ETSI TR 133 978-2009 Universal Mobile Telecommunications System (UMTS) LTE Security aspects of early IP Multimedia Subsystem (IMS) (V8 0 0 3GPP TR 33 978 version 8 0 0 Release 8)《全_1.pdf

上传人:eventdump275 文档编号:737035 上传时间:2019-01-12 格式:PDF 页数:28 大小:195.18KB
下载 相关 举报
ETSI TR 133 978-2009 Universal Mobile Telecommunications System (UMTS) LTE Security aspects of early IP Multimedia Subsystem (IMS) (V8 0 0 3GPP TR 33 978 version 8 0 0 Release 8)《全_1.pdf_第1页
第1页 / 共28页
ETSI TR 133 978-2009 Universal Mobile Telecommunications System (UMTS) LTE Security aspects of early IP Multimedia Subsystem (IMS) (V8 0 0 3GPP TR 33 978 version 8 0 0 Release 8)《全_1.pdf_第2页
第2页 / 共28页
ETSI TR 133 978-2009 Universal Mobile Telecommunications System (UMTS) LTE Security aspects of early IP Multimedia Subsystem (IMS) (V8 0 0 3GPP TR 33 978 version 8 0 0 Release 8)《全_1.pdf_第3页
第3页 / 共28页
ETSI TR 133 978-2009 Universal Mobile Telecommunications System (UMTS) LTE Security aspects of early IP Multimedia Subsystem (IMS) (V8 0 0 3GPP TR 33 978 version 8 0 0 Release 8)《全_1.pdf_第4页
第4页 / 共28页
ETSI TR 133 978-2009 Universal Mobile Telecommunications System (UMTS) LTE Security aspects of early IP Multimedia Subsystem (IMS) (V8 0 0 3GPP TR 33 978 version 8 0 0 Release 8)《全_1.pdf_第5页
第5页 / 共28页
点击查看更多>>
资源描述

1、 ETSI TR 133 978 V8.0.0 (2009-02)Technical Report Universal Mobile Telecommunications System (UMTS);LTE;Security aspects of early IP Multimedia Subsystem (IMS) (3GPP TR 33.978 version 8.0.0 Release 8)ETSI ETSI TR 133 978 V8.0.0 (2009-02) 13GPP TR 33.978 version 8.0.0 Release 8Reference RTR/TSGS-0333

2、978v800 Keywords LTE, SECURITY, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual

3、 copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document For

4、mat (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current

5、status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced e

6、xcept as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2009. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI regi

7、stered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo

8、 are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 133 978 V8.0.0 (2009-02) 23GPP TR 33.978 version 8.0.0 Release 8Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these

9、essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest up

10、dates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on t

11、he ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS

12、 identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. ETSI ETSI TR 133 978 V8.0.0 (2009-02) 33GPP TR 33.978 ver

13、sion 8.0.0 Release 8Contents Intellectual Property Rights 2g3Foreword . 2g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g33 Definitions, symbols and abbreviations . 6g33.1 Definitions 6g33.2 Symbols 6g33.3 Abbreviations . 6g34 Requirements 7g35 Threat scenarios 7g35.1 Impersonation on IMS

14、level using the identity of an innocent user . 7g35.2 IP spoofing . 8g35.3 Combined threat scenario . 8g36 Specification . 8g36.1 Overview 8g36.1.1 Security mechanism 8g36.1.2 Restrictions imposed by early IMS security . 9g36.1.3 Early IMS security and logical entities . 10g36.2 Detailed specificati

15、on . 10g36.2.1 GGSN-HSS interaction . 10g36.2.2 Protection against IP address spoofing in GGSN . 11g36.2.3 Impact on IMS registration and authentication procedures 11g36.2.3.1 Procedures at the UE . 11g36.2.3.2 Procedures at the P-CSCF . 11g36.2.3.2.1 Registration . 12g36.2.3.2.2 General treatment f

