TR 33.823
Security for Usage of GBA
with a UE Browser

V12.2.0 (Wzip) 2013/12 18 p.

full Table of Contents for TR 33.823 Word version: 12.2.0

each clause number in 'red' refers to the equivalent title in the Partial Content

Introduction p. 4

Scope p. 5

References p. 5

Definitions and abbreviations p. 6

3.1	Definitions p. 6
3.2	Abbreviations p. 6

Objectives for the Architecture using GBA from a UE web browser p. 7

4.1	Introduction p. 7
4.2	Objectives p. 7

Usage Scenarios and accompanying Threats for using GBA from a UE web browser p. 8

Usage Scenarios p. 8

Usage scenario 1 p. 8

Threats p. 8

Control of GBA Credentials and GBA Module in the UE p. 9

6.1	General p. 9
6.2	Control Mechanism 1- Same Origin Authentication Tokens p. 9
6.3	Control Mechanism 2 - Server Authenticated TLS p. 9
6.4	Control Mechanism 3 - Channel Binding p. 9
6.5	Control Mechanism 4 - Key Usage p. 9

Potential Extension of Protocol Mechanism used on Ua Reference Point p. 10

Key derivation p. 10

Channel binding p. 11

7.2.1	Background p. 11
7.2.2	Option 1: Channel binding using RFC 5705 p. 11
7.2.3	Option 2: Channel binding using RFC 5929 p. 11

Common Practices and Examples p. 11

Security Considerations p. 11

8.1.1	General Scripting Security Considerations p. 11
8.1.2	GBA key control p. 12
8.1.3	User grants p. 12
8.1.4	Root CAs in Browser p. 12

Javascript GBA API description p. 12

8.2.1	GBA API Description p. 12
8.2.2	Example API usage p. 13

Example sequence flows p. 13

Example sequence flow with channel binding p. 13

Change History p. 18