a need for security precautions. Another significant development has been the introduction of IP as the network layer in the GPRS backbone network and then later in the UMTS network domain. Furthermore, IP is not only used for signalling traffic, but also for user traffic. The introduction of IP therefore signifies not only a shift towards packet switching, which is a major change by its own accounts, but also a shift towards completely open and easily accessible protocols. The implication is that from a security point of view, a whole new set of threats and risks must be faced.
For UMTS and fixed broadband systems it is a clear goal to be able to protect the core network signalling protocols, and by implication this means that security solutions must be found for both SS7 and IP based protocols.
Starting with LTE, but especially with 5G, security of signalling protocols moves onto the application layer. The current document is the central repository of the protection mechanisms and profiles for these protocols.
This document is the stage-2 specification for IP related security in the 3GPP and fixed broadband core networks.
The security services that have been identified as being needed are confidentiality, integrity, authentication and anti-replay protection. These will be ensured by standard procedures, based on cryptographic techniques.

full Table of Contents for  TS 33.210  Word version:   16.2.0

Here   Top
1  ScopeWord-p. 6
2  References
3  Definitions, symbols and abbreviationsWord-p. 8
4  Overview over network domain security for IP based protocolsWord-p. 10
5  Key management and distribution architecture for NDS/IPWord-p. 11
6  Other 3GPP profiles [R16]Word-p. 17
A  Other issuesWord-p. 21
B (Normative)  Security protection for GTPWord-p. 22
C (Normative)  Security protection of IMS protocolsWord-p. 24
D (Normative)  Security protection of UTRAN/GERAN IP transport protocols [R6]Word-p. 25
E  RFC-4303 compared with RFC-2406 [R8]Word-p. 26
F  Change historyWord-p. 27

Up   Top