Content for TS 33.107 Word version: 16.0.0
0…
4
5…
5A…
6…
7…
7A…
8…
9…
10…
11…
12…
12.2…
12.3…
12.4…
12.5…
13…
14…
15…
16…
17…
18…
19…
20…
21…
22…
23…
A…
B…
C…
D…
E…
F…
G…
H…
I…
J…
L…
14 Interception of Generic Bootstrapping Architecture (GBA) Secured Communications
14.1 Introduction
14.2 Provision of Content of Communications
14.3 Provision of Intercept Related Information
14.3.1 Provision of Intercept Related Information Data Flow
14.3.2 X2-interface
14.3.3 GBA LI Events and Event Information
14.4 Structure of GBA Events
14.4.1 Bootstrapping
14.4.2 Query from NAF
14.4.3 Start of Interception with GBA key
...
...
14 Interception of Generic Bootstrapping Architecture (GBA) Secured Communications |R12| Word‑p. 176
14.1 Introduction
The Generic Bootstrapping Architecure (GBA) is defined in the TS 33.220. This section details the stage 2 Lawful Interception architecture and functions that are needed to provide the GBA based application specific encryption keys from the GBA architecture towards the DF2 for a subscriber that is target of interception.
Figure 14.1 shows the LI architecture for the GBA where the BSF provides the events and associated information towards the DF2 over the X2 interface.
[not reproduced yet]
Figure 14.1: GBA Intercept Configuration
14.2 Provision of Content of Communications
The GBA interception provides the application specific cryptographic keys (aka GBA application specific keys) which are used to decrypt the intercepted communication secured using those GBA application specific keys. Interception of the content of communications for GBA secured services is not part of this section and can be achieved via other methods outlined in this specification. The Ua protocol Id and the NAF Id along with the GBA application specific keys will allow the LEMF to decrypt the received intercepted packets.
14.3 Provision of Intercept Related Information
14.3.1 Provision of Intercept Related Information Data Flow
Figure 14.2 shows the transfer of intercept related information to the DF2. If an event related to a target occurs, the BSF shall send the relevant data to the DF2.
[not reproduced yet]
Figure 14.2: Provision of Intercept Related Information
14.3.2 X2-interface Word‑p. 177
The following information needs to be transferred from the BSF to the DF2 in order to allow a DF2 to perform its functionality:
-
target identity;
-
events and associated parameters as defined in clauses 14.3.3 may be provided;
The IRI should be sent to DF2 using a reliable transport mechanism.
14.3.3 GBA LI Events and Event Information
Intercept Related Information (Events) are necessary for the following;
-
Bootstrapping
-
Query from NAF
-
Start of interception with GBA key
A set of possible elements as shown in Table 14.3.1 are used to generate the events.
Element
Description
Observed IMSI
IMSI of the target.
Observed Other Identity
Other Identity of the target.
Event type
Description which type of event is delivered: Bootstrapping, Query from NAF,
Start of interception with GBA key
Event date
Date of the event generation in the BSF
Event time
Time of the event generation in the BSF.
Network Element Identifier
Unique identifier for the element reporting the BSF.
B-TID
Bootstrapping transaction identifier, TS 33.220.
Key lifetime
The lifetime of the key material is set according to the local policy of the BSF, TS 33.220.
Bootstrapping time
The timestamp of the bootstrapping event.
Ks_int_NAF
GBA application specific key (internal), if GBA_U has been used, TS 33.220.
Ks_ext_NAF
GBA application specific key (external), if GBA_U has been used, TS 33.220.
Ks_NAF
GBA application specific key, if GBA_ME has been used, TS 33.220.
Ua protocol id
Ua interface security protocol id defined in Annex H in TS 33.220.
NAF_Id
The FQDN of the NAF, concatenated with the Ua security protocol identifier, TS 33.220.
14.4 Structure of GBA Events Word‑p. 178
14.4.1 Bootstrapping
This event will be generated when the UE triggers a bootstrapping procedure towards the BSF when the UE wants to interact with a NAF. The actual bootstrapping procedure is defined in the TS 33.220, in sections 4.5.2 and in 5.3.2. The information elements shown in Table 14.4.1 table, if available, will be delivered to the DF2, by the BSF.
