1、 ETSI TS 1Universal Mobile TelWireless Local Area N(3GPP TS 33.2TECHNICAL SPECIFICATION133 234 V13.1.0 (2017elecommunications System (LTE; 3G security; Network (WLAN) interworking.234 version 13.1.0 Release 1317-01) (UMTS); ing security 13) ETSI ETSI TS 133 234 V13.1.0 (2017-01)13GPP TS 33.234 versi
2、on 13.1.0 Release 13Reference RTS/TSGS-0333234vd10 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (
3、06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without
4、 the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the
5、present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comm
6、ent to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. T
7、he content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are
8、Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 133 234 V13.1.0 (201
9、7-01)23GPP TS 33.234 version 13.1.0 Release 13Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be fo
10、und in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR P
11、olicy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This T
12、echnical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding
13、ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are t
14、o be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 133 234 V13.1.0 (2017-01)33GPP TS 33.234 version 13.1.0 Release 13Conte
15、nts Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 Security Requirements for 3GPP-WLAN Interworking 7g3Annex A (informative): Change his
16、tory . 8g3History 11g3ETSI ETSI TS 133 234 V13.1.0 (2017-01)43GPP TS 33.234 version 13.1.0 Release 13Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may cha
17、nge following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 pres
18、ented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in
19、 the document. Introduction Void. ETSI ETSI TS 133 234 V13.1.0 (2017-01)53GPP TS 33.234 version 13.1.0 Release 131 Scope The present document provides an index to the set of specifications for interworking between 3GPP systems and Wireless Local Area Networks (WLAN ). No further changes to this spec
20、ification are intended. If any future evolution of the procedures in this specification is necessary, it should be documented in other specifications. 2 References The following documents contain provisions, which, through reference in this text, constitute provisions of the present document. - Refe
21、rences are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. - For a specific reference, subsequent revisions do not apply. - For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a
22、GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 Void 2 Void 3 Void. 4 Void. 5 Void. 6 Void. 7 Void. 8 Void 9 Void. 10 Void. 11 Void. 12 Void. 13 3GPP TS 23.234: “3rd Generation Partnership Project; Techni
23、cal Specification Group Services and System Aspects; 3GPP system to Wireless Local Area Network (WLAN) Interworking; System Description“ (Release 12). 14 Void. 15 Void. 16 Void. 17 Void 18 Void. 19 Void. 20 Void. ETSI ETSI TS 133 234 V13.1.0 (2017-01)63GPP TS 33.234 version 13.1.0 Release 1321 Void.
24、 22 Void. 23 Void. 24 Void. 25 Void. 26 Void. 27 Void. 28 Void. 29 Void. 30 Void. 31 Void. 32 Void. 33 - 35 Void. 36 Void. 37 Void. 38 Void. 39 Void. 40 Void. 41 Void. 42 Void. 43 Void. 44 Void. 45 Void. 46 Void. 47 Void. 48 Void. 49 Void. 50 Void. 51 Void. 52 3GPP TS 22.234: “Requirements on 3GPP s
