The present document investigates the IMS H.248 profiles requirements and procedures to support the stage 2 requirements specified in TS 33.328 for Extended IMS media plane security features.
This includes in particular the following aspects:
Provide end-to access edge protection of session based messaging (MSRP) traffic using TLS and certificates fingerprints exchanged over SDP;
Provide end-to-end protection of session based messaging (MSRP) traffic using TLS;
Provide end-to access edge protection of BFCP based traffic, using TLS and certificates fingerprints exchanged over SDP;
Provide optional support of TLS protection of BFCP and MSRP based traffic at the Conference Server.
Analyse requirements and procedures for end-to-end TCP bearer connection control and related NAT traversal support.
Provide support of TCP-based IP transport connections for TLS security sessions, which includes possible NAT traversal support during the TCP connection establishment phase, possible correlations between the establishment (and release) events of TCP connections with TLS session establishment (and release).
Provide end-to access edge protection of T.38 fax using DTLS.
This study will cover:
Identification of the key issues and the main design considerations that should drive the definition of stage 2 requirements and procedures for the Iq, Ix and Mp profiles;
Identification of the requirements and procedures for the Iq, Ix and Mp profiles for support of end-to-access edge and end-to-end media security for session-based messaging (MSRP [6]) and conferencing (BFCP [16]);
Identification of the requirements and procedures for the Iq profile for support of end-to-access edge media security for T.38 fax over UDPTL/UDP transport;
Identification of the ITU-T H.248 extensions necessary to fulfil the 3GPP requirements and identification of potential missing gaps that should be taken into account by ITU-T Q3/16;
Conclusions and Recommendations for the normative work.
The results of this study will be used to identify the changes required in the 3GPP specifications to support Extended IMS media plane security.