Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.890
Study on Security support for Next Generation Real Time Communication services

3GPP‑Page   fToC   Partial Content
V18.0.0 (Wzip)  2023/06  23 p.
Rapporteur:
Mr. Li, Fei
HUAWEI TECHNOLOGIES Co. Ltd.

full Table of Contents for  TR 33.890  Word version:  18.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 6
2References  p. 6
3Definitions of terms, symbols and abbreviations  p. 6
3.1Terms  p. 6
3.2Symbols  p. 7
3.3Abbreviations  p. 7
4Assumptions  p. 7
5Key issues  p. 7
5.1Key issue #1: Third party specific user identities  p. 7
5.1.1Key issue details  p. 7
5.1.2Threats  p. 7
5.1.3Potential security requirements  p. 7
5.2Key issue #2: Security aspects of Data Channel usage in IMS network  p. 8
5.2.1Key issue details  p. 8
5.2.2Security threats  p. 8
5.2.3Potential security requirements  p. 8
5.3Key issue #3: security aspects of SBA in IMS media control plane  p. 8
5.3.1Key issue details  p. 8
5.3.2Security threats  p. 8
5.3.3Potential security requirements  p. 8
6Proposed solutions  p. 9
6.0Mapping of solutions to key issues  p. 9
6.1Solution #1: How the Originating IMS network signs the 3rd party IDs and terminating IMS network verifies the 3rd party IDs  p. 9
6.1.1Introduction  p. 9
6.1.2Solution details  p. 9
6.1.2.1Solution Description  p. 9
6.1.2.2How Originating IMS network invokes the signing on behalf of 3rd party (SIP trunk)  p. 11
6.1.2.3How Originating IMS network invokes the signing on behalf of 3rd party (Single SIP registration)  p. 12
6.1.3Evaluation  p. 14
6.2Solution #2: SHAKEN based third-party specific user identities  p. 14
6.2.1Introduction  p. 14
6.2.2Solution details  p. 14
6.2.2.1General procedures  p. 14
6.2.2.2Alternative authorisation procedure  p. 16
6.2.3Evaluation  p. 16
6.3Solution #3: Service based interface protection in media control plane  p. 16
6.3.1Introduction  p. 16
6.3.2Solution details  p. 16
6.3.2.1Protection at the network or transport layer  p. 16
6.3.2.2Authentication and authorization  p. 16
6.3.3Evaluation  p. 16
6.4Solution #4: End-to-access-edge security for IMS data channels  p. 16
6.4.1Introduction  p. 16
6.4.2Solution details  p. 16
6.4.3Evaluation  p. 17
6.5Solution #5: How to avoid e2ae limitation and achieve e2e security for IMS Data Channel  p. 17
6.5.1Introduction  p. 17
6.5.2Solution details  p. 18
6.5.2.1Solution Description  p. 18
6.5.3Evaluation  p. 19
7Conclusions  p. 19
7.1Conclusion on Key Issue #3  p. 19
7.2Conclusion on Key Issue #2  p. 19
7.3Conclusions for Key Issue #1  p. 19
$Change history  p. 20

Up   Top