TR 33.790
Study on the Security support for the next generation Real Time Communication services Phase 2

3GPP‑Page fToC_↓ Partial Content _→

V19.1.0 (Wzip) 2025/09 … p.

Rapporteur:: Dr. Tsiatsis, Vlasios
Ericsson LM

full Table of Contents for TR 33.790 Word version: 19.1.0

each clause number in 'red' refers to the equivalent title in the Partial Content

Scope p. 8

References p. 8

Definitions of terms, symbols and abbreviations p. 9

3.1	Terms p. 9
3.2	Symbols p. 9
3.3	Abbreviations p. 9

Assumptions p. 10

4.1	General p. 10
4.2	Architectural Assumptions and Principles p. 10

Key issues p. 10

5.1

Key issue #1: Third party specific user identities p. 10

5.1.1	Key issue details p. 10
5.1.2	Threats p. 10
5.1.3	Potential security requirements p. 11

5.2

Key issue #2: Security of IMS based Avatar Communication p. 11

5.2.1	Key issue details p. 11
5.2.2	Threats p. 11
5.2.3	Potential security requirements p. 11

5.3

Key Issue #3: Security and privacy aspects of IMS DC capability exposure p. 12

5.3.1	Key issue details p. 12
5.3.2	Security threats p. 12
5.3.3	Potential security requirements p. 12

Solutions p. 13

6.0

Mapping between key issues and solutions p. 13

6.1

Solution #1: Signing/verification of third party ID information p. 13

6.1.1	Introduction p. 13
6.1.2	Solution details p. 13
6.1.3	Evaluation p. 15

6.2

Solution #2: Security of 3rd party specific identities p. 15

6.2.1

Introduction p. 15

6.2.2

Solution details p. 15

6.2.2.1	Solution Description p. 15
6.2.2.2	How the Originating IMS network invokes the signing on behalf of 3rd party (SIP trunk) p. 18
6.2.2.3	How the Originating IMS network invokes the signing on behalf of 3rd party (Single SIP registration) p. 20

6.2.3

Evaluation p. 21

6.3

Solution #3: Support of Third Party specific User Identities in IMS using STIR/SHAKEN p. 21

6.3.1	Introduction p. 21
6.3.2	Solution detail p. 23
6.3.3	Evaluation p. 25

6.4

Solution #4: SHAKEN based third-party specific user identities p. 25

6.4.1

Introduction p. 25

6.4.2

Solution details p. 25

6.4.2.1	General procedures p. 25
6.4.2.2	Alternative authorisation procedure p. 27

6.4.3

Evaluation p. 27

6.5

Solution #5: Securing the IMS based avatar communication p. 27

6.5.1

Introduction p. 27

6.5.2

Solution details p. 27

6.5.2.0	General p. 27
6.5.2.1	Network centric procedure p. 28
6.5.2.2	Sending UE centric procedure p. 29
6.5.2.3	Receiving UE centric procedure p. 30

6.5.3

Evaluation p. 31

6.6

Solution #6: Solution for secure IMS based avatar communication p. 31

6.6.1

Introduction p. 31

6.6.2

Solution details p. 32

6.6.2.1	Network centric IMS avatar call flow p. 32
6.6.2.2	Sending UE centric IMS avatar call flow p. 33
6.6.2.3	Receiving UE centric IMS avatar call flow p. 34
6.6.2.4	UE1 attestation p. 35

6.6.3

Evaluation p. 35

6.7

Solution #7: Protect IMS DC based Avatar Communication p. 35

6.7.1

Introduction p. 35

6.7.2

Solution details p. 36

6.7.2.0	General p. 36
6.7.2.1	Procedure to protect IMS DC based Avatar Communication (Network based Rendering) p. 36
6.7.2.2	Procedure to protect IMS DC based Avatar Communication (UE-A based Rendering) p. 39
6.7.2.3	Procedure to protect IMS DC based Avatar Communication (UE-B based Rendering) p. 40

6.7.3

Evaluation p. 40

6.8

Solution #8: Security for IMS based Avatar Communication p. 41

6.8.1	Introduction p. 41
6.8.2	Solution details p. 41
6.8.3	Evaluation p. 45

6.9

Solution #9: Secure IMS DC capability exposure p. 45

6.9.1

Introduction p. 45

6.9.2

Solution details p. 45

6.9.2.0	General p. 45
6.9.2.1	Procedure of DC AS authorization for DC event subscription p. 45
6.9.2.2	Procedure of DC AS authorization for data channel session control p. 46

6.9.3

Evaluation p. 47

6.10

Solution #10: User aware IMS DC capability exposure p. 48

6.10.1	Introduction p. 48
6.10.2	Solution details p. 48
6.10.3	Evaluation p. 48

6.11

Solution #11: IMS (DC) capability exposure security based on existing specification p. 48

6.11.1

Introduction p. 48

6.11.2

Solution details p. 48

6.11.2.1	General p. 48
6.11.2.2	IMS event exposure security p. 48
6.11.2.3	IMS DC session control exposure security p. 51

6.11.3

Evaluation p. 51

6.12

Solution #12: Solution for secure IMS based avatar communication using STIR/SHAKEN p. 52

6.12.1

Introduction p. 52

6.12.2

Solution details p. 52

6.12.2.1	Network centric IMS avatar call flow p. 52
6.12.2.2	Sending UE centric IMS avatar call flow p. 53
6.12.2.3	Receiving UE centric IMS avatar call flow p. 54

6.12.3

Evaluation p. 54

6.13

Solution #13: IMS avatar communication security based on existing specification p. 55

6.13.1

Introduction p. 55

6.13.2

Solution details p. 55

6.13.2.1	General p. 55
6.13.2.2	Security for the Sending UE centric procedure p. 55
6.13.2.3	Security for the Receiving UE centric procedure p. 56
6.13.2.4	Security for the Network centric procedure p. 58

6.13.3

Evaluation p. 58

Conclusions p. 59

7.1	Conclusions for Key Issue #1: Third party specific user identities p. 59
7.2	Conclusions for Key Issue #2: Security of IMS based Avatar Communication p. 59
7.3	Conclusions for Key Issue #3: Security and privacy aspects of IMS DC capability exposure p. 60

Change history p. 57

TR 33.790 Study on the Security support for the next generation Real Time Communication services Phase 2

full Table of Contents for TR 33.790 Word version: 19.1.0

TR 33.790
Study on the Security support for the next generation Real Time Communication services Phase 2