This TS defines the security architecture for network domain IP based control planes, which shall be
applied to NDS/IP-networks (i.e. 3GPP and fixed broadband networks). The scope of network domain control plane
security is to cover the control signalling on selected interfaces between network elements of NDS/IP networks.
An identified security weakness in GPRS systems is the absence of security in the core network. This was formerly perceived not to be a problem, since the GPRS networks previously were the provinces of a small number of large institutions. This is no longer the case, and so there is now a need for security precautions. Another significant development has been the introduction of IP as the network layer in the GPRS backbone network and then later in the UMTS network domain. Furthermore, IP is not only used for signalling traffic, but also for user traffic. The introduction of IP therefore signifies not only a shift towards packet switching, which is a major change by its own accounts, but also a shift towards completely open and easily accessible protocols. The implication is that from a security point of view, a whole new set of threats and risks must be faced.
For UMTS and fixed broadband systems it is a clear goal to be able to protect the core network signalling protocols, and by implication this means that security solutions must be found for both SS7 and IP based protocols.
Starting with LTE, but especially with 5G, security of signalling protocols moves onto the application layer. The current document is the central repository of the protection mechanisms and profiles for these protocols.
This document is the stage-2 specification for IP related security in the 3GPP and fixed broadband core networks.
The security services that have been identified as being needed are confidentiality, integrity, authentication and anti-replay protection. These will be ensured by standard procedures, based on cryptographic techniques.