16、or all dialogs and standalone transactions excluding REGISTER requests 12g36.2.3.3 Procedures at the I-CSCF 12g36.2.3.4 Procedures at the S-CSCF . 12g36.2.3.4.1 Registration . 12g36.2.3.4.2 General treatment for all dialogs and standalone transactions excluding REGISTER requests 13g36.2.4 Identities

17、 and subscriptions . 13g36.2.5 Impact on Cx Interface . 14g36.2.5.1 User registration status query 14g36.2.5.2 S-CSCF registration/deregistration notification 14g36.2.5.3 Authentication procedure 14g36.2.6 Interworking cases 15g36.2.7 Message flows 17g36.2.7.1 Successful registration 17g36.2.7.2 Uns

18、uccessful registration 19g36.2.7.3 Successful registration for a selected interworking case . 20g36.3 Security mechanism for HTTP services . 21g3Annex A: Comparison with an alternative approach - HTTP Digest . 25g3Annex B: Change history 26g3History 27g3ETSI ETSI TR 133 978 V8.0.0 (2009-02) 43GPP TR

19、 33.978 version 8.0.0 Release 8Foreword This Technical Report has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the

20、present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under

21、 change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. Introduction 3GPP IMS provides an IP-based session control cap

22、ability based on the SIP protocol. IMS can be used to enable services such as push-to-talk, instant messaging, presence and conferencing. It is understood that “early“ implementations of these services will exist that are not fully compliant with 3GPP IMS. For example, it has been recognized that al

23、though 3GPP IMS uses exclusively IPv6, as specified in clause 5.1 of TS 23.221 13, there will exist IMS implementations based on IPv4 (TR 23.981 1). Non-compliance with IPv6 is not the only difference between early IMS implementations and fully 3GPP compliant implementations. In particular, it is ex

24、pected that there will be a need to deploy some IMS-based services before products are available which fully support the 3GPP IMS security features defined in TS 33.203 2. Non-compliance with TS 33.203 security features is expected to be a problem mainly at the UE side, because of the potential lack

25、 of support of the USIM/ISIM interface (especially in 2G-only devices) and because of the potential inability to support IPsec on some UE platforms. Although full support of 3GPP TS 33.203 security features is preferred from a security perspective, it is acknowledged that early IMS implementations w

26、ill exist which do not support these features. Therefore, there is a need to ensure that simple, yet adequately secure, mechanisms are in place to protect against the most significant security threats that will exist in early IMS implementations. ETSI ETSI TR 133 978 V8.0.0 (2009-02) 53GPP TR 33.978

27、 version 8.0.0 Release 81 Scope The present document documents an interim security solution for early IMS implementations that are not fully compliant with the IMS security architecture specified in TS 33.203 2. For security reasons, the provisions in this TR only apply to IMS procedures used over t

28、he 3GPP PS domain. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. For a specific re

29、ference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present documen

30、t. 1 3GPP TR 23.981: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Interworking aspects and migration scenarios for IPv4 based IMS Implementations“. 2 3GPP TS 33.203: “3rd Generation Partnership Project; Technical Specification Group Services and Sys

31、tem Aspects; 3G security; Access security for IP-based services“. 3 3GPP TS 23.228: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; IP Multimedia Subsystem (IMS); Stage “. 4 3GPP TS 29.061: “3rd Generation Partnership Project; Technical Specification G

32、roup Core Network; Interworking between the Public Land Mobile Network (PLMN) supporting packet based services and Packet Data Networks (PDN)“. 5 3GPP TS 23.060: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; General Packet Radio Service (GPRS); Servi

33、ce description; Stage 2“. 6 IETF RFC 3261: “Session Initiation Protocol“. 7 3GPP TS 24.229: “3rd Generation Partnership Project; Technical Specification Group Core Network; IP Multimedia Call Control Protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP); Stage 3“

34、. 8 3GPP TS 23.003: “3rd Generation Partnership Project; Technical Specification Group Core Network; Numbering, addressing and identification“. 9 3GPP TS 21.905: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Vocabulary for 3GPP Specifications“. 10 3G

