Tech-invite   3GPPspecs   RFCs   SIP   Search in Tech-invite

Top   in Index   Prev   Next

TR 33.879 (SA3)
Study on Security enhancements for
Mission Critical Push To Talk (MCPTT) over LTE

3GPP‑Page   full‑ToC  
use "3GPP‑Page" to get the Word version
for a better overview, the Table of Contents (ToC) is reproduced
V13.1.0 (Wzip)  2016/06  88 p.


Rapporteur:  Mr. Haigh, Peter

The present document contains a study of the security aspects of the Mission-Critical Push-To-Talk (MCPTT) service and its interaction with the network. This includes an analysis of the threats to the service, the security requirements to mitigate those threats and an evaluation of possible technical solutions designed to meet the security requirements of the service.

This study will include consideration of relevant 3GPP specifications, particularly for ProSe and GCSE.

The focus of the present document is to support public-safety use of MCPTT as prioritised by SA#66 (SP-140870). Some features may not be applicable to MCPTT for commercial purposes (e.g. Ambient Listening).

full Table of Contents for  TR 33.879  Word version:   13.1.0

 

Here   Top

 

1  ScopeWord-p. 8
2  References
3  Definitions and abbreviationsWord-p. 9
4  Overview of Mission Critical Push-to-Talk (MCPTT)
5  List of assets
6  Security analysis of MCPTTWord-p. 15
6.1  General security requirements
6.2  Key Issue # 1: Configuration & service access
6.3  Key Issue # 2: Group Key ManagementUp
6.4  Key Issue # 3: On-Network Operation: denial of serviceWord-p. 17
6.5  Key Issue # 4: Ambient Listening
6.6  Key Issue # 5: Data communication security between MCPTT network entities
6.7  Key Issue # 6: On-Network Operation: impersonation
6.8  Key Issue # 7: On-Network Operation: manipulationUp
6.9  Key Issue # 8: On-network operation: traffic analysisWord-p. 20
6.10  Key Issue # 9: On-network operation: interception of user traffic
6.11  Key Issue # 10: Key Stream Re-use
6.12  Key Issue # 11: Late Entry to Group CommunicationWord-p. 22
6.13  Key Issue # 12: Private Call ConfidentialityUp
6.14  Key Issue # 13: Off-network operation: denial of service
6.15  Key Issue # 14: Off-Network Operation: interception of user traffic
6.16  Key Issue # 15: Off-network operation: impersonationWord-p. 24
6.17  Key Issue # 16: Off-network operation: manipulation
6.18  Key Issue # 17: Off-network operation: traffic analysisWord-p. 25
6.19  Key Issue #18: Privacy of MCPTT identities
7  Proposed Solutions
7.1  Solution #1: Signalling protection and authentication procedure for MCPTT services
7.2  Solution #2: MCPTT User authentication and registration based on OpenID ConnectWord-p. 28
7.3  Solution #3: Addition of KMS function and interfacesWord-p. 32
7.4  Solution #4: Distribution of a group security contextWord-p. 35
7.5  Solution #5: Private call securityWord-p. 40
7.6  Solution #6: End-to-end protection for private call in on-networkWord-p. 44
7.7  Solution #7: Media stream protectionUp
7.8  Solution #8: Protection of floor control signalling (SRTCP)Word-p. 50
7.9  Solution #9: GCSE based security for MCPTT serviceWord-p. 52
7.10  Solution #10: Inter/Intra domain protection for MCPTT serviceWord-p. 53
7.11  Solution #11: HTTP-1 interface protection
7.12  Solution #12: Using S/MIME to protect MCPTT Application plane messaging in SIP messagesWord-p. 54
7.13  Solution #13: KMS managed Content Encryption Key (CEK) for S/MIME
7.14  Solution #14: Identity based cryptography managed Content Encryption Key (CEK) for S/MIMEWord-p. 63
7.15  Solution #15: Using content indirection and XCAP to hide MCPTT sensitive application information in SIP messagesWord-p. 65
7.16  Solution #16: Protecting the location objectWord-p. 68
7.17  Solution #17: Protection of sensitive application data based on xmlsecWord-p. 71
8  Evaluation of solutions
9  ConclusionUp
A  Authentication call-flowsWord-p. 84
B  Change historyWord-p. 88

Up   Top