Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.890
Study on Security support for Next Generation Real Time Communication services

3GPP‑Page  
V18.0.0 (Wzip)  2023/06  23 p.
Rapporteur:
Mr. Li, Fei
HUAWEI TECHNOLOGIES Co. Ltd.

full Table of Contents for  TR 33.890  Word version:  18.0.0

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 Assumptions5 Key issues6 Proposed solutions7 Conclusions$ Change history

 

1  Scopep. 6

The present document studies security aspects for any potential enhancements based on the ongoing study in TR 23.700-87. For each of the key issues in the scope of the SA WG2 study, the security aspects that are to be covered in this study are as follows:
  • Analysing the potential security aspects on how to verify and authorize the 3rd party specific identity information during a call both on originating and terminating sides.
  • Analysing potential security impacts from supporting service-based architecture in IMS media control interfaces.
  • Analysing potential security aspects to support Data Channel usage in IMS network.
Up

2  Referencesp. 6

3  Definitions of terms, symbols and abbreviationsp. 6

3.1  Termsp. 6

3.2  Symbolsp. 7

3.3  Abbreviationsp. 7

4  Assumptionsp. 7

5  Key issuesp. 7

5.1  Key issue #1: Third party specific user identitiesp. 7

5.1.1  Key issue detailsp. 7

5.1.2  Threatsp. 7

5.1.3  Potential security requirementsp. 7

5.2  Key issue #2: Security aspects of Data Channel usage in IMS networkp. 8

5.2.1  Key issue detailsp. 8

5.2.2  Security threatsp. 8

5.2.3  Potential security requirementsp. 8

5.3  Key issue #3: security aspects of SBA in IMS media control planep. 8

5.3.1  Key issue detailsp. 8

5.3.2  Security threatsp. 8

5.3.3  Potential security requirementsp. 8

6  Proposed solutionsp. 9

6.0  Mapping of solutions to key issuesp. 9

6.1  Solution #1: How the Originating IMS network signs the 3rd party IDs and terminating IMS network verifies the 3rd party IDsp. 9

6.1.1  Introductionp. 9

6.1.2  Solution detailsp. 9

6.1.2.1  Solution Descriptionp. 9

6.1.2.2  How Originating IMS network invokes the signing on behalf of 3rd party (SIP trunk)p. 11

6.1.2.3  How Originating IMS network invokes the signing on behalf of 3rd party (Single SIP registration)p. 12

6.1.3  Evaluationp. 14

6.2  Solution #2: SHAKEN based third-party specific user identitiesp. 14

6.2.1  Introductionp. 14

6.2.2  Solution detailsp. 14

6.2.2.1  General proceduresp. 14

6.2.2.2  Alternative authorisation procedurep. 16

6.2.3  Evaluationp. 16

6.3  Solution #3: Service based interface protection in media control planep. 16

6.3.1  Introductionp. 16

6.3.2  Solution detailsp. 16

6.3.2.1  Protection at the network or transport layerp. 16

6.3.2.2  Authentication and authorizationp. 16

6.3.3  Evaluationp. 16

6.4  Solution #4: End-to-access-edge security for IMS data channelsp. 16

6.4.1  Introductionp. 16

6.4.2  Solution detailsp. 16

6.4.3  Evaluationp. 17

6.5  Solution #5: How to avoid e2ae limitation and achieve e2e security for IMS Data Channelp. 17

6.5.1  Introductionp. 17

6.5.2  Solution detailsp. 18

6.5.2.1  Solution Descriptionp. 18

6.5.3  Evaluationp. 19

7  Conclusionsp. 19

7.1  Conclusion on Key Issue #3p. 19

7.2  Conclusion on Key Issue #2p. 19

7.3  Conclusions for Key Issue #1p. 19

$  Change historyp. 20

Up   Top