35、PP TS 29.228: “3rd Generation Partnership Project; Technical Specification Group Core Network; IP Multimedia (IM) Subsystem Cx and Dx interfaces; Signalling flows and message contents“. 11 IETF RFC 4005 “Diameter Network Access Server Application“,. 12 3GPP TS 29.229: “3rd Generation Partnership Pro

36、ject; Technical Specification Group Core Network; Cx and Dx interfaces based on the Diameter protocol; Protocol details“. 13 3GPP TS 23.221: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Architectural requirements“. ETSI ETSI TR 133 978 V8.0.0 (2009-

37、02) 63GPP TR 33.978 version 8.0.0 Release 814 3GPP TS 33.141: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Presence service; security “. 15 3GPP TS 29.328 “3rd Generation Partnership Project; Technical Specification Group Core Network;IP Multimedia

38、(IM) Subsystem Sh interface; signalling flows and message contents“ 16 3GPP TS 29.329 “3rd Generation Partnership Project; Technical Specification Group Core Network;IP Multimedia (IM) Subsystem Sh interface; Protocol details “ 17 3GPP TS 24.109 “3rd Generation Partnership Project; Technical Specifi

39、cation Group Core Network and Terminals; Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details “ 3 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in TS 21.905 9 and the followin

40、g apply. Early IMS: a UE or network element implementing the early IMS security solution specified in the present document. Fully compliant IMS: a UE or network element implementing the IMS security solution specified in TS 33.203 2. 3.2 Symbols For the purposes of the present document, the followin

41、g symbols apply: Cx Reference Point between a CSCF and an HSS. Gi Reference point between GPRS and an external packet data network 3.3 Abbreviations For the purposes of the present document, the following abbreviations apply: AAA Authentication Authorisation Accounting ABNF Augmented Backus-Naur For

42、m APN Access Point Name AVP Attribute-Value PairCSCF Call/Session Control Function GGSN Gateway GPRS Support Node HSS Home Subscriber Server I-CSCF Interrogating CSCF ICID IM CN subsystem Charging Identifier IM IP MultimediaIMPI IM Private Identity IMPU IM Public Identity IMS IP Multimedia Subsystem

43、 IP Internet Protocol IPSec IP Security protocol ISIM IMS Subscriber Identity Module NAT Network Address Translation P-CSCF Proxy-CSCF PDP Packet Data Protocol RFC Request For CommentsS-CSCF Serving-CSCFSGSN Serving GPRS Support Node SIP Session Initiation Protocol SLF Server Locator Function ETSI E

44、TSI TR 133 978 V8.0.0 (2009-02) 73GPP TR 33.978 version 8.0.0 Release 8UE User Equipment URI Uniform Resource Identifier 4 Requirements Low impact on existing entities: Any early IMS security mechanisms should be such that impacts on existing entities, especially on the UE, are minimised and would b

45、e quick to implement. It is especially important to minimise impact on the UE to maximise interoperability with early IMS UEs. The mechanisms should be quick to implement so that the window of opportunity for the early IMS security solution is not missed. Adequate level of security: Although it is r

46、ecognised that the early IMS security solution will be simpler than the fully compliant IMS security solution, it should still provide an adequate level of security to protect against the most significant security threats that will exist in early IMS implementations. As a guide, the strength of subs

47、criber authentication should be comparable to the level of authentication provided for existing chargeable services in mobile networks. Smooth and cost effective migration path to fully compliant solution: Clearly, any security mechanisms developed for early IMS systems will provide a lower level of

48、 protection compared with that offered by the fully compliant IMS security solution. The security mechanisms developed for early IMS systems should therefore be considered as an interim solution and migration to the fully compliant IMS security solution should take place as soon as suitable products

49、 become available at an acceptable cost. In particular, the early IMS security solution should not be used as a long-term replacement for the fully compliant IMS security solution. It is important that the early IMS security solution allows a smooth and cost-effective migration path to the fully compliant IMS security solution. Co-existence with fully compliant solution: It is clear that UEs supporting the early IMS security solution will need to be supported even after fully compliant IMS UEs are d

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 标准规范 > 国际标准 > 其他

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1