Content for TS 23.333 Word version: 18.1.0

1… 4 5… 5.8… 5.12… 5.14… 5.20… 5.24… 6… 6.1.8… 6.2… 6.2.3… 6.2.4… 6.2.5 6.2.6… 6.2.7… 6.2.8… 6.2.9… 6.2.10… 6.2.10.2.7 6.2.10.3… 6.2.11… 6.2.13… 6.2.13.2.6… 6.2.14… 6.2.15… 6.2.16… 6.2.18… 6.2.19… 6.2.19.3… 6.2.20… 6.2.21… 6.2.22… 6.2.23 6.2.24… 7 8… 8.11… 8.20 8.21 8.22 8.23… 8.30… 8.39… 8.45… 8.56…

6.2.19.3 Specific procedures for Floor Control Service (BFCP) 6.2.19.4 TLS session establishment Failure Indication
...

6.2.19.3 Specific procedures for Floor Control Service (BFCP) p. 135

6.2.19.3.1 IMS UE requesting e2e protected Floor control connection p. 135

Figure 6.2.19.3.1.1 shows a "dial-in" conference procedure for one BFCP session with an e2e media protection using TLS and KMS based security.

Copy of original 3GPP image for 3GPP TS 23.333, Fig. 6.2.19.3.1.1: UE requesting Floor control connection with FCS/MRFP - example call flow for e2e case

Figure 6.2.19.3.1.1: UE requesting Floor control connection with FCS/MRFP - example call flow for e2e case
(⇒ copy of original 3GPP image)

The IMS UE-A wants to establish a Floor control connection with a Floor Control Server (FCS), located in the MRFP. The IMS UE-A and the MRFC perform a Floor control connection set-up according to TS 23.228, TS 24.147 and with modifications described in TS 33.328.

The procedure in the Figure 6.2.19.3.1.1 for requesting e2e security of the Floor control connection is described step-by-step with an emphasis on the additional aspects for the MRFC and the MRFP of the e2e media protection using TLS and KMS.

Step 1.

As step 1 in clause 6.2.19.2.1.

Step 2.

As step 2 in clause 6.2.19.2.1 with the exception that SDP offer indicates "TCP/TLS/BFCP" as transport protocol.

Step 3.

As step 3 in clause 6.2.19.2.1.

Step 4. - 6.

The MRFC uses the "Configure BFCP Termination" procedure to request a termination for "TCP/TLS/BFCP" media. The MRFC provides an IP address and port received from the IMS UE-A and includes a Pre-Shared Key information element containing the derived PSK i.e. the Traffic-Encrypting Key associated with the Crypto Session that will be used by the MRFP in TLS handshake. The MRFC includes a Notify TCP connection establishment Failure Event information element to request the MRFP to report an unsuccessful TCP connection set-up and a Notify TLS session establishment Failure Event information element to request the MRFP to report an unsuccessful TLS session set-up. In accordance to the information in the "a=setup" SDP attribute that will be sent in an SDP answer the MFRC requests the MRFP to start a TCP connection establishment.

Step 7.

As step 7 in clause 6.2.19.2.1.

Step 8.

As step 9 in clause 6.2.19.2.1.

Step 9.

As step 10 in clause 6.2.19.2.1 with the exception that the SDP answer indicates "TCP/TLS/BFCP" as transport protocol.

Step 10.

Upon completion of the TCP connection establishment and the reception of the SDP answer with a key management data, the IMS UE-A starts a TLS session establishment, in accordance to RFC 4583, using the received PSK to set-up a TLS-PSK tunnel to protect MSRP messages.

6.2.19.4 TLS session establishment Failure Indication p. 137

The MRFP shall use a Notify TLS session establishment Failure Indication procedure to report TLS session establishment related failures.

The Figure 6.2.19.4.1 shows the message sequence chart example when the MRFP reports an unsuccessful TLS session set-up to the MRFC.

Copy of original 3GPP image for 3GPP TS 23.333, Fig. 6.2.19.4.1: TLS session establishment Failure Indication

Figure 6.2.19.4.1: TLS session establishment Failure Indication
(⇒ copy of original 3GPP image)