25、ystem to Wireless Local Area Network (WLAN) interworking (Release 13)“. 53 3GPP TS 32.252: “Telecommunication management; Charging management; Wireless Local Area Network (WLAN) charging (Release 11)“. 54 3GPP TS 24.235: “3GPP System to Wireless Local Area Network (WLAN) interworking Management Obje
26、ct (MO) (Release 12)“. ETSI ETSI TS 133 234 V13.1.0 (2017-01)73GPP TS 33.234 version 13.1.0 Release 1355 3GPP TS 24.327: “Mobility between 3GPP Wireless Local Area Network (WLAN) interworking (I-WLAN) and 3GPP systems; General Packet Radio System (GPRS) and 3GPP I-WLAN aspects; Stage 3 (Release 12)“
27、. 56 3GPP TS 29.161: “Interworking between the Public Land Mobile Network (PLMN) supporting packet based services with Wireless Local Area Network (WLAN) access and Packet data (Release 11)“. 57 3GPP TS 29.234: “3GPP system to Wireless Local Area Network (WLAN) interworking; Stage 3 (Release 11)“. 3
28、 Definitions and abbreviations 3.1 Definitions Void. 3.2 Abbreviations Void. 4 Security Requirements for 3GPP-WLAN Interworking This feature has been discontinued since Release 13 and the present specification is used to provide references to the latest versions of the stage-1, 2 and 3 specification
29、s. - TS 22.234 52. - TS 24.234 47. - TS 24.235 54. - TS 24.327 55. - TS 29.161 56. - TS 29.234 57. - TS 23.234 13. - TS 32.252 53. ETSI ETSI TS 133 234 V13.1.0 (2017-01)83GPP TS 33.234 version 13.1.0 Release 13Annex A (informative): Change history Change history Date TSG # TSG Doc. CR Rev Cat Subjec
30、t/Comment Old New WI 2004-03 SP-23 SP-040167 - - Presented for approval at TSG SA #23 1.0.1 2.0.0 2004-03 SP-23 - - - Approved and placed under Change Control (Rel-6) 2.0.0 6.0.0 2004-06 SP-24 SP-040384 001 - Profiling of IKEv2 and ESP for NAT traversal 6.0.0 6.1.0 WLAN 2004-06 SP-24 SP-040385 002 -
31、 Sending of temporary identities from WLAN UE 6.0.0 6.1.0 WLAN 2004-06 SP-24 SP-040386 003 - Extension of IKEv2 and IPsec profiles 6.0.0 6.1.0 WLAN 2004-06 SP-24 SP-040462 004 1 Support of EAP SIM and AKA in AAA server and WLAN UE 6.0.0 6.1.0 WLAN 2004-06 SP-24 SP-040388 005 - Introduction of UE spl
32、it alternative 2 in TS 33.234 6.0.0 6.1.0 WLAN 2004-06 SP-24 SP-040389 006 - Re-authentication failure notification to HSS 6.0.0 6.1.0 WLAN 2004-06 SP-24 SP-040390 007 - Identity request procedure clarification 6.0.0 6.1.0 WLAN 2004-06 SP-24 SP-040391 008 - WLAN mechanism to allow restrictions on si
33、multaneous sessions 6.0.0 6.1.0 WLAN 2004-06 SP-24 SP-040392 009 - Requirement on keeping WLAN access keys independent from 2G/3G access keys stored in USIM 6.0.0 6.1.0 WLAN 2004-09 SP-25 SP-040622 010 - Update reference to RFC3748 “Extensible Authentication Protocol (EAP)“ 6.1.0 6.2.0 WLAN 2004-09
34、SP-25 SP-040622 011 - References update 6.1.0 6.2.0 WLAN 2004-09 SP-25 SP-040622 012 - Sending of temporary identities from WLAN UE 6.1.0 6.2.0 WLAN 2004-09 SP-25 SP-040622 013 - Clarification on fast re-authentication procedure 6.1.0 6.2.0 WLAN 2004-09 SP-25 SP-040622 014 - Correction of authentica
35、tion procedure for WLAN UE split 6.1.0 6.2.0 WLAN 2004-09 SP-25 SP-040622 016 - Wa interface security 6.1.0 6.2.0 WLAN 2004-09 SP-25 SP-040622 017 - Introduction of protected result indications 6.1.0 6.2.0 WLAN 2004-09 SP-25 SP-040622 018 - Tunnel authentication procedure in Wm interface 6.1.0 6.2.0
36、 WLAN 2004-09 - - - - Resolution of CR 015 (see below) which modified the same parts as CR 017 (MCC) 6.2.0 6.2.1 2004-09 SP-25 SP-040622 015 - Modification of mechanism to restrict simultaneous WLAN sessions 6.2.0 6.2.1 WLAN 2004-12 SP-26 SP-040858 019 2 Profile for PDG certificates in Scenario 3 6.
