Content for  TR 33.815  Word version:  16.0.1

Top   Top   None   None   Next
0…   5…


0  Introductionp. 5

3GPP TS 22.011 defines a new service to provide Restricted Local Operator Services (RLOS) for unauthenticated UEs. The present document is a study of the security aspects of this service.

1  Scopep. 6

The present document will examine potential security and privacy threat scenarios enabled by PARLOS, evaluate whether solutions need to be found for these and, if required, identify security solutions and approaches which can mitigate the identified security and privacy threat scenarios while meeting the US regulatory obligations spelled out in the referenced regulations. The present document will make recommendations on the solutions considered.
The present document will consider user notification regarding security and privacy risks when using PARLOS.
The present document will consider the applicability of external security and privacy standards (e.g. Payment Card Industry Data Security Standard) to PARLOS.

2  Referencesp. 6

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
TR 21.905: "Vocabulary for 3GPP Specifications".
TS 22.011: "Service accessibility".
TS 22.101: "Service aspects; service principles".
TR 22.820: "Study on Provision of Access to Restricted Local Operator Services by Unauthenticated UEs; Stage 1".
TS 33.401: "3GPP System Architecture Evolution (SAE); Security architecture".

3  Definitions of terms, symbols and abbreviationsp. 6

3.1  Termsp. 6

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

3.2  Symbolsp. 6


3.3  Abbreviationsp. 6

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
Restricted Local Operator Service

4  Backgroundp. 7

4.1  Summaryp. 7

Work on RLOS service definition and requirements for unauthenticated UEs (PARLOS) driven primarily by US regulatory obligations to support manual roaming has been completed in [2], [3] and [4]. Meeting this US regulatory obligation add security risks and potential vulnerabilities to devices and networks supporting RLOS.
The ability to provide access to such local services has been available to U.S. operators on a proprietary basis on CS legacy networks. However, the wide deployment of LTE and corresponding introduction of VoLTE creates regulatory obligations on US operators for a standardized mechanism to allow a UE to access these services via LTE and NR (e.g., dialling a particular digit string, accessing a captive portal) without necessarily being successfully authenticated for access.

4.2  Manual roaming in operationp. 7

Manual roaming, an FCC obligation on US operators was first established in 1981, enhanced in 1994 and revisited without modification several times since. In summary, manual roaming is a requirement that US networks need to provide basic outbound only voice calling for users with a UE which is technically capable of connecting to a network's base stations (e.g. supporting the same bandclass), when there is no roaming agreement with the home network operator
In terms of the usage of this service in the US, some measure of the scale is over 23 million call attempts/month (276 million/year).
As a practical matter, while the US FCC regulations only applies to subscribers of US networks without domestic roaming agreements, it is currently not possible to distinguish other devices not covered by the regulation, manual roaming service is generally made available to all unauthenticated devices without distinction.
This service is also provided in Canada but the Canadian manual roaming regulatory framework has not been identified.

4.3  Manual roaming servicep. 7

The following high-level flow describes the typical manual roaming service for most US networks' support of manual roaming.
  1. The UE is unauthenticated and not registered in a US network, but is technically capable of connecting to the network's base station.
  2. The user attempts to make a call.
  3. The UE attempts to attach to a network as part of the call attempt but fails authentication.
  4. The network verifies that the call is not an emergency call (911).
  5. The network then forwards the call to the manual roaming service provider's IVR without further analysis of any signalling such as dialled digits.
  6. The user interacts with the manual roaming service provider's IVR to provide financial payment information such as a prepaid account or a credit card.
  7. After the financial information has been validated by the IVR, the call is placed to the desired number by the IVR (re-originated).
  8. After the call is completed, the call is disconnected. If the user wants to make additional calls, the payment information needs to be re-entered.
Manual roaming only supports outbound calls, not inbound calls. This is the major difference between manual roaming and operator provided or operator supported pre-paid service.

4.4  Manual roaming implications for RLOSp. 8

The following list are specific aspects of manual roaming which apply to RLOS:
  1. Only outbound initiated communication needs to be supported.
  2. There is no need to send any 3GPP subscriber, user or device identities to the manual roaming service platform.
  3. The service is on a per session or per call basis and needs to be re-established for subsequent sessions.
  4. User interactions with manual roaming service IVR platform and manual roaming calling is outside the scope of RLOS. RLOS only provides the means to access the manual roaming service. In many cases the user interaction will be external to the 3GPP network.
  5. Business or financial risks of providing manual roaming is outside the scope of RLOS. Rather these risks are handled by their manual roaming service platform.
Since manual roaming is a separate business and financial transaction separate from and not based on the user's subscription status with any operator, issues of IMEI blacklisting is only applicable based on RLOS operator implementation and home network operator service restrictions is not applicable. It should be noted as well, that manual roaming only provides outbound calling, a limited subset of voice services.

Up   Top   ToC