In addition to the definitions included in TR 21.905
, for the purposes of the present document, the following definitions apply:
Anti-replay protection is a special case of integrity protection. Its main service is to protect against replay of self-contained packets that already have a cryptographic integrity mechanism in place.
The property that information is not made available or disclosed to unauthorised individuals, entities or processes.
The property that data has not been altered in an unauthorised manner.
Data origin authentication:
The corroboration that the source of data received is as claimed.
The provision of assurance of the claimed identity of an entity.
A key is fresh if it can be guaranteed to be new, as opposed to an old key being reused through actions of either an adversary or authorised party.
A logical connection created for security purposes. All traffic traversing a security association is provided the same security protection. The security association specifies protection levels, algorithms to be used, lifetimes of the connection etc.
An SS7 network that is not a PLMN.
SS7 Security Gateway:
A Network Node that terminates and initiates TCAPsec. Similar to a SEG (see TS 33.210
), the SS7 security Gateway is used for communication between two SS7 security domains.
The complete collection of protocols and procedures needed to protect TCAP user messages.
3.2 Symbols Word‑p. 6
For the purposes of the present document, the following symbols apply:
TCAPsec encryption algorithm.
TCAPsec integrity algorithm.
TCAPsec reference point between SS7-SEGs engaged in security protected signalling.
In addition to the abbreviations included in TR 21.905
, for the purposes of the present document, the following abbreviations apply:
Advanced Encryption Standard
Fallback to unprotected mode indicator
Message Authentication Code
MAC used for TCAP user
Mobile Application Part
Network Domain Security
Security Association Database
SS7 security gateway Encryption Algorithm identifier
SS7 security gateway Encryption Key
SS7 security gateway Integrity Algorithm identifier
SS7 security gateway Integrity Key
Security Policy Database
Security Parameters Index
SS7 security gateway
TCAP user security - the SS7 security gateway security protocol suite
Application Part identified by the SCCP Subsystem Numbers of TS 23.003
Time Variant Parameter
3.4 Conventions Word‑p. 7
All data variables in this specification are presented with the most significant substring on the left hand side and the least significant substring on the right hand side. A substring may be a bit, byte or other arbitrary length bitstring. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant.