T (Normative)  GPRS-IMS-Bundled Authentication (GIBA) for Gm interface |R8|  Word‑p. 99

T.1  Introduction

T.2  Requirements

T.3  Threat Scenarios  Word‑p. 100

T.3.0  General |R12|

T.3.1  Impersonation on IMS level using the identity of an innocent user

T.3.2  IP spoofing

T.3.3  Combined threat scenario

T.4  GIBA Security Mechanism  Word‑p. 101

T.5  Restrictions imposed by GIBA

T.6  Protection against IP address spoofing in GGSN  Word‑p. 102

T.7  Interworking cases

T.8  Message Flows  Word‑p. 105

T.8.1  Successful registration

T.8.2  Unsuccessful registration  Word‑p. 106

T.8.3  Successful registration for a selected interworking case  Word‑p. 108

U (Normative)  Trusted Node Authentication (TNA) |R8|  Word‑p. 111

U.1  Overview

U.2  Use case and detailed description

V  NAT deployment considerations for GIBA |R9|  Word‑p. 114

W (Normative)  Tunnelling of IMS Services over Restrictive Access Networks |R12|  Word‑p. 115

W.1  Overview

W.2  Service and Media Reachability for Users over Restrictive Firewalls - Tunneled Firewall Traversal for IMS traffic

W.2.0  General

W.2.1  Firewall detection procedure  Word‑p. 116

W.3  Service and Media Reachability for Users over Restrictive Firewalls - Extensions to STUN/TURN/ICE  Word‑p. 117

W.3.1  Introduction  Word‑p. 118

W.3.1.1  General

W.3.1.2  Firewall traversal for IMS control plane using SIP over TLS/TCP

W.3.1.3  Firewall traversal for IMS media plane using ICE and TURN

W.3.2  Reference model  Word‑p. 119

W.3.3  Required functions of the UE

W.3.4  Required functions of the P-CSCF  Word‑p. 120

W.3.5  Required functions of the TURN server

W.3.6  Required functions of the IMS-ALG and IMS-AGW

---