Tech-invite3GPPspaceIETF RFCsSIP
Quick21222324252627282931323334353637384‑5x

Content for  TR 33.880  Word version:  15.1.0

Top   Top   None   None   Next
1…   4…   7…   8…

 

1  Scopep. 12

This document contains a study of the security aspects of the Mission-Critical service. It enhances the security solutions defined for MCPTT in TS 33.179 to support the common functional architecture (MC_ARCH), enhancements to MCPTT (eMCPTT), data services (MCData), video services (MCVideo) and migration and interconnect services with partner systems (MCSMI).
In each case, this study includes an analysis of the threats to the service, the security requirements to mitigate those threats and an evaluation of possible technical solutions designed to meet the security requirements of the service.
Stage 2 aspects of the mission critical services are defined within TS 23.179, TS 23.280, TS 23.281, TS 23.282, TR 23.781, TR 23.782 and TS 33.179. Stage 1 requirements are defined in TS 22.179, TS 22.280, TS 22.281 and TS 22.282.
Up

2  Referencesp. 12

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 23.179: "Functional architecture and information flows to support mission critical communication services".
[3]
TS 33.179: "Security of Mission Critical Push To Talk (MCPTT) over LTE".
[4]
TS 22.179: "Mission Critical Push to Talk (MCPTT) over LTE".
[5]
TS 22.280: "Mission Critical Services Common Requirements".
[6]
TS 22.281: "Mission Critical Video over LTE".
[7]
TS 22.282: "Mission Critical Data over LTE".
[8]
TS 23.280: "Common functional architecture to support mission critical services".
[9]
TS 23.281: "Functional architecture and information flows for mission critical video".
[10]
TS 23.282: "Functional model and information flows for Mission Critical Data".
[11]
TR 23.781: "Study into interconnect and migration between MCPTT systems".
[12]
TR 23.782: "Feasibility Study on Mission Critical Communication Interworking between LTE and non-LTE LMR systems".
[13]
RFC 7521:  "Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants".
[14]
RFC 7523:  "JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants".
[15]
RFC 7515:  "JSON Web Signature (JWS)".
[16]
draft-ietf-oauth-token-exchange-05:  "OAuth 2.0 Token Exchange", https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-05.
[17]
TS 24.380: "Mission Critical Push To Talk (MCPTT) media plane control; Protocol specification".
[18]
TS 23.468: "Group Communication System Enablers for LTE (GCSE_LTE)".
[19]
TS 23.379: "Functional architecture and information flows to support Mission Critical Push To Talk (MCPTT);"
[20]
RFC 6509:  "MIKEY-SAKKE: Sakai-Kasahara Key Encryption in Multimedia Internet KEYing (MIKEY)".
[21]
TS 33.180: "Security of the mission critical service".
[22]
RFC 6507:  "Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI)".
[23]
TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2".
[24]
RFC 5853:  "Requirements from Session Initiation Protocol (SIP) Session Border Control (SBC) Deployments".
[25]
TS 23.283: "Mission Critical Communication Interworking with Land Mobile Radio Systems".
[26]
RFC 5116:  "An Interface and Algorithms for Authenticated Encryption".
[27]
TS 23.283: "Mission Critical Communication Interworking with Land Mobile Radio Systems; Stage 2"
Up

3  Definitions, symbols and abbreviationsp. 13

3.1  Definitionsp. 13

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Primary MCPTT System:
MCPTT system where the MCPTT User Profile of an MCPTT User is defined.
Partner MCPTT System:
Allied MCPTT system that provides MCPTT Services to an MCPTT User based on the MCPTT User Profile that is defined in the Primary MCPTT System of that MCPTT User.
Security Domain:
A security domain is a group of MCX users who share common security requirements and policies for their communications. From a technical perspective, users within a security domain share a KMS and KMS certificate. MCX users may be members of one or more security domains.
Home Security Domain:
The MCX user's primary security domain.
External Security Domain:
A security domain that is not the user's home security domain. Secure communications with an external security domain may or may not be permitted by the home security domain.
Home KMS:
The KMS that acts as the root of trust of the Home Security Domain.
External KMS:
The KMS which acts as the root of trust for a specific External Security Domain.
KMS Certificate:
A certificate required to communicate with a security domain to support identity-based cryptography. This differs from X.509 certificates used for traditional PKI. See Annex D.3.1 within TS 33.179.
MC Security Gateway (SeGy):
A function which terminates MC security to allow for interworking with external systems that do not support mission critical security mechanisms.
Up

3.2  Abbreviationsp. 14

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply.
An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
CA
Certificate Authority
CSC
Common Services Core
CSK
Client-Server Key
CSK-ID
Client-Server Key Identifier
DL
Downlink
DoS
Denial of Service
eMCPTT
Enhanced Mission Critical Push-to-Talk
GCS
Group Controlling Server
GDK
Group Data Key
GDK-ID
Group Data Key Identifier
GMK
Group Master Key
GMS
Group Management Server
IBE
Identity-Based Encryption
IdM
Identity Management
IdMS
Identity Management Server
JSON
JavaScript Object Notation
JWS
JSON Web Signature
JWT
JSON Web Token
KDF
Key Derivation Function
KFC
Key For Control Signalling
KMS
Key Management Server
LI
Lawful Interception
MBMS
Multimedia Broadcast/Multicast Service
MBSFN
Multimedia Broadcast Single Frequency Network
MC
Mission Critical
MCCI
Mission Critical Communication Interworking
MCData
Mission Critical Data
MCPTT
Mission Critical Push to Talk
MCSEC
Mission Critical SECurity
MCSMI
Mission Critical Study on Migration and Interconnect
MCVideo
Mission Critical Video
MCX
Mission Critical Services
MitM
Man-in-the-Middle
MKFC
Multicast Key Floor Control
MSCCK
MBMS Sub- Channel Control Key
MuSiK
Multicast Signalling Key
PCK
Private Call Key
PDK
Private Data Key
PDK-ID
Private Data Key Identifier
PFK
Participating Function Key
PKI
Public Key Infrastructure
ROC
Roll-Over-Counter
RTP
Real-Time Transport Protocol
SDS
Short Data Services
SeGy
MC Security Gateway
SPK
SIP Protection Key
SRTCP
Secure Real-Time Transport Control Protocol
SRTP
Secure Real-Time Transport Protocol
SSRC
Synchronization Source
TGMK
Temporary Group Master Key
TMGI
Temporary Mobile Group Identity
UID
User Identifier
Up

Up   Top   ToC