To position LTE as technology for critical communications such as public safety, security for Group Communication (GC) needs to be considered. Group Communication function complements its sibling communication feature of Proximity-based Services (ProSe).
The present document studies the security aspects of the Group Communication Service Enabler for LTE (GCSE_LTE) and gives an evaluation of possible technical security solutions supporting such an Enabler. The present document looks at security from system perspective and defines functional security requirements for all entities.
Stage 1 requirements for these services are defined in
TS 22.468.
Different possible Stage 2 solutions for GCSE have been studied in
TR 23.768.
3GPP
TS 23.468 provides the stage 2 description for the 3GPP system provided enablers to support GC services using E-UTRAN in Rel-12.
Based on the work done in
TS 22.468,
TR 23.768, and
TS 23.468 the objectives of the present document are to identify the threats and deduce security requirements, develop GCSE_LTE security solutions, and determine which solution(s) from the present document (Study/TR phase) should be converted into normative specifications for Rel-12.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
-
References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
-
For a specific reference, subsequent revisions do not apply.
-
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 22.468: "Group Communication System Enablers for LTE (GCS_LTE)".
[3]
TR 23.768: "Study on architecture enhancements to support Group Communication System Enablers for LTE (GCSE_LTE)".
[4]
TR 23.703: "Study on architecture enhancements to support Proximity Services (ProSe)".
[5]
TS 23.401: "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access".
[6]
TS 23.246: "Multimedia Broadcast/Multicast Service (MBMS); Architecture and functional description".
[7]
TS 33.246: "3G Security; Security of Multimedia Broadcast/Multicast Service (MBMS)".
[8]
TS 23.468: "Group Communication System Enablers for LTE (GCSE_LTE), Stage 2".
[9]
TR 33.833: "Study on security issues to support Proximity Services".
[10]
TS 33.328: "IP Multimedia Subsystem (IMS) media plane security".
[11]
[12]
[13]
TS 33.401: "3GPP System Architecture Evolution (SAE); Security architecture".
[14]
TS 29.368: "Tsp interface protocol between the MTC Interworking Function (MTC-IWF) and Service Capability Server (SCS)".
[15]
TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security".
[16]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[15a]
RFC 5246: "The Transport Layer Security (TLS) Protocol Version 1.2".
[16a]
RFC 6347: "Datagram Transport Layer Security Version 1.2".
[17]
RFC 5996: "Internet Key Exchange Protocol Version 2 (IKEv2)".
[18]
TS 29.468: "Group Communication System Enablers for LTE (GCSE_LTE); MB2 Reference Point; Stage 3".
[19]
RFC 768: "User Datagram Protocol (UDP)".
[20]
RFC 3947: "Negotiation of NAT-Traversal in the IKE".
[21]
RFC 3948 "UDP Encapsulation of IPsec ESP Packets".
[22]
RFC 6347: "Datagram Transport Layer Security Version 1.2".
[23]
RFC 4303: "IP Encapsulating Security Payload (ESP)".
[24]
TS 29.468: "Group Communication System Enablers for LTE (GCSE_LTE); MB2 Reference Point; Stage 3".
For the purposes of the present document, the terms and definitions given in
TR 21.905 and the following apply.
A term defined in the present document takes precedence over the definition of the same term, if any, in
TR 21.905.
For the purposes of the present document, the abbreviations given in
TR 21.905 and
TS 23.468 and the following apply.
An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in
TR 21.905.
e2ae
end-to-access-edge
e2e
end to end
DL
downlink
GC
Group Communication
GC2
former name for MB2 interface as defined in
TS 23.468
MRK
MBMS Request Key
MSK
MBMS Service Key
MTK
MBMS Traffic Key
MUK
MBMS User Key
MuSe
Multipoint Service
ProSe
Proximity Service
UL
uplink