TR 33.822
Security aspects for inter-Access Mobility
between non-3GPP and 3GPP Access Networks

3GPP‑Page fToC_↓ Partial Content _→

V8.0.0 (Wzip) 2008/12 30 p.

Rapporteur:: Dr. Zhang, Dajiang
Microsoft Europe SARL

full Table of Contents for TR 33.822 Word version: 8.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content

Scope p. 6

References p. 6

Definitions, symbols and abbreviations p. 7

3.1	Definitions p. 7
3.2	Symbols p. 7
3.3	Abbreviations p. 7

Authentication protocols across access systems p. 8

4.1	UMTS AKA p. 8
4.2	EAP-AKA p. 8
4.3	Others p. 9

Establishment of security contexts in the target access system p. 9

5.1	Establishment of security contexts with the support of SAE p. 9
5.2	Establishment of security contexts without the support of SAE p. 9

Establishment of IPsec tunnel between UE and PDG across the target non-3GPP access system (if required) p. 9

6.1	The source access system has a UE-PDG tunnel p. 10
6.2	The source access system does not have a UE-PDG tunnel p. 10

Security for IP based mobility p. 10

7.1

General requirement p. 10

7.2

Host based Mobility p. 11

7.2.1	Security associations used with Mobile IP p. 11
7.2.2	Security protocols used with Mobile IP p. 12

7.3

Bootstrapping of Mobile IP parameters p. 13

7.3.1	General p. 13
7.3.2	RFC3957 used in conjunction with GBA p. 13
7.3.3	Use GBA to generate MN-HA key p. 15
7.3.4	Use partial GBA to derive MN-HA Keys p. 16
7.3.5	Using IKEv2 p. 17
7.3.6	Security bootstrapping for DS MIPv6 using MIP options p. 18

7.4

Network based Mobility p. 20

7.4.1

PMIP p. 20

7.4.1.1

Introduction p. 20

7.4.1.2

Overview of PMIP usage in 3GPP p. 20

7.4.1.3

PMIP trust model p. 21

7.4.1.4

Security measures on the Reference points between the LMA and the MAG that have a trust relation p. 22

7.4.1.5

The need for using strong access authentication with Proxy Mobile IP p. 23

7.4.1.6

No trust relation between LMA and MAG on S2a p. 23

7.4.1.6.1	Security risks p. 23
7.4.1.6.2	Possible measures p. 24

7.4.2

NetLMM p. 24

Specific aspects of security for mobility between 3GPP access systems and non-3GPP access systems p. 25

8.1

Security for mobility between pre-SAE 3GPP access systems and non-3GPP access systems p. 25

8.2

Security context transfer between 3GPP and trusted non-3GPP access networks p. 25

8.3

ANDSF Security p. 26

8.3.1	General p. 26
8.3.2	Procedure p. 26

RFC 3957 p. 28

Change history p. 29

TR 33.822 Security aspects for inter-Access Mobility between non-3GPP and 3GPP Access Networks

full Table of Contents for TR 33.822 Word version: 8.0.0

TR 33.822
Security aspects for inter-Access Mobility
between non-3GPP and 3GPP Access Networks