Content for TS 29.204 Word version: 17.0.0

0 Introduction p. 4

The absence of security in Signalling System No. 7 (SS7) networks is an identified security weakness in 2G systems. This was formerly perceived not to be a problem, since the SS7 networks were the provinces of a small number of large institutions. This is no longer the case, and so there is now a need for security precautions.

For 3G systems it is a clear goal to be able to protect inter-network SS7 signalling protocols. The protection is done by security gateways which are located at the network border. As a consequence intra network SS7 signalling is not protected and network elements other than Security Gateways are not impacted.

1 Scope p. 5

The present document provides functional description of the SS7 Security Gateway. The document covers also network architecture, routeing considerations, and protocol details.

2 References p. 5

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

[1]

TS 29.002: "Mobile Application Part (MAP) specification".

[2]

TS 29.078: "Customized Applications for Mobile network Enhanced Logic (CAMEL) Phase 4; CAMEL Application Part (CAP) specification".

[3]

ETSI ETS 300 358: "ISDN Completion of Calls to Busy Subscriber (CCBS) supplementary service; Functional capabilities and information flows".

[4]

TS 23.066: "Support of GSM Mobile Number Portability (MNP) stage 2".

[5]

ITU-T Recommendation Q.773: "Specifications of Signalling System No.7; Transaction capabilities formats and encoding".

[6]

TS 33.200: "3G Security; Network Domain Security (NDS); Mobile Application Part (MAP) application layer security".

[7]

ITU-T Recommendation E.164: " The international public telecommunication numbering plan".

[8]

TS 33.204: "3G Security; Network Domain Security (NDS); Transaction Capabilities Application Part (TCAP) user security".

[9]

ITU-T Recommendations Q.711 to Q.716 (07/96): White Book Signalling Connection Control Part (SCCP).

[10]

TS 21.905: "Vocabulary for 3GPP Specifications".

3 Definitions and abbreviations p. 5

3.1 Definitions p. 5

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

TCAP user:

Application Part identified by one of the following SCCP Subsystem Numbers:

0000 0110

HLR (MAP)

0000 0111

VLR (MAP)

0000 1000

MSC (MAP)

0000 1001

EIR (MAP)

0000 1010

is allocated for evolution (possible Authentication Centre)

1001 0001

GMLC (MAP)

1001 0010

CAP

1001 0011

gsmSCF (MAP) or IM-SSF (MAP) or Presence Network Agent

1001 0101

SGSN (MAP)

1001 0110

GGSN (MAP)

0000 1011

SSAP

3.2 Abbreviations p. 6

For the purposes of the present document, the following abbreviations apply:

Country Code

GSMA

Global System for Mobile communications Association

Initialisation Vector

MAC

Message Authentication Code

MNP

Mobile Number Portability

MSISDN

Mobile Station International ISDN Number

NDC

National Destination Code

Network Entit

PLMN

Public Land Mobile Network y

Routeing Number

SAD

Security Association Database

SEG

Security Gateway

SPD

Security Policy Database

SPI

Security Parameter Index

SRF

Signalling Relay Functio

TCAP

Transcaction Capabilities Application Part

UDT

SCCP Unitdata message

XUDT

SCCP Extended Unitdata message n