Content for  TS 33.220  Word version:  18.3.0

Top   Top   None   None   Next
1…   4…   4.4…   4.5…   5…   B…   D…   I…   J…   M…   N…


1  Scopep. 9

The present document describes the security features and mechanisms to bootstrap authentication and key agreement for application security. Candidate applications to use this bootstrapping mechanism include but are not restricted to subscriber certificate distribution TS 33.221. Subscriber certificates support services whose provision mobile operator assists, as well as services that mobile operator provides.
The scope of this specification includes generic bootstrapping functions, an architecture overview and the detailed procedure how to bootstrap the credential.
Clause 4 of this specification describes a mechanism, called GBA_ME, to bootstrap authentication and key agreement, which does not require any changes to the UICC. Clause 5 of this specification describes a mechanism, called GBA_U, to bootstrap authentication and key agreement, which does require changes to the UICC, but provides enhanced security by storing certain derived keys on the UICC. Annex I of this specification describes a mechanism, called 2G GBA, to bootstrap authentication and key agreement using 2G AKA protocol. Annex M of this specification describes a mechanism, called GBA_Digest, to bootstrap authentication and key agreement using HTTP Digest protocol with SIP Digest credentials.

2  Referencesp. 9

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
TS 31.102: "Characteristics of the USIM application".
TS 33.102: "3G Security; Security architecture".
[3]  Void
RFC 3310:  "Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA)".
TS 33.221: "Generic Authentication Architecture (GAA); Support for Subscriber Certificates".
[6]  Void
[7]  Void
[8]  Void
[9]  Void
TS 31.103: "Characteristics of the IP Multimedia Services Identity Module (ISIM) application".
TS 23.003: "Numbering, addressing and identification".
[12]  Void
TS 33.210: "3G Security; Network domain security; IP network layer security".
[14]  Void.
TS 31.101: "UICC-terminal interface; Physical and logical characteristics".
TS 33.203: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Access security for IP-based services".
[17]  Void
RFC 2818:  "HTTP over TLS".
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[20]  Void
[21]  Void
RFC 2104:  "HMAC: Keyed-Hashing for Message Authentication".
ISO/IEC 10118-3::2004: "Information Technology - Security techniques - Hash-functions - Part 3: Dedicated hash-functions".
RFC 3629:  "UTF-8, a transformation format of ISO 10646".
TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)".
TS 33.246: "3G Security; Security of Multimedia Broadcast/Multicast Service (MBMS)".
[27]  Void
[28]  Void
TS 24.109: "Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details".
[30]  Void
[31]  Void
TS 29.109: "Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol; Stage 3".
[33]  Void
TS 23.002: "Network architecture".
TS 33.401: "3GPP System Architecture Evolution (SAE); Security Architecture".
TS 33.402: "3GPP System Architecture Evolution (SAE); Security aspects of non-3GPP accesses".
"Unicode Standard Annex #15; Unicode Normalization Forms", Unicode 5.1.0, March 2008.
TS 26.237: "IP Multimedia Subsystem (IMS) based Packet Switch Streaming (PSS) and Multimedia Broadcast/Multicast Service (MBMS) User Service; Protocols".
TS 33.224: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) Push Layer".
TS 33.328: "IMS Media plane security".
[41]  Void
[42]  Void
[43]  Void
RFC 5705:  "Keying Material Exporters for Transport Layer Security (TLS)".
TS 33.223: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) Push function".
TS 44.006: "Technical Specification Group GSM/EDGE Radio Access Network; Mobile Station - Base Station System (MS - BSS) interface; Data Link (DL) layer specification".
TS 43.020: "Technical Specification Group Services and system Aspects; Security related network functions".
RFC 5929:  "Channel Bindings for TLS".
TS 33.303: "Proximity-based Services; Security Aspects".
TS 33.179: "Security of Mission Critical Push-To-Talk (MCPTT)".
TS 33.203: "3G security; Access security for IP-based services".
TS 33.163: "Battery Efficient Security for very low Throughput Machine Type Communication (MTC) devices (BEST)".
TS 33.501: "Security architecture and procedures for 5G system".
TS 33.180: "Technical Specification Group Services and System Aspects; Security of the mission critical service".
TS 33.122: "Security Aspects of Common API Framework for 3GPP Northbound APIs".
TS 33.536: "Security Aspect of 3GPP Support for Advanced V2X Services".
[57]  Void
TS 33.535: "Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)".
RFC 8446:  "The Transport Layer Security (TLS) Protocol Version 1.3".
RFC 4648:  "The Base16, Base32, and Base64 Data Encodings".
RFC 9110:  "HTTP Semantics".
RFC 7616:  "HTTP Digest Access Authentication".
[63]  Void.
TS 23.502: "Procedures for the 5G System (5GS)".
TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2".
TS 23.501: "System architecture for the 5G System (5GS)".
TS 33.503: "Security Aspects of Proximity based Services (ProSe) in the 5G System (5GS)".
RFC 9147:  "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3".
RFC 8613:  "Object Security for Constrained RESTful Environments (OSCORE)".
RFC 7252:  "The Constrained Application Protocol (CoAP)".
RFC 8949:  "Concise Binary Object Representation (CBOR)".
RFC 8152:  "CBOR Object Signing and Encryption (COSE)".
RFC 5869:  "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)".
TS 33.533: "Security aspects of ranging based services and sidelink positioning".

