Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.871  Word version:  12.0.0

Top   Top   None   None   Next
1…   4…

 

1  Scopep. 6

The goal of WebRTC IMS Client access to IMS is to significantly expand the pool of clients able to access IMS.
The present document contains a study on security issues following the potential modifications of the IMS architecture and stage 2 procedures as required by the support of WebRTC IMS Client access to IMS.
For this purpose the present document is addressing:
  • WebRTC IMS Client authentication mechanisms, including the re-use of existing IMS authentication mechanisms from WebRTC IMS Clients;
  • Required enhancements to IMS media plane security;
  • Control plane security related aspects.
Up

2  Referencesp. 6

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 22.228: "Service requirements for the Internet Protocol (IP) multimedia core network subsystem (IMS); Stage 1".
[3]
TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2".
[4]
TR 23.701: "Study on the Support of WebRTC IMS Client access to IMS".
[5]
TS 33.203: "3G security; Access security for IP-based services".
[6]
TS 33.328: "IP Multimedia Subsystem (IMS) media plane security".
[7]
W3C Web Real-Time Communications Working Group, http://www.w3.org/2011/04/webrtc-charter.html
[8]
IETF Real-Time Communication in WEB-browsers Working Group, http://tools.ietf.org/wg/rtcweb/
[9]
RFC 5763:  "Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS)".
[10]
draft-ietf-rtcweb-security  "Security Considerations for WebRTC".
[11]
TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)".
[12]
TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".
[13]
RFC 6749:  "The OAuth 2.0 Authorization Framework".
[14]
RFC 6750:  "The OAuth 2.0 Authorization Framework: Bearer Token Usage".
[15]
TS 29.228: "IP Multimedia (IM) Subsystem Cx and Dx interfaces; Signalling flows and message contents".
[16]
TS 24.292: "IP Multimedia (IM) Core Network (CN) subsystem Centralized Services (ICS); Stage 3".
[17]
RFC 5764:  "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)".
[18]
draft-ietf-rtcweb-data-protocol  "RTCWeb Data Channel Protocol ".
[19]
draft-ejzak-dispatch-webrtc-data-channel-sdpneg  "SDP-based WebRTC data channel negotiation".
[20]
RFC 6714:  "Connection Establishment for Media Anchoring (CEMA) for the Message Session Relay Protocol (MSRP)".
[21]
RFC 2617:  "HTTP Authentication: Basic and Digest Access Authentication".
[22]
TR 33.830: "Study on Firewall traversal (Stage 2)".
→ to date, still a draft
[23]
RFC 4169:  "Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2".
[24]
RFC 3310  (2002): "HTTP Digest Authentication Using AKA". April, 2002.
Up

3  Definitions, symbols and abbreviationsp. 8

3.1  Definitionsp. 8

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply.
A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Web Real-Time Communications (WebRTC):
A set of browser extensions enabling web applications to define real-time services.
WebRTC IMS Client (WIC):
A WebRTC-capable browser running a JavaScript application that allows a user to access IMS services.
Up

3.2  Symbolsp. 8

For the purposes of the present document, the following symbols apply:
Cx
Reference Point between a CSCF and an HSS
Gm
Reference Point between a UE and a P CSCF or between an IP-PBX and a P CSCF
Iq
Reference Point between the IMS Application Level Gateway (ALG) (IMS-ALG) and the IMS Access Gateway (IMS-AGW)
Mb
Reference Point between a UE and IP network services used for user data transport
Mw
Reference Point between a CSCF and another CSCF
W1
Reference Point between a WIC and WWSF
W2
Reference Point between a WIC and eP-CSCF
W3
Reference Point between a WIC and eIMS-AGW
Up

3.3  Abbreviationsp. 8

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply.
An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
DTLS-SRTP
Datagram Transport Layer Security SRTP
eP-CSCF
P-CSCF enhanced for WebRTC
eIMS-AGW
IMS-AGW enhanced for WebRTC
ICE
Interactive Connectivity Establishment
NAT
Network Address Translation
P-CSCF
Proxy CSCF
RTP
Real-time Transport Protocol
S-CSCF
Serving CSCF
SDP
Session Description Protocol
SIP
Session Initiation Protocol
SRTP
Secure RTP
WebRTC
Web Real-Time Communication
WIC
WebRTC IMS Client
WWSF
WebRTC Web Server Function
WAF
WebRTC Authorization Function
Up

Up   Top   ToC