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
B-TID
Key lifetime
Bootstrapping time
14.4.2 Query from NAF Word‑p. 179
The Query from NAF event is generated when the BSF receives an application specific key query from a NAF in order to retrieve GBA based application specific keys and related information. A new event is generated for each individual query events. The information elements shown in Table 14.4.2 will be delivered to the DF2, if available, by the BSF.
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
Ks_ext_NAF
NAF_Id
Ks_int_NAF
Ks_NAF
Key lifetime
Bootstrapping time
Ua protocol id
14.4.3 Start of Interception with GBA key
For start of interception where GBA application specific key is already in use a Start of Interception with GBA key event is generated. The elements, shown in Table 14.4.3 will be delivered to the DF2, if available, by the BSF.
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
B-TID [Note]
NAF_Id [Note]
Ks_ext_NAF [Note]
Ks_int_NAF [Note]
Ks_NAF [Note]
Key lifetime [Note]
Bootstrapping time [Note]
Ua protocol id [Note]
14.1 Introduction
The Generic Bootstrapping Architecure (GBA) is defined in the TS 33.220. This section details the stage 2 Lawful Interception architecture and functions that are needed to provide the GBA based application specific encryption keys from the GBA architecture towards the DF2 for a subscriber that is target of interception.
Figure 14.1 shows the LI architecture for the GBA where the BSF provides the events and associated information towards the DF2 over the X2 interface.
[not reproduced yet]
Figure 14.1: GBA Intercept Configuration
14.2 Provision of Content of Communications
The GBA interception provides the application specific cryptographic keys (aka GBA application specific keys) which are used to decrypt the intercepted communication secured using those GBA application specific keys. Interception of the content of communications for GBA secured services is not part of this section and can be achieved via other methods outlined in this specification. The Ua protocol Id and the NAF Id along with the GBA application specific keys will allow the LEMF to decrypt the received intercepted packets.
14.3 Provision of Intercept Related Information
14.3.1 Provision of Intercept Related Information Data Flow
Figure 14.2 shows the transfer of intercept related information to the DF2. If an event related to a target occurs, the BSF shall send the relevant data to the DF2.
[not reproduced yet]
Figure 14.2: Provision of Intercept Related Information
14.3.2 X2-interface Word‑p. 177
The following information needs to be transferred from the BSF to the DF2 in order to allow a DF2 to perform its functionality:
-
target identity;
-
events and associated parameters as defined in clauses 14.3.3 may be provided;
The IRI should be sent to DF2 using a reliable transport mechanism.
14.3.3 GBA LI Events and Event Information
Intercept Related Information (Events) are necessary for the following;
-
Bootstrapping
-
Query from NAF
-
Start of interception with GBA key
A set of possible elements as shown in Table 14.3.1 are used to generate the events.
Element
Description
Observed IMSI
IMSI of the target.
Observed Other Identity
Other Identity of the target.
Event type
Description which type of event is delivered: Bootstrapping, Query from NAF,
Start of interception with GBA key
Event date
Date of the event generation in the BSF
Event time
Time of the event generation in the BSF.
Network Element Identifier
Unique identifier for the element reporting the BSF.
B-TID
Bootstrapping transaction identifier, TS 33.220.
Key lifetime
The lifetime of the key material is set according to the local policy of the BSF, TS 33.220.
Bootstrapping time
The timestamp of the bootstrapping event.
Ks_int_NAF
GBA application specific key (internal), if GBA_U has been used, TS 33.220.
Ks_ext_NAF
GBA application specific key (external), if GBA_U has been used, TS 33.220.
Ks_NAF
GBA application specific key, if GBA_ME has been used, TS 33.220.
Ua protocol id
Ua interface security protocol id defined in Annex H in TS 33.220.
NAF_Id
The FQDN of the NAF, concatenated with the Ua security protocol identifier, TS 33.220.
- target identity;
- events and associated parameters as defined in clauses 14.3.3 may be provided;
- Bootstrapping
- Query from NAF
- Start of interception with GBA key
Element
Description
Observed IMSI
IMSI of the target.
Observed Other Identity
Other Identity of the target.
