Content for TS 33.402 Word version: 18.1.0
1 Scope
2 References
3 Definitions, symbols and abbreviations
3.1 Definitions
3.2 Symbols
3.3 Abbreviations
3.4 Conventions
...
...
1 Scope p. 7
The present document specifies the security architecture, i.e., the security feature groups and the security mechanisms performed during inter working between non-3GPP accesses and the Evolved Packet System (EPS).
2 References p. 7
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
RFC 4877: "Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture".
[3] Void.
[4]
RFC 5778: "Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction".
[5]
TS 23.402: "Architecture enhancements for non-3GPP accesses".
[6]
TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security".
[7]
RFC 4187 (January 2006): "Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)".
[8]
TS 23.003: "Numbering, addressing and identification".
[9]
TS 33.234: "3G: security; Wireless Local Area Network (WLAN) interworking security" (Release 12).
[10]
RFC 4072 (August 2005): "Diameter Extensible Authentication Protocol (EAP) Application".
[11]
TS 33.102: "3G security; Security architecture".
[12]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[13]
TS 23.401: "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access".
[14]
TS 23.203: "Policy and charging control architecture".
[15]
TS 36.300: "Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access (E-UTRAN); Overall description; Stage 2".
[16]
TS 33.401: "3GPP System Architecture Evolution (SAE); Security Architecture".
[17]
RFC 3344: "IP Mobility Support for IPv4".
[18]
RFC 4555: "IKEv2 Mobility and Multihoming Protocol (MOBIKE)".
[19]
RFC 5295: "Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK)".
[20]
TS 24.303: "Mobility Management based on Dual-Stack Mobile IPv6; Stage 3".
[21]
RFC 4433: "Mobile IPv4 Dynamic Home Agent (HA) Assignment".
[22]
TS 24.302: "Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP access networks; Stage 3 ".
[23]
RFC 5448: "Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA') ".
[24]
TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)".
[25]
TS 29.109: "3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol; Stage 3".
[26] Void.
[27] Void.
[28] Void.
[29]
TS 33.223: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) Push function".
[30]
RFC 5996: "Internet Key Exchange Protocol Version 2 (IKEv2)".
[31]
TS 29.274: "3GPP Evolved Packet System (EPS); Evolved General Packet Radio Service (GPRS) Tunnelling Protocol for Control plane (GTPv2-C); Stage 3".
[32]
TS 29.275: "Proxy Mobile IPv6 (PMIPv6) based Mobility and Tunnelling protocols; Stage 3".
[33]
RFC 4739: "Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol".
[34]
TS 33.203: "Access security for IP-based services".
[35]
RFC 3948: "UDP Encapsulation of IPsec ESP Packets".
[36]
RFC 2616: "Hypertext Transfer Protocol -- HTTP/1.1".
[37]
RFC 6347: "Datagram Transport Layer Security Version 1.2".
[38]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[39]
TS 23.402: "Architecture enhancements for non-3GPP accesses".
[40]
Federal Information Processing Standard (FIPS) draft standard: "Advanced Encryption Standard (AES)", November 2001.
[41]
RFC 1421, February 1993: "Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures".
[42]
Open Mobile Alliance OMA-WAP-OCSP V1.0: "Online Certificate Status Protocol Mobile Profile". URL: http://www.openmobilealliance.org/
[43]
RFC 4806, Februari 2007: Online Certificate Status Protocol ("OCS)P Extensions to IKEv2".
[44]
RFC 4282, December 2005: "The Network Access Identifier", (Obsoletes RFC2486)
[45]
RFC 2865, June 2000: "Remote Authentication Dial In User Service (RADIUS)".
[46]
RFC 6696: "EAP Extensions for the EAP Re-authentication Protocol (ERP)".
[47]
RFC 6942: "Diameter Support for the EAP Re-authentication Protocol (ERP)".
[48]
TS 24.502: "Access to the 3GPP 5G System (5GS) via non-3GPP access networks; Stage 3".
[49]
TS 33.501: "Security architecture and procedures for 5G System".
3 Definitions, symbols and abbreviations p. 9
3.1 Definitions p. 9
For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
IPsec Security Association (IPsec SA):
A unidirectional logical connection created for security purposes. All traffic traversing an IPsec SA is provided the same security protection. The IPsec SA itself is a set of parameters to define security protection between two entities. An IPsec SA includes the cryptographic algorithms, the keys, the duration of the keys, and other parameters.
3.2 Symbols p. 9
For the purposes of the present document, the following symbols apply:
S2a
This interface is defined in TS 23.402
S7a
Interface between a PCRF and a HS-GW
S101
Interface between a MME and a HRPD AN
S103
Interface between a SGW and a HS-GW
3.3 Abbreviations p. 9
For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
AAA
Authentication Authorisation Accounting
AES
Advanced Encryption Standard
AKA
Authentication and Key Agreement
ANDSF
Access Network Discovery and Selection Function
DSMIPv6
Dual-Stack MIPv6
EAP
Extensible Authentication Protocol
EMSK
Extended Master Session Key
EPC
Evolved Packet Core
ePDG
Evolved Packet Data Gateway
EPS
Evolved Packet System
ERP
EAP Re-authentication Protocol
ESP
Encapsulating Security Payload
E-UTRAN
Evolved UTRAN
HS-GW
HRPD Serving GW
IKEv2
Internet Key Exchange Version 2
IPsec
IP security protocols, algorithms, and key management methods
LMA
Local Mobility Anchor
MAG
Mobile Access Gateway
MIPv4
Mobile IP version 4
MIPv6
Mobile IP version 6
MME
Mobility Management Entity
MSK
Master Session Key
NDS
Network Domain Security
NDS/IP
NDS for IP based protocols
PMIP/PMIPv6
Proxy Mobile IP version 6
rIK
re-authentication Integrity Key
rMSK
re-authentication Master Session Key
rRK
re-authentication Root Key
SA
Security Association
TWAN
Trusted WLAN Access Network
UICC
Universal Integrated Circuit Card
USIM
Universal Subscriber Identity Module
3.4 Conventions p. 10
All data variables in the present document are presented with the most significant substring on the left hand side and the least significant substring on the right hand side. A substring may be a bit, byte or other arbitrary length bitstring. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant.
