tech-invite   World Map     

3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search

Top          in Index          Prev          Next

TS 33.210 (SA3)
3G Security – Network Domain Security (NDS) IP network layer security

|   ToC   |   3GPP‑Page   |   ETSI‑search   |   Help   |

(P) V14.0.0    2016/12    26 p.
(P) V13.0.0    2015/12    25 p.
(P) V12.2.0    2012/12    26 p.
(P) V11.4.0    2012/09    26 p.
(P) V10.3.0    2011/06    26 p.
(P) V9.1.0    2010/06    25 p.
(P) V8.3.0    2009/06    25 p.
(P) V7.3.0    2007/09    23 p.
(P) V6.6.0    2006/10    23 p.
(P) V5.5.0    2003/09    21 p.

Rapporteur:  Mr. Kohalmi, Steve
See also:  SEC-related TS/TR

An identified security weakness in 2G systems is the absence of security in the core network. This was formerly perceived not to be a problem, since the 2G networks previously were the provinces of a small number of large institutions. This is no longer the case, and so there is now a need for security precautions. Another significant development has been the introduction of IP as the network layer in the GPRS backbone network and then later in the UMTS network domain. Furthermore, IP is not only used for signalling traffic, but also for user traffic. The introduction of IP therefore signifies not only a shift towards packet switching, which is a major change by its own accounts, but also a shift towards completely open and easily accessible protocols. The implication is that from a security point of view, a whole new set of threats and risks must be faced.

For 3G and fixed broadband systems it is a clear goal to be able to protect the core network signalling protocols, and by implication this means that security solutions must be found for both SS7 and IP based protocols.

The security services that have been identified as being needed are confidentiality, integrity, authentication and antireplay protection. These will be ensured by standard procedures, based on cryptographic techniques.

This TS defines the security architecture for network domain IP based control planes, which shall be applied to NDS/IP-networks (i.e. 3GPP and fixed broadband networks). The scope of network domain control plane security is to cover the control signalling on selected interfaces between network elements of NDS/IP networks.


Here          Top


1 Scope    2 References    3 Definitions, symbols and abbreviations    3.1 Definitions    3.2 Symbols    3.3 Abbreviations    4 Overview over network domain security for IP based protocols    4.1 Introduction    4.2 Protection at the network layer    4.3 Security for native IP based protocols    4.4 Security domains    4.5 Security Gateways (SEGs)    5 Key management and distribution architecture for NDS/IP    5.1 Security services afforded to the protocols    5.2 Security Associations (SAs)    5.3 Profiling of IPsec    5.4 Profiling of IKEv2    5.5 Security policy granularity    5.6 Network domain security key management and distribution architecture for native IP based protocols    A Other issues    A.1 Network Address Translators (NATs) and Transition Gateways (TrGWs)    A.2 Filtering routers and firewalls    A.3 The relationship between BGs and SEGs    B [N] Security protection for GTP    B.0 General    B.1 The need for security protection    B.2 Policy discrimination of GTP-C and GTP-U    B.3 Protection of GTP-C transport protocols and interfaces    C [N] Security protection of IMS protocols    C.0 General    C.1 The need for security protection    C.2 Protection of IMS protocols and interfaces    D [N] Security protection of UTRAN/GERAN IP transport protocols    D.0 General    D.1 The need for security protection    D.2 Protection of UTRAN/GERAN IP transport protocols and interfaces    E RFC-4303 compared with RFC-2406    F Change history   


1   Scope [R5]   PDF-p. 6
2   References [R5]
3   Definitions, symbols and abbreviations [R5]   PDF-p. 7
4   Overview over network domain security for IP based protocols [R5]   PDF-p. 9
5   Key management and distribution architecture for NDS/IP [R5]   PDF-p. 10
A   Other issues [R5]   PDF-p. 17
B  (Normative)   Security protection for GTP [R5]   PDF-p. 18
C  (Normative)   Security protection of IMS protocols [R5]   PDF-p. 20
D  (Normative)   Security protection of UTRAN/GERAN IP transport protocols [R6]   PDF-p. 21
E   RFC-4303 compared with RFC-2406 [R8]   PDF-p. 22      Up
F   Change history   PDF-p. 23

Up          Top