3GPP defined the Generic Authentication Architecture (GAA). The adoption of GAA by other standardization bodies showed that some services can not make the assumption that the User Equipment (UE) has always the possibility to connect to the Bootstrapping Server Function (BSF). This specification introduces a generic push layer that makes use of the GBA Push Function as specified in
TS 33.223.
The present document specifies a generic push layer that makes use of the GBA Push Function as specified in
TS 33.223. The GPL specification includes a message format, cipher suites and processing model. GPL assumes that keys and other SA parameters have been preinstalled in the Push-NAF and UE in the form of a NAF SA. GPL is a protection protocol that can be applied in a unidirectional fashion.
The rationale for GPL is that having each application specify its own security mechanisms would for obvious reasons lead to duplication of work, specifications and implementations. Using a generic secure push layer avoids these problems. A generic secure push layer may also relieve the applications using the service of having to be aware of inner working of the security layer. As an analogy,
TS 33.222 can be mentioned, which provides a generic security layer for HTTP based applications.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
-
References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
-
For a specific reference, subsequent revisions do not apply.
-
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TS 33.220: "Generic Authentication Architecture (GAA); Generic bootstrapping architecture".
[2]
TR 21.905: "Vocabulary for 3GPP Specifications".
[3]
TS 33.223: "Generic Authentication Architecture (GAA); Generic bootstrapping architecture: Push Function"
[4]
TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext; Transfer Protocol over Transport Layer Security (HTTPS)".
[5]
FIPS PUB 180-2 (2002): "Secure Hash Standard".
[6]
RFC 2104 (1997): "HMAC: Keyed-Hashing for Message Authentication".
[7]
ISO/IEC 10118-3:2004: "Information Technology - Security techniques - Hash-functions - Part 3: Dedicated hash-functions".
[8]
NIST Special Publication 800-38 A (2001): "Recommendation for Block Cipher Modes of Operation - Methods and Techniques "
[9]
FIPS PUB 197 (2001): "Advanced Encryption Standard"
[10]
OMA-WAP-TS-WSP-V1_0-20020920-C: "Wireless Session Protocol 1.0"
[11]
TS 31.111: "Universal Subscriber Identity Module (USIM) Application Toolkit (USAT)"
[12]
ETSI TS 102 600: "UICC-Terminal interface; Characteristics of the USB interface
[13]
ETSI TS 102 483: "UICC-Terminal interface; Internet Protocol connectivity between UICC and terminal"
For the purposes of the present document, the terms and definitions given in
TR 21.905,
TS 33.220 and the following apply.
SN_h
The highest sequence number received in a GPL message with validated MAC. SN_h is used for replay protection.
SN_s
A counter used to generate sequence numbers for outgoing messages.
For the purposes of the present document, the abbreviations given in
TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in
TR 21.905.
GBA
Generic Bootstrapping Architecture
GPI
GBA Push Information
GPL
Generic Push Layer
GPL_ME
GPL hosted in the ME
GPL_U
GPL hosted in the UICC
HSP
High Speed Protocol
NAF
Network Application Function
KDF
Key Derivation Function
MAC
Message Authentication Code
SA
Security Association
SAID
Security Association Identifier
SN
Sequence Number