Content for TR 33.820 Word version: 8.3.0
0 Introduction
1 Scope
2 References
3 Definitions, symbols and abbreviations
3.1 Definitions
3.2 Abbreviations
...
...
0 Introduction p. 6
H(e)NB is able to provide new services with higher data rate in a low cost. Operators have already indicates their interest in this area. Study of H(e)NB has already started in 3GPP in order to investigate the feasibility of developing a standard solution for H(e)NB. Security is an critical aspect of H(e)NB, so it is necessary to investigate security issues of H(e)NB.
1 Scope p. 7
The present document identifies special security threats of H(e)NB and study the countermeasures to these threats.
The study should include, but not be limited to, threat analysis of H(e)NB, mutual authentication and security protection between H(e)NB and rest of network, maintenance of the security context between H(e)NB and rest of network, security requirements on the H(e)NB, provisioning of security credentials on the H(e)NB, security solution for verifying the location of the H(e)NB etc.
With regard to security protection between the H(e)NB and the rest of the network, bandwidth efficiency should be taken into consideration.
2 References p. 7
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 22.011: "Service Accessibility".
[3]
R3-080021, "Reply LS on Home NodeB/eNodeB regarding localization/authorization", RAN3#59 (February 2008)
[4]
R3-081121, "HNBs Location Certification" 3GPP TSG RAN WG3 Meeting #60 Kansas City, USA, 5th - 9th May 2008
[5]
ETSI ES 282 004 V1.1.1: Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN); NGN functional architecture; Network Attachment Sub-System(NASS)[S]. 2006.
[6]
ETSI ES 283 035 V1.1.1: Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN); NASS; e2 interface based on the DIAMETER protocol.[S]. 2006.
[7] Void.
[8] Void.
[9] Void.
[10]
TS 33.234: "Wireless Local Area Network (WLAN) interworking security".
[11]
RFC 4306: "Internet Key Exchange (IKEv2) Protocol".
[12]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[13]
RFC 4739: "Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol".
[14]
ETSI TS 102.310: "Smart Cards; Extensible Authentication Protocol support in the UICC"
[15]
TS 33.401: "3GPP System Architecture Evolution (SAE) Security Architecture"
[16]
TS 25.467: "UTRAN architecture for 3G Home NodeB; Stage 2"
[17]
RFC 4945: "The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX", Aug 2007
[18]
TS 33.210: "Network Domain Security (NDS); IP network layer security (IP)".
[19]
TS 24.008: "Mobile radio interface Layer 3 specification; Core network protocols"
[20]
TS 24.301: "Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS)"
[21]
TS 32.581: "Concepts and Requirements for Type 1 interface HNB to HNB Management System (HMS)"
3 Definitions, symbols and abbreviations p. 8
3.1 Definitions p. 8
For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Access point Home Register
A database that holds subscription records and relevant service attributes of the H(e)NB.
CSG
A closed subscriber group identifies subscribers of an operator who are permitted to access one or more cells of the PLMN of but having restricted access ("CSG cells")
H(e)NB device identity server
core network function which holds the information of valid H(e)NB device identities.
Hosting party
the party hosting the H(e)NB and having a contract with the PLMN operator.
Hosting Party Module
a module holding the credentials for authentication of the hosting party.
Security Gateway
Element at the edge of the core network terminating security association(s) for the backhaul link between H(e)NB and core network.
Subscriber
the user of a UE with subscription to PLMN operator, may be camping on the H(e)NB.
3.2 Abbreviations p. 8
For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
AAA
Authentication, Authorization and Accounting
ACL
Access Control lists
AHR
Access point Home Register
AKA
Authentication and key agreement
ARP
Address Resolution Protocol
CA
Certification Authority
CSG
Closed Subscriber Group
(D)DoS
(Distributed) Denial of Service
eNB
Evolved Node-B
EAP
Extensible Authentication Protocol
ESP
Encapsulating Security Payload
EPS
Evolved Packet System
E-UTRAN
Evolved UTRAN
FQDN
Fully Qualified Domain Name
GSM
Global System for Mobile communications
HNB
Home Node-B
HNB GW
3G HNB Gateway
HeNB
Home eNode-B
HeNB GW
Home eNode-B Gateway
HSS
Home Subscriber Sever
HLR
Home Location Register
IGMP
Internet Group Management Protocol
IKE
Internet Key Exchange
IMSI
International Mobile Subscriber Identity
LTE
Long Term Evolution
MME
Mobility Management Entity
NAS
Non-Access Stratum
PKI
Public Key Infrastructure
PPPoE
Point-to-Point over Ethernet
SeGW
Security Gateway
SIM
(GSM) Subscriber Identity Module
TCP
Transmission Control Protocol
TrE
Trusted Environment
UDP
User Datagram Protocol
UMTS
Universal Mobile Telecommunication System
UICC
Universal Integrated Circuit Card
UP
User plane
USIM
Universal Subscriber Identity Module
UTRAN
Universal Terrestrial Radio Access Network
