Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.937
Study of Mechanisms for
Protection against Unsolicited Communication for IMS (PUCI)

3GPP‑Page   ETSI‑search   fToC   Partial Content
V19.0.0 (PDF)  2025/09  98 p.
V18.0.0  2024/03  98 p.
V17.0.0  2022/03  98 p.
V16.0.0  2020/06  98 p.
V15.0.0  2018/06  95 p.
V14.0.0  2017/03  98 p.
V13.0.0  2016/01  97 p.
V12.0.0  2014/09  97 p.
V11.0.0  2012/09  97 p.
V10.0.0  2011/04  97 p.
V9.2.0  2010/06  97 p.
Rapporteur:
Dr. Prasad, Anand
NEC Europe Ltd

full Table of Contents for  TR 33.937  Word version:  19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 8
2References  p. 8
3Definitions, Symbols and Abbreviations  p. 9
3.1Definitions  p. 9
3.2Symbols  p. 9
3.3Abbreviations  p. 9
4System Environment for PUCI  p. 10
4.1Architectural Issues  p. 10
4.1.1Introduction  p. 10
4.1.2Originating/Terminating UC Identification and Scoring  p. 11
4.1.3Central/Distributed UC Identification and Scoring  p. 12
4.1.3.1Distributed UC Identification and Distributed UC Scoring  p. 12
4.1.3.2Distributed UC Identification and Central UC Scoring  p. 14
4.1.4Standardized/Vendor-Specific UC Scoring Algorithms  p. 14
4.2Non-Technical Conditions  p. 16
4.2.1Prevention of Unsolicited Communication in an Operator Controlled Environment  p. 16
4.2.1.1Introduction  p. 16
4.2.1.2Current SPIT/UC Prevention Measures  p. 16
4.3Technical versus Legal Issues  p. 18
4.3.1Introduction  p. 18
4.3.2UC Legislation  p. 18
4.3.2.1Definition of UC  p. 18
4.3.2.2Definition of UC Communication Services  p. 19
4.3.2.3Consent Achievement about UC Communication  p. 20
4.3.3Liability  p. 20
4.3.4Privacy  p. 21
4.3.5Conclusion  p. 22
4.4Coexistence with Single Radio-VCC, ICS, and SC  p. 22
5PUCI Risk Analysis  p. 24
5.1General  p. 24
5.2UC Threats & Scenarios  p. 24
5.2.2General Scenario  p. 24
5.2.3Privacy Violation  p. 25
5.2.3.1Privacy Violation Scenarios  p. 25
5.2.3.1.1Bulk UC (Advertising)  p. 25
5.2.3.1.2Targeted UC (Stalker)  p. 25
5.2.3.2Privacy Violation Risks  p. 26
5.2.4Contentious Incoming Call Service Charge  p. 26
5.2.4.1Contentious Incoming Call Service Charge Scenarios  p. 27
5.2.4.1.1UC While Call Forwarding is Enabled  p. 27
5.2.4.2Contentious Incoming Call Service Charge Risks  p. 27
5.2.5Contentious Roaming Cost  p. 27
5.2.5.1Contentious Roaming Cost Scenarios  p. 27
5.2.5.1.1UC While Roaming  p. 27
5.2.5.2Contentious Roaming Cost Risks  p. 27
5.2.6Non-disclosure of Call Back Cost  p. 27
5.2.6.1Non-disclosure of Call Back Cost Scenarios  p. 27
5.2.6.1.1Baiting for Premium Number Call Back  p. 27
5.2.6.2Non-disclosure of Call Back Cost Risks  p. 28
5.2.7Phishing  p. 28
5.2.7.1Phishing Scenarios  p. 28
5.2.7.1.1Messaging/Voice Phishing for Bank Account Information  p. 28
5.2.7.1.2Voice Phishing for Identity Theft  p. 28
5.2.7.2Phishing Risks  p. 28
5.2.8Network Equipment Hijacking  p. 28
5.2.8.1Network Equipment Hijacking Scenarios  p. 28
5.2.8.1.1Compromised IMS Network Element  p. 28
5.2.8.2Network Equipment Hijacking Risks  p. 28
5.2.9User Equipment Hijacking  p. 29
5.2.9.1User Equipment Hijacking Scenarios  p. 29
5.2.9.1.1Botnets Using User Equipment  p. 29
5.2.9.1.2Malware Distribution Through Bulk UC  p. 29
5.2.9.2User Equipment Hijacking Risks  p. 29
5.2.10Mobile Phone Virus  p. 29
5.2.10.1 Mobile Phone Virus Scenarios  p. 29
5.2.10.1.1 Exposure of User Privacy  p. 29
5.2.10.1.2 Destroying Mobile Phone Software and Hardware  p. 29
5.2.10.1.3 Distributing Illegal Information and Virus  p. 29
5.2.10.1.4 Junk Data Distribution through Bulk UC Resulting in User Additional Charges & Network Traffic Jam  p. 29
5.2.10.2 Mobile Phone Virus Risks  p. 30
5.2.11Sender Impersonation UC  p. 30
5.2.11.1Sender Impersonation UC Scenarios  p. 30
5.2.11.1.1Forged Sender UC Received through Interworking with VoIP Operator  p. 30
5.2.11.2Sender Impersonation UC Risks  p. 30
5.2.12Unavailability of Service or Degraded Service Quality  p. 30
5.2.12.1Unavailability of Service or Degraded Service Quality Scenarios  p. 30
5.2.12.1.1UC flood leads to Degraded Service Quality  p. 30
5.2.12.2Unavailability of Service or Degraded Service Quality Risks  p. 30
5.2.13Negative Service Preconception Leading to Non-adoption  p. 30
