Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.897  Word version:  13.1.0

Top   Top   Up   Prev   None
1…   6…
6 Security analysis of IOPS7 Proposed solutions8 Evaluation9 Conclusions$ Change History

 

6  Security analysis of IOPSp. 9

6.1  Generalp. 9

6.2  Key issue #1: Security credentials in IOPS networksp. 9

6.2.1  Key issue detailsp. 9

6.2.2  Security threatp. 9

6.2.3  Potential security requirementp. 10

6.3  Key issue #2: Integrity and confidentiality for IOPS networkp. 10

6.3.1  Key issue detailsp. 10

6.3.2  Security threatp. 10

6.3.3  Potential security requirementp. 10

6.4  Key issue #3: Isolated E-UTRAN support of Public Safety UEs belonging to different Public Safety organizationsp. 11

6.4.1  Key issue detailsp. 11

6.4.2  Potential security requirementp. 11

6.5  Key issue #4: IOPS AKA based upon a secondary USIM application using a single UICCp. 11

6.5.1  Key issue detailsp. 11

6.5.2  Security threatp. 12

6.5.2.1  Interception of IOPS network user trafficp. 12

6.5.2.2  Theft or lossp. 12

6.5.2.3  Impersonationp. 12

6.5.3  Potential security requirementp. 12

6.5.3.1  Interception of IOPS network user trafficp. 12

6.5.3.2  Theft or lossp. 13

6.5.3.3  Impersonationp. 13

6.6  Key issue #5: Isolated E-UTRAN internode interface securityp. 13

6.6.1  Key issue detailsp. 13

6.6.2  Security threatp. 14

6.6.3  Potential security requirementp. 14

7  Proposed solutionsp. 14

7.1  Proposed Solution #1: AKA based on a USIM application dedicated exclusively for IOPS operationp. 14

7.1.1  Introductionp. 14

7.1.2  Functional descriptionp. 15

7.1.3  Proceduresp. 15

7.1.3.1  Prior to IOPS operationp. 15

7.1.3.2  High level security procedurep. 16

7.1.3.3  Transitioning to/from IOPS operationp. 18

7.1.3.4  Inter IOPS mobilityp. 18

7.1.3.5  Intra IOPS mobilityp. 19

7.2  Proposed Solution #2: IOPS inter-node interface securityp. 19

8  Evaluationp. 19

8.1  Proposed Solution #1: AKA based on a USIM application dedicated exclusively for IOPS operationp. 19

8.1.1  Generalp. 19

8.1.2  Analysis of Security Analysis Key Issuesp. 19

8.1.2.0  Introductionp. 19

8.1.2.1  Key Issue #1: Security credentials in IOPS networksp. 20

8.1.2.2  Key Issue #2: Integrity and confidentiality for IOPS networksp. 20

8.1.2.3  Key Issue #3: Isolated E-UTRAN support of Public Safety UEs belonging to different Public Safety organizationsp. 20

8.1.2.4  Key Issue #4: AKA based on a USIM application dedicated exclusively for IOPS operationp. 20

8.1.2.5  Key Issue #5: Internode interface securityp. 20

8.1.3  Scalabilityp. 20

8.1.3.1  Hardware dimensioningp. 20

8.1.3.2  Provisioning of credentialsp. 21

8.1.3.3  Replacement of a large number of credentials in case of compromise of a local HSSp. 21

8.1.3a  'Subscriber key separation' mechanism to mitigation of compromise of local HSSsp. 21

8.1.4  Malicious switching of USIM applicationsp. 23

8.1.5  Conclusionp. 23

9  Conclusionsp. 23

$  Change Historyp. 24

Up   Top