3  Definitions, abbreviations symbols and conventionsp. 12

3.1  Definitionsp. 12

For the purposes of the present document, the following terms and definitions apply:
AKA-based GBA:
This term collectively refers to all GBA variants that make use of a form of the AKA protocol on the Ub interface, i.e. the term refers to GBA_ME, GBA_U, and 2G GBA, as defined in the present document, and to GBA_push as defined in TS 33.223.
In all places in this document where the term application is used to refer to a service offered by the MNO or a third party to the mobile subscriber, then it always denotes the type of application and not the actual instance of an application installed on an application server.
Bootstrapping Server Function:
BSF is hosted in a network element under the control of an MNO. BSF, HSS, and UEs participate in GBA in which a shared secret is established between the network and a UE by running the bootstrapping procedure. The shared secret can be used between NAFs and UEs, for example, for authentication purposes.
Bootstrapping Usage Procedure:
A procedure using bootstrapped security association over Ua reference point.
GBA Function:
A function on the ME executing the bootstrapping procedure with BSF (i.e. supporting the Ub reference point) and providing Ua applications with security association to run bootstrapping usage procedure. GBA function is called by a Ua application when a Ua application wants to use bootstrapped security association.
ME-based GBA:
in GBA_ME, all GBA-specific functions are carried out in the ME. The UICC is GBA-unaware. If the term GBA is used in this document without any further qualification then always GBA_ME is meant, see clause 4 of this specification.
UICC-based GBA:
this is a GBA with UICC-based enhancement. In GBA_U, the GBA-specific functions are split between ME and UICC, see clause 5 of this specification.
A GBA variant that extends the usage of GBA to environments where the UICC is not available to the subscriber. In this variant, the GBA client on the UE and the BSF communicate using HTTP protocol and SIP Digest credentials, such as a shared secret or password, that are used for authentication instead of credentials stored in the SIM, USIM or ISIM.
Network Application Function:
NAF is hosted in a network element. GBA may be used between NAFs and UEs for authentication purposes, and for securing the communication path between the UE and the NAF.
Bootstrapping Transaction Identifier:
the bootstrapping transaction identifier (B-TID) is used to bind the subscriber identity to the keying material in reference points Ua, Ub and Zn.
GBA User Security Settings:
GUSS contains the BSF specific information element and the set of all application-specific USSs.
GUSS timestamp:
the timestamp of the GUSS is set by the HSS. It changes whenever the HSS has modified the GUSS.
NAF Group:
A grouping of NAFs to allow assignment of different USSs to NAFs representing the same application. This grouping is done in each home network separately, i.e. one NAF contacting BSFs in different home networks belongs to different groups in every home network.
The FQDN of the NAF, concatenated with the Ua security protocol identifier.
Temporary IP Multimedia Private Identity:
a temporary identity which is used on the Ub interface to prevent passive eavesdropping attacks against the IMPI.
Ua Application:
An application on the ME intended to run bootstrapping usage procedure with a NAF.
Ua security protocol identifier:
An identifier which is associated with a security protocol over Ua.
User Security Setting:
A USS is an application and subscriber specific parameter set that defines two parts, an authentication part, which contains the list of identities of the user needed for the application (e.g. IMPUs, MSISDN, pseudonyms), and an authorisation part, which contains the user permission flags (e.g. access to application allowed, type of certificates which may be issued). In addition, a USS may contain a key selection indication, which is used in the GBA_U case to mandate the usage of either the ME-based key (Ks_(ext)_NAF) or the UICC-based key (Ks_int_NAF) or both. Sometimes also called application-specific user security setting. The USS is delivered to the BSF as a part of GUSS from the HSS, and from the BSF to the NAF if requested by the NAF.

3.2  Abbreviationsp. 13

For the purposes of the present document, the following abbreviations apply:
Anonymity Key
Authentication and Key Agreement
Bootstrapping Transaction Identifier
Bootstrapping Server Function
Certificate Authority
Concise Binary Object Representation
Constrained Application Protocol
Fully Qualified Domain Name
Generic Authentication Architecture
Generic Bootstrapping Architecture
ME-based GBA
GBA with UICC-based enhancements
GBA User Security Settings
Home Location Register
Home Subscriber System
Integrity Key
Key Derivation Function
Key Indicator for Service Selection
Derived key in GBA_U which remains on UICC
Derived key in GBA_U
Mobile Network Operator
Network Application Function
Object Security for Constrained RESTful Environments
Public Key Infrastructure
Subscriber Locator Function
Temporary IP Multimedia Private Identity
User Security Setting

3.3  Symbolsp. 13

For the purposes of the present document, the following symbols apply:
Exclusive or

3.4  Conventionsp. 13

All data variables in this specification are presented with the most significant substring on the left hand side and the least significant substring on the right hand side. A substring may be a bit, byte or other arbitrary length bitstring. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant.

Up   Top   ToC