Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.328  Word version:  18.1.0

Top   Top   Up   Prev   Next
0…   4…   A…
4 IMS media plane security overview5 IMS media plane security features6 Security mechanisms7 Security association set-up procedures for media protection

 

4  IMS media plane security overviewp. 12

4.1  Introductionp. 12

4.1.1  Generalp. 12

4.1.2  Overview of key management solutions for IMS media plane securityp. 13

4.1.2.1  SDES based solutionp. 13

4.1.2.2  KMS based solutionp. 13

4.1.2.3  Certificate fingerprints based solution for e2ae TLS/DTLSp. 14

4.1.2.4  Certificate fingerprints based solution for e2DCe DTLSp. 14

4.1.2.5  Certificate fingerprints based solution for e2e DTLSp. 14

4.2  IMS media plane security architecturep. 15

4.2.1  Generalp. 15

4.2.2  E2ae securityp. 15

4.2.3  E2e security using SDESp. 16

4.2.4  E2e security using KMSp. 16

4.2.5  E2DCe securityp. 17

4.2.6  E2e security for IMS Data Channelsp. 18

5  IMS media plane security featuresp. 18

5.1  Generalp. 18

5.2  Media integrity protectionp. 19

5.3  Media confidentiality protectionp. 19

5.4  Authentication and authorizationp. 19

5.4.1  Authentication and authorization for e2ae protectionp. 19

5.4.2  Authentication and authorization for e2e protection using SDESp. 20

5.4.3  Authentication and authorization for e2e protection using KMSp. 20

5.4.4  Authentication and authorization for e2DCe protectionp. 21

5.4.5  Authentication and authorization for e2e protection using DTLSp. 21

5.5  Security properties of key management, distribution and derivationp. 21

5.5.1  General security properties for protection using SDESp. 21

5.5.2  Additional security properties for e2ae protection using SDESp. 22

5.5.3  Security properties for e2e protection using KMSp. 22

5.5.4  Security properties for e2ae protection using TLS/DTLSp. 22

5.5.5  Security properties for e2ae protection using DTLS-SRTPp. 23

5.5.6  Security properties for e2DCe protection using DTLSp. 23

6  Security mechanismsp. 23

6.1  Media security mechanismsp. 23

6.1.1  Media security mechanisms for real-time trafficp. 23

6.1.2  Media security mechanisms for session based messaging (MSRP)p. 23

6.1.3  Media security mechanisms for IMS data channelsp. 24

6.2  Key management mechanisms for media protectionp. 24

6.2.1  Key management mechanisms for e2ae protectionp. 24

6.2.1.1  Endpoints for e2ae protectionp. 24

6.2.1.2  Key management protocol for e2ae protectionp. 24

6.2.1.3  Functional extension of the Iq interface for e2ae protectionp. 25

6.2.1.3.1  Functional extension of the Iq interface for e2ae protection for RTPp. 25
6.2.1.3.2  Functional extension of the Iq interface for e2ae protection for MSRPp. 25

6.2.2  Key management mechanisms for e2e protection using SDESp. 25

6.2.3  Key management mechanisms for e2e protection using KMSp. 26

6.2.3.1  Generalp. 26

6.2.3.2  KMS user and user group identitiesp. 26

6.2.3.3  IMS UE local policiesp. 27

6.2.3.4  Ticket datap. 27

6.2.3.4.1  Ticket formatp. 27
6.2.3.4.2  Allocation of ticket subtype and version for ticket type 2p. 27

6.2.3.5  Authentication of public identities in REQUEST_INIT and RESOLVE_INITp. 27

6.2.3.6  Authentication of terminating user identityp. 27

6.2.3.7  Reusable ticketsp. 28

6.2.3.8  Signalling between KMSsp. 28

6.2.4  Key management mechanisms for e2DCe protectionp. 28

6.2.4.1  Endpoints for e2DCe protectionp. 28

6.2.4.2  Key management protocol for e2DCe protectionp. 28

6.2.4.3  Functional extension of the Mw, ISC, and Mr'/Cr or DC2 interfaces for e2DCe protectionp. 29

6.2.4.3.1  Functional extension of the Mw, ISC, and Mr'/Cr or DC2 interfaces for e2Dce protection for IMS data channelp. 29

7  Security association set-up procedures for media protectionp. 29

7.1  IMS UE registration proceduresp. 29

7.1.1  Indication of support for e2ae security for RTP based mediap. 29

7.1.2  Indication of support for e2ae security for MSRPp. 30

7.1.3  Indication of support for e2DCe security for IMS data channelp. 30

7.2  IMS UE originating proceduresp. 30

7.2.1  IMS UE originating procedures for e2aep. 30

7.2.2  IMS UE originating procedures for e2e using SDESp. 33

7.2.3  IMS UE originating procedures for e2e using KMSp. 35

7.2.4  IMS UE originating procedures for e2DCep. 36

7.2.5  IMS UE originating procedures for e2e using TLS/DTLS certificate / fingerprintp. 38

7.3  UE terminating proceduresp. 40

7.3.1  UE terminating procedures for e2aep. 40

7.3.2  IMS UE terminating procedures for e2e using SDESp. 43

7.3.3  IMS UE terminating procedures for e2e using KMSp. 44

7.3.4  UE terminating procedures for e2DCep. 46

7.3.5  IMS UE terminating procedures for e2e using TLS/DTLS certificate / fingerprintp. 47

7.4  Session update proceduresp. 47

7.5  Handling of emergency callsp. 48

Up   Top   ToC