Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.871  Word version:  12.0.0

Top   Top   Up   Prev   None
1…   4…
4 Overview5 Assumptions, Risks and Security requirements6 Solutions7 Assessment of solutions8 Conclusions and recommendationsA Secure usage of GBA with UE browserB Profiling of DTLS-SRTPC Linking IMS identities and web identities - Example security mechanismsD  Mapping OAuth 2.0 to IMS WebRTC$ Change History

 

4  Overviewp. 9

4.1  WebRTCp. 9

4.1.1  Generalp. 9

4.1.2  WebRTC control planep. 9

4.1.3  WebRTC user planep. 9

4.2  WebRTC IMS Client access to IMSp. 11

4.2.1  Overviewp. 11

4.2.2  Architecturep. 11

5  Assumptions, Risks and Security requirementsp. 13

5.1  Assumptionsp. 13

5.2  Risksp. 13

5.2.1  Impact of security breach at WWSF on arbitrary IMS subscribersp. 13

5.2.2  Lack of means to identify potentially compromised WWSF in the IMS corep. 13

5.2.3  Risks relating to the determination of IMS identities by the WWSFp. 13

5.2.4  Risks relating to assignment of IMS identities to WebRTC IMS Client from pool of IMS subscriptions held by WWSFp. 14

5.3  Potential security requirementsp. 15

6  Solutionsp. 17

6.1  Authentication and Authorizationp. 17

6.1.1  Authentication of WebRTC IMS Client with IMS subscription re-using existing IMS authentication mechanismsp. 17

6.1.1.1  Generalp. 17

6.1.1.2  Use of SIP Digest credentialsp. 17

6.1.1.3  Use of IMS AKAp. 19

6.1.2  Authentication of WebRTC IMS Client with IMS subscription using web credentialsp. 20

6.1.2.1  Generalp. 20

6.1.2.2  Use of Trusted Node Authentication (TNA)p. 21

6.1.2.3  Example of web authentication using IMS AKA credentialsp. 27

6.1.2.4  Use of direct authentication between WIC and eP-CSCFp. 28

6.1.2.5  Trusted Node Authentication using OAuth 2.0 Implicit Grantp. 29

6.1.3  Assignment of IMS identities to WebRTC IMS Client from pool of IMS subscriptions held by WWSFp. 32

6.1.3.1  Generalp. 32

6.1.3.2  Use of Trusted Node Authentication (TNA)p. 32

6.2  Enhancements to IMS media plane securityp. 37

6.2.1  Media security for RTPp. 37

6.2.1.1  Generalp. 37

6.2.1.2  e2ae security for RTP using DTLS-SRTPp. 37

6.2.2  Media security for WebRTC Data Channelsp. 39

6.2.2.1  Generalp. 39

6.2.2.2  e2ae security for WebRTC Data Channelsp. 39

6.3  Other security aspectsp. 41

6.3.1  Firewall traversalp. 41

7  Assessment of solutionsp. 42

8  Conclusions and recommendationsp. 42

A  Secure usage of GBA with UE browserp. 43

B  Profiling of DTLS-SRTPp. 47

C  Linking IMS identities and web identities - Example security mechanismsp. 48

D  Mapping OAuth 2.0 to IMS WebRTCp. 49

$  Change Historyp. 52

Up   Top