Event type
Description which type of event is delivered: Bootstrapping, Query from NAF,
Start of interception with GBA key
Event date
Date of the event generation in the BSF
Event time
Time of the event generation in the BSF.
Network Element Identifier
Unique identifier for the element reporting the BSF.
B-TID
Bootstrapping transaction identifier, TS 33.220.
Key lifetime
The lifetime of the key material is set according to the local policy of the BSF, TS 33.220.
Bootstrapping time
The timestamp of the bootstrapping event.
Ks_int_NAF
GBA application specific key (internal), if GBA_U has been used, TS 33.220.
Ks_ext_NAF
GBA application specific key (external), if GBA_U has been used, TS 33.220.
Ks_NAF
GBA application specific key, if GBA_ME has been used, TS 33.220.
Ua protocol id
Ua interface security protocol id defined in Annex H in TS 33.220.
NAF_Id
The FQDN of the NAF, concatenated with the Ua security protocol identifier, TS 33.220.
14.4 Structure of GBA Events Word‑p. 178
14.4.1 Bootstrapping
This event will be generated when the UE triggers a bootstrapping procedure towards the BSF when the UE wants to interact with a NAF. The actual bootstrapping procedure is defined in the TS 33.220, in sections 4.5.2 and in 5.3.2. The information elements shown in Table 14.4.1 table, if available, will be delivered to the DF2, by the BSF.
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
B-TID
Key lifetime
Bootstrapping time
14.4.2 Query from NAF Word‑p. 179
The Query from NAF event is generated when the BSF receives an application specific key query from a NAF in order to retrieve GBA based application specific keys and related information. A new event is generated for each individual query events. The information elements shown in Table 14.4.2 will be delivered to the DF2, if available, by the BSF.
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
Ks_ext_NAF
NAF_Id
Ks_int_NAF
Ks_NAF
Key lifetime
Bootstrapping time
Ua protocol id
14.4.3 Start of Interception with GBA key
For start of interception where GBA application specific key is already in use a Start of Interception with GBA key event is generated. The elements, shown in Table 14.4.3 will be delivered to the DF2, if available, by the BSF.
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
B-TID [Note]
NAF_Id [Note]
Ks_ext_NAF [Note]
Ks_int_NAF [Note]
Ks_NAF [Note]
Key lifetime [Note]
Bootstrapping time [Note]
Ua protocol id [Note]
14.4.1 Bootstrapping
This event will be generated when the UE triggers a bootstrapping procedure towards the BSF when the UE wants to interact with a NAF. The actual bootstrapping procedure is defined in the TS 33.220, in sections 4.5.2 and in 5.3.2. The information elements shown in Table 14.4.1 table, if available, will be delivered to the DF2, by the BSF.
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
B-TID
Key lifetime
Bootstrapping time
14.4.2 Query from NAF Word‑p. 179
The Query from NAF event is generated when the BSF receives an application specific key query from a NAF in order to retrieve GBA based application specific keys and related information. A new event is generated for each individual query events. The information elements shown in Table 14.4.2 will be delivered to the DF2, if available, by the BSF.
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
Ks_ext_NAF
NAF_Id
Ks_int_NAF
Ks_NAF
Key lifetime
Bootstrapping time
Ua protocol id
14.4.3 Start of Interception with GBA key
For start of interception where GBA application specific key is already in use a Start of Interception with GBA key event is generated. The elements, shown in Table 14.4.3 will be delivered to the DF2, if available, by the BSF.
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
B-TID [Note]
NAF_Id [Note]
Ks_ext_NAF [Note]
Ks_int_NAF [Note]
Ks_NAF [Note]
Key lifetime [Note]
Bootstrapping time [Note]
Ua protocol id [Note]
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
Ks_ext_NAF
NAF_Id
Ks_int_NAF
Ks_NAF
Key lifetime
Bootstrapping time
Ua protocol id
Information Element
Observed IMSI
Observed Other Identity
Event Type
Event Time
Event Date
Network Element Identifier
B-TID [Note]
NAF_Id [Note]
Ks_ext_NAF [Note]
Ks_int_NAF [Note]
Ks_NAF [Note]
Key lifetime [Note]
Bootstrapping time [Note]
Ua protocol id [Note]