3GPP defined the Generic Authentication Architecture (GAA). The adoption of GAA by other standardization bodies showed that some services can not make the assumption that the User Equipment (UE) has always the possibility to connect to the Bootstrapping Server Function (BSF). This specification introduces a generic push layer that makes use of the GBA Push Function as specified in TS 33.223
The present document specifies a generic push layer that makes use of the GBA Push Function as specified in TS 33.223
. The GPL specification includes a message format, cipher suites and processing model. GPL assumes that keys and other SA parameters have been preinstalled in the Push-NAF and UE in the form of a NAF SA. GPL is a protection protocol that can be applied in a unidirectional fashion.
The rationale for GPL is that having each application specify its own security mechanisms would for obvious reasons lead to duplication of work, specifications and implementations. Using a generic secure push layer avoids these problems. A generic secure push layer may also relieve the applications using the service of having to be aware of inner working of the security layer. As an analogy, TS 33.222
can be mentioned, which provides a generic security layer for HTTP based applications.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
: "Generic Authentication Architecture (GAA); Generic bootstrapping architecture".
: "Vocabulary for 3GPP Specifications".
: "Generic Authentication Architecture (GAA); Generic bootstrapping architecture: Push Function"
: "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext; Transfer Protocol over Transport Layer Security (HTTPS)".
FIPS PUB 180-2 (2002): "Secure Hash Standard".
(1997): "HMAC: Keyed-Hashing for Message Authentication".
ISO/IEC 10118-3:2004: "Information Technology - Security techniques - Hash-functions - Part 3: Dedicated hash-functions".
NIST Special Publication 800-38 A (2001): "Recommendation for Block Cipher Modes of Operation - Methods and Techniques "
FIPS PUB 197 (2001): "Advanced Encryption Standard"
OMA-WAP-TS-WSP-V1_0-20020920-C: "Wireless Session Protocol 1.0"
: "Universal Subscriber Identity Module (USIM) Application Toolkit (USAT)"
ETSI TS 102 600: "UICC-Terminal interface; Characteristics of the USB interface
ETSI TS 102 483: "UICC-Terminal interface; Internet Protocol connectivity between UICC and terminal"
For the purposes of the present document, the terms and definitions given in TR 21.905
, TS 33.220
and the following apply.
The highest sequence number received in a GPL message with validated MAC. SN_h is used for replay protection.
A counter used to generate sequence numbers for outgoing messages.
For the purposes of the present document, the abbreviations given in TR 21.905
and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905
Generic Bootstrapping Architecture
GBA Push Information
Generic Push Layer
GPL hosted in the ME
GPL hosted in the UICC
High Speed Protocol
Network Application Function
Key Derivation Function
Message Authentication Code
Security Association Identifier