Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.871
Study on Security for
Web Real Time Communications (WebRTC) IMS Client access to IMS

3GPP‑Page   fToC   Partial Content
V12.0.0 (Wzip)  2014/09  52 p.
Rapporteur:
Mr. Ohlsson, Oscar
Ericsson LM

full Table of Contents for  TR 33.871  Word version:  12.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 6
2References  p. 6
3Definitions, symbols and abbreviations  p. 8
3.1Definitions  p. 8
3.2Symbols  p. 8
3.3Abbreviations  p. 8
4Overview  p. 9
4.1WebRTC  p. 9
4.1.1General  p. 9
4.1.2WebRTC control plane  p. 9
4.1.3WebRTC user plane  p. 9
4.2WebRTC IMS Client access to IMS  p. 11
4.2.1Overview  p. 11
4.2.2Architecture  p. 11
5Assumptions, Risks and Security requirements  p. 13
5.1Assumptions  p. 13
5.2Risks  p. 13
5.2.1Impact of security breach at WWSF on arbitrary IMS subscribers  p. 13
5.2.2Lack of means to identify potentially compromised WWSF in the IMS core  p. 13
5.2.3Risks relating to the determination of IMS identities by the WWSF  p. 13
5.2.4Risks relating to assignment of IMS identities to WebRTC IMS Client from pool of IMS subscriptions held by WWSF  p. 14
5.3Potential security requirements  p. 15
6Solutions  p. 17
6.1Authentication and Authorization  p. 17
6.1.1Authentication of WebRTC IMS Client with IMS subscription re-using existing IMS authentication mechanisms  p. 17
6.1.1.1General  p. 17
6.1.1.2Use of SIP Digest credentials  p. 17
6.1.1.3Use of IMS AKA  p. 19
6.1.2Authentication of WebRTC IMS Client with IMS subscription using web credentials  p. 20
6.1.2.1General  p. 20
6.1.2.2Use of Trusted Node Authentication (TNA)  p. 21
6.1.2.3Example of web authentication using IMS AKA credentials  p. 27
6.1.2.4Use of direct authentication between WIC and eP-CSCF  p. 28
6.1.2.5Trusted Node Authentication using OAuth 2.0 Implicit Grant  p. 29
6.1.3Assignment of IMS identities to WebRTC IMS Client from pool of IMS subscriptions held by WWSF  p. 32
6.1.3.1General  p. 32
6.1.3.2Use of Trusted Node Authentication (TNA)  p. 32
6.2Enhancements to IMS media plane security  p. 37
6.2.1Media security for RTP  p. 37
6.2.1.1General  p. 37
6.2.1.2e2ae security for RTP using DTLS-SRTP  p. 37
6.2.2Media security for WebRTC Data Channels  p. 39
6.2.2.1General  p. 39
6.2.2.2e2ae security for WebRTC Data Channels  p. 39
6.3Other security aspects  p. 41
6.3.1Firewall traversal  p. 41
7Assessment of solutions  p. 42
8Conclusions and recommendations  p. 42
ASecure usage of GBA with UE browser  p. 43
BProfiling of DTLS-SRTP  p. 47
CLinking IMS identities and web identities - Example security mechanisms  p. 48
D Mapping OAuth 2.0 to IMS WebRTC  p. 49
$Change History  p. 52

Up   Top