Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.402  Word version:  18.1.0

Top   Top   Up   Prev   Next
1…   4…   9…
4 Overview of Security Architecture for non-3GPP Accesses to EPS5 Security Features Provided by EPS for non-3GPP Accesses6 Authentication and key agreement procedures7 Establishment of security contexts in the target access system8 Establishment of security between UE and ePDG

 

4  Overview of Security Architecture for non-3GPP Accesses to EPSp. 10

4.1  Generalp. 10

4.2  Trusted non-3GPP Accessp. 11

4.3  Untrusted non-3GPP Accessp. 11

5  Security Features Provided by EPS for non-3GPP Accessesp. 11

5.1  User-to-Network securityp. 11

5.1.1  User identity and device identity confidentialityp. 11

5.1.2  Entity authenticationp. 11

5.2  User data and signalling data confidentialityp. 12

5.3  User data and signalling data integrityp. 12

6  Authentication and key agreement proceduresp. 12

6.1  Generalp. 12

6.2  Authentication and key agreement for trusted accessp. 14

6.3  Fast re-authentication procedure for trusted accessp. 19

6.4  Authentication and key agreement for untrusted accessp. 21

6.5  Authentication and authorization with S2b for Private network access from Untrusted non-3GPP Access networks |R10|p. 21

6.5.1  Generalp. 21

6.5.2  Authentication and authorization for the Private network access (the External AAA Server performs PAP procedure)p. 22

6.5.3  Authentication and authorization for the private network access (the external AAA server performs CHAP procedure)p. 24

6.6  Re-authentication based on ERP |R14|p. 26

6.6.1  Introductionp. 26

6.6.2  ERP bootstrappingp. 26

6.6.2.1  Generalp. 26

6.6.2.2  ERP Implicit bootstrappingp. 26

6.6.2.3Void

6.6.3  ERP exchange for re-authenticationp. 28

6.6.4  ERP key derivationp. 28

7  Establishment of security contexts in the target access systemp. 29

7.1  General assumptionsp. 29

7.2  Establishment of security context for trusted non-3GPP accessp. 29

7.2.1  CDMA-2000 HRPD EPS interworkingp. 29

7.2.1.1  EPS-HRPD architecturep. 29

7.2.1.2  Network elementsp. 30

7.2.1.2.1  E-UTRANp. 30
7.2.1.2.2  MMEp. 30
7.2.1.2.3  Gatewayp. 30
7.2.1.2.3.1  Generalp. 30
7.2.1.2.3.2  Serving GWp. 30
7.2.1.2.3.3  PDN GWp. 31
7.2.1.2.4  PCRFp. 31

7.2.1.3  Reference pointsp. 31

7.2.1.3.1  List of reference pointsp. 31
7.2.1.3.2  Protocol assumptionsp. 31

7.2.1.4  Security of the initial access to EPS via HRPDp. 31

7.2.1.5  Security of handoff and pre-registrationp. 31

7.2.2  WIMAX EPS Interworkingp. 31

7.2.3  Trusted WLAN Access (TWAN) |R12|p. 32

7.2.3.1  Generalp. 32

7.2.3.2  Security for WLAN Control Protocol (WLCP)p. 32

7.2.3.2.1  Authentication and key agreementp. 32
7.2.3.2.2  Fast re-authenticationp. 32
7.2.3.2.3  Protection of WLCP signallingp. 32
7.2.3.2.4  DTLS profilep. 33

7.3  Establishment of security context between UE and untrusted non-3GPP Accessp. 33

8  Establishment of security between UE and ePDGp. 34

8.1  Generalp. 34

8.2  Mechanisms for the set up of UE-initiated IPsec tunnelsp. 34

8.2.1  Generalp. 34

8.2.2  Tunnel full authentication and authorizationp. 34

8.2.3  Tunnel fast re-authentication and authorizationp. 37

8.2.4  Security profilesp. 39

8.2.4.1  Profile of IKEv2 |R13|p. 39

8.2.4.2  Profile of IPSec ESP |R13|p. 40

8.2.4.3  Profile for ePDG certificates |R13|p. 40

8.2.5  Handling of IPsec tunnels in mobility eventsp. 41

8.2.5.1  Generalp. 41

8.2.5.2  Idle mode mobilityp. 41

8.2.5.3  Active mode mobilityp. 41

Up   Top   ToC