5.3Specific UC threats in non-IMS inter-connections  p. 31
5.3.1Introduction  p. 31
5.3.2Legal assumptions  p. 31
5.3.3Network assumptions  p. 31
5.3.4Security assumptions  p. 33
5.3.5High risk specific threats  p. 33
6Security Requirements  p. 35
6.1Voidp. …
6.23GPP Security Requirements  p. 35
7Supporting Mechanisms and Solution Alternatives  p. 36
7.1Review of Measures and Potential Supporting Mechanisms  p. 36
7.1.1Measure for Protection Against Privacy Violation  p. 36
7.1.1.1Measures Against Bulk UC  p. 36
7.1.1.2Measures Against Targeted UC  p. 39
7.1.2Measures for Protection Against Contentious Incoming Call Service Charge  p. 39
7.1.3Measures for Protection Against Contentious Roaming Cost  p. 39
7.1.4Measures for Protection Against Non-disclosure of Call Back Cost  p. 39
7.1.5Measures for Protection Against Phishing  p. 40
7.1.6Measures for Protection Against Network Equipment Hijacking  p. 40
7.1.7Measures for Protection Against User Equipment Hijacking  p. 40
7.1.8Measures for Protection Against Mobile Phone Virus  p. 41
7.1.9Measures for Protection Against Sender Impersonation UC  p. 42
7.1.10Measures for Protection Against Unavailability of Service or Degraded Service Quality  p. 42
7.2IMR-Based Solution Approach  p. 42
7.2.1General  p. 42
7.2.2IMR Approach  p. 43
7.2.3From Requirements to Solution  p. 44
7.2.4IMR Solution Variations  p. 46
7.2.4.1General  p. 46
7.2.4.2IMR Solution Based on Supplementary Services  p. 47
7.2.5Detailed Solution  p. 48
7.2.5.1Overview  p. 48
7.2.5.2Simple PUCI Invocation  p. 48
7.2.5.3PUCI with Supplementary Services and 3rd Party PUCI AS  p. 50
7.2.5.4Standardization  p. 52
7.3SPIT/UC Protection with Supplementary Services  p. 52
7.3.1Introduction  p. 52
7.3.2Supplementary Services usable for SPIT/UC Prevention  p. 53
7.3.3SPIT/UC Prevention Scenarios with Supplementary Services  p. 54
7.3.3.1Simple Black List combined with Anonymous Call Rejection  p. 54
7.3.3.2White List with Consent Mailbox  p. 55
7.3.3.3White List with Consent Mailbox, protected by a Black List  p. 55
7.3.3.4Sophisticated SPIT/UC Prevention Profile with Audio CAPTCHA  p. 56
7.3.3.5White List Consent Achievement by IN Server  p. 57
7.3.3.6SPIT/UC Feedback by User Based on Key Pad Entries in the Phone  p. 59
7.4Contextual Information  p. 59
7.4.1Introduction  p. 59
7.4.2IMS Mechanism Outline  p. 60
7.4.3Use of Contextual Information  p. 60
7.4.3.1General  p. 60
7.4.3.2Reaction  p. 61
7.4.3.3Marking  p. 61
7.4.3.4Sharing of Information  p. 61
7.4.3.5Impact on Supplementary Services  p. 62
7.5UC protection framework for non-IMS interconnection: the Open Proxy Handshake  p. 62
7.5.1Objectives  p. 62
7.5.2Assumptions  p. 62
7.5.3Basic principles  p. 64
7.5.4Detailed principles  p. 65
7.5.4.1No shared secret between domain A and domain B  p. 66
7.5.4.2A shared secret is established between domain A and domain B  p. 67
7.6Alternative Methods for Authentication of Originating Network  p. 68
7.6.1Introduction  p. 68
7.6.2P-Asserted-Identity  p. 69
7.6.3SIP Identity  p. 69
7.6.4Trusted Interconnect with IPSec  p. 70
7.6.5Trusted Interconnect with IPSec combined with P-Asserted-Identity  p. 70
7.6.6Summary  p. 71
8 Evaluation of Solution Alternatives  p. 72
8.1Evaluation Criteria  p. 72
8.2Evaluation of Alternatives  p. 75
8.3Usage Space  p. 82
9Potential PUCI Architecture  p. 84
9.1 High-level architecture, mapping PUCI functionality to the IMS architecture  p. 84
9.2 Centralized/Distributed PUCI AS  p. 84
9.3UC identification / UC prevention  p. 85
9.4Originating/Terminating UC identification and prevention  p. 85
9.5Real-time / non-real-time UC identification and prevention  p. 86
9.6Standardized versus Vendor specific aspects  p. 86
9.7Interaction with non-IMS networks  p. 87
10Summary  p. 88
AUsability and Business Aspects  p. 89
A.1Usability Consideration  p. 89
A.1.1User Prompting  p. 89
A.1.2User vs UE  p. 89
BAnalysis of UC protection mechanisms for non-IMS interconnection  p. 90
B.1Solutions based on sender identity  p. 90
B.2Call analysis and UC identification  p. 90
B.3Network solutions  p. 91
B.4Applicative solutions  p. 91
$Change History  p. 93

Up   Top