Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.822  Word version:  8.0.0

Top   Top   None   None   Next
1…   4…
1 Scope2 References3 Definitions, symbols and abbreviations3.1 Definitions3.2 Symbols3.3 Abbreviations
...

 

1  Scopep. 6

This document studies the security architecture, i.e. the security features and the security mechanisms for inter-access mobility between 3GPP access system and non-3GPP access systems. For the general architecture for inter-access mobility cf. TR 23.882]. This report is meant to provide more detail on the security aspects of inter-access mobility.
The scope should be extended to the mobility between two non-3GPP access systems, which interwork with 3GPP core entities. An example would be the mobility between two WLAN access systems providing 3GPP IP access.
Disclaimer: This TR reflects the discussions held in 3GPP SA3 while 3GPP SA3 was working towards TS 33.402. This TR may therefore be useful to better understand the basis on which decisions in TS 33.402 were taken, and which alternatives were under discussion. However, none of the text in this TR shall be quoted as reflecting 3GPP's position in any way. Rather, 3GPP's position on security for non-3GPP access to EPS is reflected in the normative text in TS 33.402. Information in the TR may be inaccurate and outdated. One example of outdated text can be found in clause 4.1 and clause 4.2 on alternatives for authentication protocols. The choices of authentication protocols finally made by 3GPP can be found in TS 33.401 and TS 33.402 respectively.
Up

2  Referencesp. 6

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 23.882: "3rd Generation Partnership Project; 3GPP System Architecture Evolution: Report on Technical Options and Conclusions".
[2]
TS 33.234: "3rd Generation Partnership Project; Wireless Local Area Network (WLAN) interworking security".
[3]
TS 29.061: "3rd Generation Partnership Project; Technical Specification Group Core Network; Interworking between the Public Land Mobile Network (PLMN) supporting packet based services and Packet Data Networks (PDN)".
[4]
TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security".
[5]
"IKEv2 Mobility and Multihoming Protocol (MOBIKE)", draft-ietf-mobike-protocol-03.txt, Sep 2005.
[6]
RFC 3957  "Authentication, Authorization, and Accounting (AAA) Registration Keys for Mobile IPv4".
[7]
"NETLMM protocol", draft-giaretta-netlmm-dt-protocol-00.txt, June 2006.
[8]
RFC 4285  "Authentication Protocol for Mobile IPv6".
[9]
"Mobile IPv6 Bootstrapping for the Authentication Option Protocol", draft-devarapalli-mip6-authprotocol-bootstrap-03.txt, September 2007.
[10]
"Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction", draft-ietf-dime-mip6-split-05.txt, September 2007.
[11]
"Proxy Mobile IPv6", draft-ietf-netlmm-proxymip6-06.txt, September 2007.
[12]
RFC 4832  "Security threats of network based mobility management".
[13]
TS 33.401: "3GPP System Architecture Evolution (SAE); Security Architecture".
[14]
TS 33.402: "3GPP System Architecture Evolution (SAE); Security aspects of non- 3GPP accesses".
Up

3  Definitions, symbols and abbreviationsp. 7

3.1  Definitionsp. 7

For the purposes of the present document, the following apply:
Access network:
one of following access network: GPRS IP access, WLAN 3GPP IP access, WLAN Direct IP access LTE, WiMax, etc.
Data origin authentication:
The corroboration that the source of data received is as claimed.
WLAN 3GPP IP Access:
Access to an IP network via the 3GPP system.
WLAN Direct IP Access:
Access to an IP network is direct from the WLAN AN.
3GPP - WLAN Interworking:
Used generically to refer to interworking between the 3GPP system and the WLAN family of standards.
Trusted Access:
A non-3GPP IP Access Network is defined as a "trusted non-3GPP IP Access Network" if the 3GPP EPC system chooses to trust such non-3GPP IP access network. The 3GPP EPC system may choose to trust the non-3GPP IP access network operated by the same or different operators, e.g. based on business agreements. Specific security mechanisms may be in place between the trusted non-3GPP IP Access Network and the 3GPP EPC to avoid security threats. The decision whether a specific non-3GPP IP Access Network is trusted or untrusted is up to the 3GPP EPC operator, and is not based on the specific link-layer technology adopted by the non-3GPP IP Access Network.
Source access system:
in handover situations, this is the access system, from which the UE is handed over.
Target access system:
in handover situations, this is the access system, to which the UE is handed over.
Up

3.2  Symbolsp. 7

For the purposes of the present document, the following symbols apply:
Gi
Reference point between GPRS and an external packet data network
Wi
Reference point is similar to the Gi reference point, applies to WLAN 3GPP IP Access
Wm
Reference point is located between 3GPP AAA Server and Packet Data Gateway respectively between 3GPP AAA Proxy and Packet Data Gateway
Wu
Reference point is located between the WLAN UE and the PDG. It represents the WLAN UE-initiated tunnel between the WLAN UE and the PDG
Gi+/Wi+
Mobile IP signalling and bearer plane between the Gateway (i.e. GGSN or PDG) and the MIP HA;
Up

3.3  Abbreviationsp. 7

For the purposes of the present document, the following abbreviations apply:
AAA
Authentication Authorisation Accounting
AN
Access network
APN
Access Point Name
BSF
Bootstrapping Function
DS-MIPv6
Dual stack MIP
FA
Foreign Agent
GBA
Generic Bootstrapping Architecture
GGSN
Gateway GPRS Support Node
HA
Home agency
HN
Home network
IP
Internet Protocol
IPSec
IP Security protocol
I-WAN
Interworking Wireless Local Area Network
MIP
IP mobility
MOBIKE
IKEv2 Mobility and Multihoming Protocol
MS
Mobile Station
MN
Mobile Node
NAI
Network Access Identifier
NAT
Network Address Translation
NAF
Network Application Function
NETLMM
Network-based localized mobility management
PDG
Packet Data Gateway
PDP
Packet Data Protocol
RFC
Request For Comments
RRQ
MIPv4 Registration Request
RRP
MIPv4 Registration Response
SAE
System Architecture Evolution
SGSN
Serving GPRS Support Node
SPI
Security Parameter Index
URI
Uniform Resource Identifier
USIM
UMTS subscriber identity module
UE
User Equipment
Up

Up   Top   ToC