Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TS 33.328
IP Multimedia Subsystem (IMS) Media Plane Security

3GPP‑Page   ETSI‑search   fToC   Partial Content
V19.2.0 (PDF)2025/12  … p.
V18.4.0  2025/06  87 p.
V17.1.0  2022/03  75 p.
V16.1.0  2021/03  74 p.
V15.1.0  2021/03  74 p.
V14.1.0  2021/03  74 p.
V13.1.0  2021/03  74 p.
V12.9.0  2021/03  74 p.
V11.0.0  2012/09  44 p.
V10.0.0  2011/04  44 p.
V9.3.0  2010/12  44 p.
Rapporteur:
Mr. Evans, Tim P.
VODAFONE Group Plc

full Table of Contents for  TS 33.328  Word version:  19.1.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
0Introduction  p. 8
1Scope  p. 9
2References  p. 9
3Definitions, symbols and abbreviations  p. 11
3.1Definitions  p. 11
3.2Symbols  p. 12
3.3Abbreviations  p. 12
4IMS media plane security overview  p. 12
4.1Introduction  p. 12
4.1.1General  p. 12
4.1.2Overview of key management solutions for IMS media plane security  p. 13
4.1.2.1SDES based solution  p. 13
4.1.2.2KMS based solution  p. 13
4.1.2.3Certificate fingerprints based solution for e2ae TLS/DTLS  p. 14
4.1.2.4Certificate fingerprints based solution for e2DCe DTLS  p. 14
4.1.2.5Certificate fingerprints based solution for e2e DTLS  p. 14
4.2IMS media plane security architecture  p. 15
4.2.1General  p. 15
4.2.2E2ae security  p. 15
4.2.3E2e security using SDES  p. 16
4.2.4E2e security using KMS  p. 16
4.2.5E2DCe security  p. 17
4.2.6E2e security for IMS Data Channels  p. 18
5IMS media plane security features  p. 18
5.1General  p. 18
5.2Media integrity protection  p. 19
5.3Media confidentiality protection  p. 19
5.4Authentication and authorization  p. 19
5.4.1Authentication and authorization for e2ae protection  p. 19
5.4.2Authentication and authorization for e2e protection using SDES  p. 20
5.4.3Authentication and authorization for e2e protection using KMS  p. 20
5.4.4Authentication and authorization for e2DCe protection  p. 21
5.4.5Authentication and authorization for e2e protection using DTLS  p. 21
5.5Security properties of key management, distribution and derivation  p. 21
5.5.1General security properties for protection using SDES  p. 21
5.5.2Additional security properties for e2ae protection using SDES  p. 22
5.5.3Security properties for e2e protection using KMS  p. 22
5.5.4Security properties for e2ae protection using TLS/DTLS  p. 22
5.5.5Security properties for e2ae protection using DTLS-SRTP  p. 23
5.5.6Security properties for e2DCe protection using DTLS  p. 23
6Security mechanisms  p. 23
6.1Media security mechanisms  p. 23
6.1.1Media security mechanisms for real-time traffic  p. 23
6.1.2Media security mechanisms for session based messaging (MSRP)  p. 23
6.1.3Media security mechanisms for IMS data channels  p. 24
6.2Key management mechanisms for media protection  p. 24
6.2.1Key management mechanisms for e2ae protection  p. 24
6.2.1.1Endpoints for e2ae protection  p. 24
6.2.1.2Key management protocol for e2ae protection  p. 24
6.2.1.3Functional extension of the Iq interface for e2ae protection  p. 25
6.2.1.3.1Functional extension of the Iq interface for e2ae protection for RTP  p. 25
6.2.1.3.2Functional extension of the Iq interface for e2ae protection for MSRP  p. 25
6.2.2Key management mechanisms for e2e protection using SDES  p. 25
6.2.3Key management mechanisms for e2e protection using KMS  p. 26
6.2.3.1General  p. 26
6.2.3.2KMS user and user group identities  p. 26
6.2.3.3IMS UE local policies  p. 27
6.2.3.4Ticket data  p. 27
6.2.3.4.1Ticket format  p. 27
6.2.3.4.2Allocation of ticket subtype and version for ticket type 2  p. 27
6.2.3.5Authentication of public identities in REQUEST_INIT and RESOLVE_INIT  p. 27
6.2.3.6Authentication of terminating user identity  p. 27
6.2.3.7Reusable tickets  p. 28
6.2.3.8Signalling between KMSs  p. 28
6.2.4Key management mechanisms for e2DCe protection  p. 28
6.2.4.1Endpoints for e2DCe protection  p. 28
6.2.4.2Key management protocol for e2DCe protection  p. 28
6.2.4.3Functional extension of the Mw, ISC, and DC2 interfaces for e2DCe protection  p. 29
6.2.4.3.1Functional extension of the Mw, ISC, and DC2 interfaces for e2Dce protection for IMS data channel  p. 29
7Security association set-up procedures for media protection  p. 29
7.1IMS UE registration procedures  p. 29
7.1.1Indication of support for e2ae security for RTP based media  p. 29
7.1.2Indication of support for e2ae security for MSRP  p. 30
7.1.3Indication of support for e2DCe security for IMS data channel  p. 30
7.2IMS UE originating procedures  p. 30
