Tech-invite3GPPspaceIETF RFCsSIP
Quick21222324252627282931323334353637384‑5x

Content for  TS 33.179  Word version:  13.11.0

Top   Top   None   None   Next
1…   4…   7…   A…   B…   E…

 

1  ScopeWord‑p. 8

The present document specifies the security architecture, procedures and information flows needed to protect the mission critical push to talk (MCPTT) service. The architecture includes mechanisms for authentication, protection of MCPTT signalling and protection of MCPTT media. Security for both MCPTT group calls and MCPTT private calls operating in on-network and off-network modes of operation is specified.
The functional architecture for MCPTT is defined in TS 23.179, the corresponding service requirements are defined in TS 22.179.
The MCPTT service can be used for public safety applications and also for general commercial applications e.g. utility companies and railways. As the security model is based on the public safety environment, some security features may not be applicable to MCPTT for commercial purposes.
Up

2  References

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]  TR 21.905   "Vocabulary for 3GPP Specifications".
[2]  TS 23.179   "Functional architecture and information flows to support mission critical communication services; Stage 2".
[3]  TS 22.179   "Mission Critical Push To Talk (MCPTT) over LTE; Stage 1".
[4]  TS 33.210   ''3G security; Network Domain Security (NDS); IP network layer security''.
[5]  TS 33.310   "Network Domain Security (NDS); Authentication Framework (AF)".
[6]  TS 33.203   "3G security; Access security for IP-based services".
[7]  Void.
[8]  TS 33.328   ''IP Multimedia Subsystem (IMS) media plane security''.
[9]  RFC 6507:  ''Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI)''.
[10]  RFC 6508:  ''Sakai-Kasahara Key Encryption (SAKKE)''.
[11]  RFC 6509:  ''MIKEY-SAKKE: Sakai-Kasahara Key Encryption in Multimedia Internet KEYing (MIKEY)''.
[12]  RFC 3550:  ''RTP: A Transport Protocol for Real-Time Applications''.
[13]  RFC 3711:  "The Secure Real-time Transport Protocol (SRTP)".
[14]  TS 33.401   "3GPP System Architecture Evolution (SAE); Security architecture".
[15]  TS 23.228   "IP Multimedia Subsystem (IMS); Stage 2".
[16]  TS 33.222   "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)".
[17]  TS 33.220   "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".
[18]  NIST FIPS 180-4: "Secure Hash Standard (SHS)".
[19]  RFC 6749:  "The OAuth 2.0 Authorization Framework".
[20]  RFC 6750:  "The OAuth 2.0 Authorization Framework: Bearer Token Usage".
[21]  OpenID Connect 1.0: "OpenID Connect Core 1.0 incorporating errata set 1", http://openid.net/specs/openid-connect-core-1_0.html.
[22]  RFC 3830:  "MIKEY: Multimedia Internet KEYing".
[23]  RFC 3602:  "The AES-CBC Cipher Algorithm and Its Use with IPsec".
[24]  RFC 4771:  "Integrity Transform Carrying Roll-Over Counter for the Secure Real-time Transport Protocol (SRTP)".
[25]  RFC 6043:  "MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY)".
[26]  RFC 7714:  ''AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol (SRTP)''.
[27]  W3C: "XML Encryption Syntax and Processing Version 1.1", https://www.w3.org/TR/xmlenc-core1/.
[28]  W3C: "XML Signature Syntax and Processing (Second Edition)", http://www.w3.org/TR/xmldsig-core/.
[29]  RFC 5905:  "Network Time Protocol Version 4: Protocol and Algorithms Specification".
[30]  RFC 5480:  "Elliptic Curve Cryptography Subject Public Key Information".
[31]  RFC 6090:  "Fundamental Elliptic Curve Cryptography Algorithms".
[32]  RFC 7519:  "JSON Web Token (JWT)".
[33]  RFC 7662:  "OAuth 2.0 Token Introspection".
[34]  RFC 3394:  "Advanced Encryption Standard (AES) Key Wrap Algorithm".
[35]  RFC 7515:  "JSON Web Signature (JWS)".
[36]  NIST Special Publication 800-38D: "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC".
[37]  RFC 2045:  "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies".
[38]  RFC 2392:  "Content-ID and Message-ID Uniform Resource Locators".
[39]  TS 24.380   " Mission Critical Push To Talk (MCPTT) media plane control; Protocol specification".
[40]  RFC 3711  Errata ID 3712, https://www.rfc-editor.org/errata/eid3712.
[41]  IANA: "Multimedia Internet KEYing (MIKEY) Payload Name Spaces", https://www.iana.org/assignments/mikey-payloads/mikey-payloads.xhtml.
Up

3  Definitions and abbreviationsWord‑p. 10

3.1  Definitions

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Floor:
Floor(x) is the largest integer smaller than or equal to x.

3.2  Abbreviations

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
CSC
Common Services Core
GBA
Generic Bootstrapping Architecture
GMK
Group Master Key
GMK-ID
Group Master Key Identifier
GMS
Group Management Server
GUK-ID
Group User Key Identifier
IdM
Identity Management
IdMS
Identity Management Server
KMS
Key Management Server
MBCP
Media Burst Control Protocol
MCPTT
Mission Critical Push to Talk
MKI
Master Key Identifier
MSCCK
MBMS subchannel control key
NGMI
Next Generation Mobile Intelligence
OIDC
OpenID Connect
PCK
Private Call Key
PCK-ID
Private Call Key Identifier
PSK
Pre-Shared Key
SPK
Signalling Protection Key
SRTCP
Secure Real-Time Transport Control Protocol
SRTP
Secure Real-Time Transport Protocol
SSRC
Synchronization Source
TBCP
Talk Burst Control Protocol
TrK
KMS Transport Key
UID
User Identifier for MIKEY-SAKKE (referred to as the 'Identifier' in RFC 6509 [11])
XPK
XML Protection Key
Up

Up   Top   ToC