37、2.1 6.3.0 WLAN 2004-12 SP-26 SP-040868 020 5 Impact of Feasibility Study on (U)SIM Security Reuse by Peripheral Devices on Local Interfaces 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 024 1 Sending of W-APN identification 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 025 2 Clean up of not completed chapters
38、 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 027 6 Correction of WLAN UE function split 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 028 - Passing keying material to the WLAN-AN during the Fast re-authentication procedure 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 029 1 Clarification on Deletion of Temporary
39、 IDs 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 030 - Clarification on Protecting Re-authentication ID in FAST/FULL Re-Authentication procedure 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 031 - Assigning Remote IP Address to WLAN UE using IKEv2 configuration Payload 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-0408
40、58 033 1 Tunnel Establishment Procedure 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 036 - Deletion of inconclusive text on A5/2 countermeasures 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 037 1 Alignment of IPsec profile with RFC2406 6.2.1 6.3.0 2004-12 SP-26 SP-040858 040 2 Control of simultaneous sessio
41、ns in WLAN 3GPP IP access 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 041 1 Completion of definition and abbreviations 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 042 1 Fallback from re-authentication to full authentication 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 043 - Clarification on the use of IMSI in
42、 WLAN 3GPP IP access 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 044 2 Clarification on the use of MAC addresses 6.2.1 6.3.0 WLAN ETSI ETSI TS 133 234 V13.1.0 (2017-01)93GPP TS 33.234 version 13.1.0 Release 132004-12 SP-26 SP-040858 045 - Clarifications and corrections on the use of pseudonyms 6.2.1 6.
43、3.0 WLAN 2004-12 SP-26 SP-040858 047 - Wn Reference Point Description 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 048 - Removal of word “scenario“ 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 049 1 Correction of WRAP to CCMP 6.2.1 6.3.0 WLAN 2004-12 SP-26 SP-040858 050 1 Removal of resolved editors notes 6
44、.2.1 6.3.0 WLAN 2005-03 SP-27 SP-050142 051 - Wu Reference Point Description 6.3.0 6.4.0 WLAN 2005-03 SP-27 SP-050142 052 1 Replacing PDGW with PDG 6.3.0 6.4.0 WLAN 2005-03 SP-27 SP-050142 055 1 Clarification on EAP-AKA(SIM) description in 3GPP IP access authentication and authorization 6.3.0 6.4.0
45、WLAN 2005-03 SP-27 SP-050142 056 2 Threat of users accessing each other in link layer and corresponding security requirements of user traffic segregation 6.3.0 6.4.0 WLAN 2005-03 SP-27 SP-050142 057 1 Clarifying the status that can“t be changed in the security requirement of WLAN-UE split 6.3.0 6.4.
46、0 WLAN 2005-03 SP-27 SP-050142 058 2 WLAN AN providing protection against IP address spoofing 6.3.0 6.4.0 WLAN 2005-03 SP-27 SP-050142 059 1 Clarification on the handling of simultaneous sessions 6.3.0 6.4.0 WLAN 2005-03 SP-27 SP-050142 060 2 Removal of editors notes 6.3.0 6.4.0 WLAN 2005-03 SP-27 S
47、P-050142 061 1 Detecting the start of a WLAN Direct IP Access session based on Wa/Wd Accounting Messages 6.3.0 6.4.0 WLAN 2005-03 SP-27 SP-050142 063 1 Adding verification method of PDG certification by OSCP protocol 6.3.0 6.4.0 WLAN 2005-06 SP-28 SP-050265 064 2 F Specify the number of the IPsec SA
48、s under the same IKE SA in WLAN 3GPP IP access 6.4.0 6.5.0 WLAN 2005-06 SP-28 SP-050265 065 1 F Terminate WLAN session by AAA server 6.4.0 6.5.0 WLAN 2005-06 SP-28 SP-050265 066 - F Correction to the definition of the Wn Reference Point 6.4.0 6.5.0 WLAN 2005-06 Corrects version number on cover page
49、6.5.0 6.5.1 2005-09 SP-29 SP-050547 0067 - F Correction of reference 6.5.1 6.6.0 WLAN 2005-09 SP-29 SP-050547 0068 - F Clarification on obtaining Remote IP address during Tunnel Establishment Procedure 6.5.1 6.6.0 WLAN 2005-09 SP-29 SP-050547 0069 - F Profiling of IKEv2 to support Re-keying of IPsec SAs and IKE SAs 6.5.1 6.6.0 WLAN 2005-09 SP-29 SP-050547 0070 - F Separation of authentication and authorization in WLAN 3GPP IP access 6.5.1 6.6.0 W
