Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.879  Word version:  13.1.0

Top   Top   None   None   Next
1…   4…

 

1  Scopep. 8

The present document contains a study of the security aspects of the Mission-Critical Push-To-Talk (MCPTT) service and its interaction with the network. This includes an analysis of the threats to the service, the security requirements to mitigate those threats and an evaluation of possible technical solutions designed to meet the security requirements of the service.
The Stage 1 requirements for the service are defined in TS 22.179. An evaluation of Stage 2 architectural solutions for MCPTT is performed in TR 23.779 and TS 23.179. This study will include consideration of relevant 3GPP specifications, particularly for ProSe (TS 33.303, TS 23.303) and GCSE (TS 23.468).
The focus of the present document is to support public-safety use cases of MCPTT. Commercial scenarios are not specifically considered and some features may not be applicable to them.
Up

2  Referencesp. 8

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 22.179: "Mission Critical Push To Talk (MCPTT) over LTE".
[3]
TR 23.779: "Study on architectural enhancements to support Mission Critical Push To Talk over LTE (MCPTT) services".
[4]
TS 33.303: "Proximity-based Services (ProSe); Security aspects".
[5]
TS 23.303: "Proximity-based services (ProSe); Stage 2".
[6]
TS 23.468: "Group Communication System Enablers for LTE (GCSE_LTE); Stage 2".
[7]
RFC 3711:  "The Secure Real-time Transport Protocol (SRTP)".
[8]
TS 33.210: ''3G security; Network Domain Security (NDS); IP network layer security''.
[9]
TS 33.203: ''3G security; Access security for IP-based services''.
[10]
TS 23.179: "Functional architecture and information flows to support mission critical communication services".
[11]
TS 29.468: "Group Communication System Enablers for LTE (GCSE_LTE); MB2 reference point".
[12]
TS 33.328: ''IP Multimedia Subsystem (IMS) media plane security''.
[13]
RFC 6509:  ''MIKEY-SAKKE: Sakai-Kasahara Key Encryption in Multimedia Internet KEYing (MIKEY)''.
[14]
RFC 3550:  ''RTP: A Transport Protocol for Real-Time Applications''.
[15]
IETF RFC 7636: "Proof Key for Code Exchange by OAuth Public Clients".
[16]
OpenID Foundation "OpenID Connect Basic Client Implementer's Guide 1.0 - draft 37", http://openid.net/specs/openid-connect-basic-1_0.html.
[17]
OpenID Foundation "OpenID Connect Core 1.0 incorporating errata set 1", http://openid.net/specs/openid-connect-core-1_0.html
[18]  void.
[20]  void.
[21]
TS 33.401: ''3GPP System Architecture Evolution (SAE); Security architecture''.
[22]
TR 33.888: "Study on security issues to support Group Communication System Enablers (GCSE) for LTE".
[23]
TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2".
[24]
TS 23.002: "Network Architecture".
[25]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[26]
RFC 6507:  "Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI)".
[27]
RFC 6508:  "Sakai-Kasahara Key Encryption (SAKKE)".
[28]
IETF RFC 7714: "AES-GCM Authenticated Encryption in Secure RTP (SRTP) "
[29]
TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)"
[30]
RFC 5751:  "Secure/Multipurpose Internet Main Extensions (S/MIME) Version 3.2 Message Specification".
[31]
RFC 4483:  "A Mechanism for Content Indirection in Session Initiation Protocol (SIP) Messages".
[32]
RFC 4825:  "The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)".
[33]
RFC 5652:  "Cryptographic Message Syntax (CMS)".
[34]
W3C "XML Encryption Syntax and Processing Version 1.1", https://www.w3.org/TR/xmlenc-core1/.
[35]
W3C "XML Signature Syntax and Processing (Second Edition)", http://www.w3.org/TR/xmldsig-core/.
[36]
RFC 3830:  " MIKEY: Multimedia Internet KEYing".
Up

3  Definitions and abbreviationsp. 9

3.1  Definitionsp. 9

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Terms and definitions given in TS 22.179 also apply in this document.
Ambient Listening:
The ability to remotely activate the microphone on a user's terminal (as long as the radio is turned on) without that person's knowledge and to hear what is happening or being said in the immediate vicinity of the microphone.
Discreet Listening:
A service enabling an authorised user like a dispatcher to covertly (secretly) monitor the calls in progress
Up

3.2  Abbreviationsp. 10

For the purposes of the present document, the abbreviations given in TR 21.905 , TS 23.179, and the following apply.
An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
CSC
Common Services Core
DMO
Direct Mode Operation
GMK
Group Master Key
GMK-ID
Group Master Key Identifier
GMS
Group Management Server
GUK-ID
Group User Key Identifier
IdM
Identity Management
IDRi
IDentiy Role initiator
KMS
Key Management Server
MBCP
Media Burst Control Protocol
MCPTT
Mission Critical Push to Talk
MIKEY
Multimedia Internet KEYing
MKI
Master Key Identifier
OIDC
OpenID Connect
PCK
Private Call Key
PCK-ID
Private Call Key Identifier
PSK
Pre-Shared Key
RTCP
Real-Time Transport Control Protocol
S/MIME
Secure / Multipurpose Internet Mail Extensions
SDES
Session Description Protocol Security
SRTCP
Secure Real-Time Transport Control Protocol
SRTP
Secure Real-Time Transport Protocol
ROC
Roll-Over-Counter
SSRC
Synchronization Source
TBCP
Talk Burst Control Protocol
UID
User Identity
Up

Up   Top   ToC