7.2.1IMS UE originating procedures for e2ae  p. 30
7.2.2IMS UE originating procedures for e2e using SDES  p. 33
7.2.3IMS UE originating procedures for e2e using KMS  p. 35
7.2.4IMS UE originating procedures for e2DCe  p. 36
7.2.5IMS UE originating procedures for e2e using TLS/DTLS certificate / fingerprint  p. 38
7.3UE terminating procedures  p. 39
7.3.1UE terminating procedures for e2ae  p. 39
7.3.2IMS UE terminating procedures for e2e using SDES  p. 42
7.3.3IMS UE terminating procedures for e2e using KMS  p. 44
7.3.4UE terminating procedures for e2DCe  p. 45
7.3.5IMS UE terminating procedures for e2e using TLS/DTLS certificate / fingerprint  p. 47
7.4Session update procedures  p. 47
7.5Handling of emergency calls  p. 47
A(Normative)  HTTP based key management messages  p. 48
A.1General aspects  p. 48
A.2Key management procedures  p. 48
A.3Error situations  p. 49
B(Normative)  KMS based key management  p. 50
B.1UE originating procedures  p. 50
B.1.1Preconditions  p. 50
B.1.2Procedures  p. 50
B.2UE terminating procedures  p. 51
B.2.1General  p. 51
B.2.2Procedures for the case with one KMS domain  p. 51
B.2.2.1Preconditions  p. 51
B.2.2.2Procedures  p. 51
B.2.3Procedures for the case with two KMS domains  p. 52
B.2.3.1Preconditions  p. 52
B.2.3.2Procedures  p. 52
C(Normative)  SRTP profiling for IMS media plane security  p. 54
D(Normative)  MIKEY-TICKET profile for IMS media plane security  p. 55
D.1Scope  p. 55
D.2General  p. 55
D.2AKeys, RANDs and algorithms  p. 55
D.3Exchanges  p. 55
D.3.1Ticket Request  p. 55
D.3.2Ticket Transfer  p. 56
D.3.3Ticket Resolve  p. 56
D.4Profiling of tickets  p. 56
E(Normative)  Profiling of SDES  p. 58
F(Normative)  IMS media plane security for immediate messaging  p. 59
F.1Voidp. …
F.2Security for immediate messaging based on SIP signalling security  p. 59
F.3Security for immediate messaging based on MIKEY-TICKET  p. 59
F.3.1UE sends a SIP MESSAGE  p. 59
F.3.2UE receives a SIP MESSAGE  p. 60
F.3.3List server forwards a SIP MESSAGE to multiple recipients using a PSI  p. 61
F.3.4List server forwards a SIP MESSAGE to multiple recipients using a URI-list  p. 61
G(Normative)  IMS media plane security for conferencing  p. 62
G.1General aspects  p. 62
G.2Security for conferencing based on SIP signalling security  p. 62
G.3Security for conferencing based on MIKEY-TICKET  p. 63
G.3.1Conference creation and policy control  p. 63
G.3.2User joining a secure conference  p. 64
G.3.3Subscribing to conference event package  p. 64
H(Normative)  Setup of TLS-PSK using MIKEY-TICKET  p. 65
H.1The TLS Prot Type  p. 65
H.2Establishing a TLS connection  p. 66
H.3Usage with SDP  p. 66
I(Normative)  Pre-shared key MIME protection  p. 67
I.1The smime-type parameter  p. 67
I.2The Auth-Enveloped S/MIME type  p. 67
I.2.1General  p. 67
I.2.2Creating an Auth-Enveloped message  p. 68
I.3Transferring KEK using MIKEY-TICKET  p. 68
I.4MIKEY-TICKET profile for pre-shared key MIME protection  p. 69
J(Normative)  IANA considerations  p. 71
J.1IANA assignments  p. 71
K(Normative)  MIKEY general extension payload for message proof-of-origin  p. 71
K.1Payload format  p. 71
L(Normative)  IMS media plane security for T.38 fax  p. 72
L.1Introduction  p. 72
L.2Use cases  p. 72
L.3e2ae security for T.38 fax using DTLS  p. 73
M(Normative)  TLS profile for IMS media plane security  p. 74
M.1General  p. 74
N(Normative)  IMS media plane security interworking for WebRTC access to IMS and IMS data channels  p. 75
N.1General  p. 75
N.2Media security for RTP  p. 75
N.2.1General  p. 75
N.2.2e2ae security for RTP using DTLS-SRTP  p. 75
N.3Media security for WebRTC and IMS data channels  p. 76
N.3.1General  p. 76
N.3.2e2ae security for WebRTC data channels  p. 78
N.3.3e2DCe security for IMS data channels  p. 79
N.3.4e2e security for IMS data channels  p. 80
O(Normative)  Profiling of DTLS-SRTP  p. 81
P(Normative)  Security aspects of next generation real time communication services  p. 82
P.1Security aspects of SBA in IMS media control interface  p. 82
P.1.1General  p. 82
P.1.2Protection at the network or transport layer  p. 82
P.1.3Authentication and authorization  p. 82
Q(Normative)  Security and privacy for IMS capability exposure  p. 83
Q.1General  p. 83
Q.2Security requirements  p. 83
Q.3Procedures  p. 83
R(Normative)  Security for IMS avatar communication  p. 84
R.1General  p. 84
R.2Security requirements  p. 84
R.3Security Procedures  p. 84
$Change history  p. 86

Up   Top