Rel-9 MEDIASEC work resulted in the specification of solutions for media protection over the access network (e2m) and peer-to-peer (e2e) TS 33.328
. For the peer-to-peer (e2e) media plane security, two solutions were standardized
A media security solution to satisfy major user categories.
A media security solution providing high quality end-to-end media security for important user groups like enterprises, National Security and Public Safety (NSPS) organizations and different government authorities.
However, the solutions do not cope with a number of requirements and relevant use cases of which many are discussed in TR 33.828
. Solutions for use cases like conference (group) calls, protection of non-RTP media, deferred delivery, video/media on demand, AS-terminated media security and transcoder functionality described in TR 33.828
and some widely used use cases like recording of protected media, communication diversion, and single radio voice call continuity (SRVCC) have not been addressed. It is therefore desirable to continue to study and develop solutions for these use cases and to evaluate which normative standardization work that is needed.
The present document details relevant use cases/services for different user groups and corresponding solutions for IMS media plane security which are not covered by TS 33.328
. The corresponding requirements in the Rel-9 study documented in TR 33.828
will be used as a basis. The covered use cases/services are: conference calls, protection of non-RTP media, early media, communication diversion, deferred delivery, protected media recording, video on demand, AS-terminated media security, transcoder functionality and SRVCC. Example user groups are enterprises, National Security and Public Safety (NSPS) organizations, different government authorities, and general public.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
: "Vocabulary for 3GPP Specifications".
: "IP Multimedia Subsystem (IMS) media plane security".
: "IP Multimedia Subsystem (IMS) media plane security".
: "Conferencing using the IP Multimedia (IM), Core Network (CN) subsystem".
"Session Description Protocol (SDP) Format for Binary Floor Control Protocol (BFCP) Streams".
: "Conference (CONF) using IP Multimedia (IM) Core Network (CN) subsystem; Protocol specification".
: "Single Radio Voice Call Continuity (SRVCC); Stage 2".
: "IP Multimedia Subsystem (IMS); Stage 2".
: "Messaging service using the IP Multimedia (IM) Core Network (CN) subsystem; Stage 3".
: "Service level interworking for Messaging Services".
: "Communication Diversion (CDIV) using IP Multimedia (IM) Core Network (CN) subsystem; Protocol specification ".
"Session Initiation Protocol (SIP) Extension for Instant Messaging".
"The Message Session Relay Protocol (MSRP)".
"An Alternative Connection Model for the Message Session Relay Protocol (MSRP)".
"Multiple-Recipient MESSAGE Requests in the Session Initiation Protocol (SIP)".
"A Session Initiation Protocol (SIP) Event Package for Conference State".
" MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY)".
"MIKEY: Multimedia Internet KEYing".
"Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification".
"Cryptographic Message Syntax (CMS)".
: "Network Domain Security (NDS); Authentication Framework (AF)".
"SDP: Session Description Protocol".
"Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP)".
"Session Description Protocol (SDP) Security Descriptions for Media Streams".
: "Terminating Identification Presentation(TIP) and Terminating Identification Restriction (TIR) using IP Multimedia (IM) Core Network (CN) subsystem; Protocol specification".
"An Offer/Answer Model with the Session Description Protocol (SDP)".
"MIKEY-IBAKE: Identity-Based Authenticated Key Exchange (IBAKE) Mode of Key Distribution in Multimedia Internet KEYing (MIKEY) ".
"Integrity Transform Carrying Roll-Over Counter for the Secure Real-time Transport Protocol (SRTP)".
"RTP: A Transport Protocol for Real-Time Applications".
"The Secure Real-Time Transport Protocol".
GSM Association: "Rich Communication Suite 5.0 Advanced Communications, Services and Client Specification", Version 1.0, 19 April 2012
ITU-T recommendation T.38: "Procedures for real-time Group 3 facsimile communication over IP networks".
: "IP Multimedia Subsystem (IMS); Multimedia telephony; Media handling and interaction".
"Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP) ".
"Datagram Transport Layer Security Version 1.2".
"Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS) ".
For the purposes of the present document, the terms and definitions given in TR 21.905
and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905
A key recovery technique for storing knowledge of a cryptographic key or parts thereof in the custody of a third party, so that the key can be recovered and used in specified circumstances. Key escrow can further be characterized as active or passive according to the way the knowledge of the key is obtained. In that sense, active key escrow actively participates and affects the generation of the cryptographic key, while passive key escrow learns of the cryptographic key and does not affect the generation of cryptographic key.
Perfect Forward Secrecy:
For a key agreement protocol, the property that compromising long-term keying material does not compromise session keys that were previously established using the long-term material.
For the purposes of the present document, the following symbols apply:
For the purposes of the present document, the abbreviations given in TR 21.905
and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905