Security considerations for IMS access independence



Similar documents
3GPP TSG SA WG3 Security S3#25 S October 2002 Munich, Germany

A Call Conference Room Interception Attack and its Detection

ETSI TS V ( ) Technical Specification

Implementing Conditional Conference Call Use Case over IMS and Non IMS Testbed an experimental results through comparison approach

ETSI TS V2.1.1 ( ) Technical Specification

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

Delivery of Voice and Text Messages over LTE

1. Scope and objectives

TSGS#27(05)0115. Technical Specification Group Services and System Aspects Meeting #27, March 2005,Tokyo, Japan

3GPP TSG CN Plenary Meeting #16 5 th - 7 th June Marco Island, USA. 3GPP TSG-CN1 Meeting #24 Tdoc N Budapest, Hungary,

Service Continuity Path to smooth user experiences

ETSI TS V6.8.0 ( ) Technical Specification

Advanced SIP Series: SIP and 3GPP

End-2-End QoS Provisioning in UMTS networks

Inter-Domain QoS Control Mechanism in IMS based Horizontal Converged Networks

Conferencing Using the IP Multimedia (IM) Core Network (CN) Subsystem

of the existing VoLTE roaming and interconnection architecture. This article compares existing circuit-switched models with the earlier

Investigation of Interworked IMS Architecture In Terms Of Traffic Security

IMS Interconnect: Peering, Roaming and Security Part One

A Scenario of Machine-to-Machine (M2M) Health Care Service

End-to-End Quality-of-Service Support in Next Generation Networks with NSIS

TECHNICAL REPORT End to End Network Architectures (E2NA); Location of Transcoders for voice and video communications

2. Archtiecture overview related to support for use of a reverse http proxy

3GPP TS V6.1.0 ( )

3GPP TSG SA WG3 Security S3#30 S October 2003 Povoa de Varzim, Portugal. Abstract

COPYRIGHTED MATERIAL. Contents. Foreword. Acknowledgments

ETSI TR V6.1.0 ( )

LTE transport network security Jason S. Boswell Head of Security Sales, NAM Nokia Siemens Networks

Architectural Overview of IP Multimedia Subsystem -IMS

... Figure 2: Proposed Service Invocation Mechanism. AS Service invocation 2 SC invocation 2. Session/Call Control Function

ETSI TS V5.1.0 ( )

Mobility and cellular networks

End Device Support for AAA in SIP Conferencing

Co-existence of Wireless LAN and Cellular Henry Haverinen Senior Specialist Nokia Enterprise Solutions

A Proposed Model For QoS guarantee In IMSbased Video Conference services

Just as the ecommerce companies have

3GPP TR V8.0.0 ( )

Cloudified IP Multimedia Subsystem (IMS) for Network Function Virtualization (NFV)-based architectures

ARIB STD-T V G Security; Network Domain Security; IP network layer security (Release 6)

ARIB STD-T V G Security; Network Domain Security; IP network layer security (Release 5)

Service Identifier Comparison module Service Rule Comparison module Favourite Application Server Reinvocation Management module

Chapter 17: M2M-Based Metropolitan Platform for IMS-Enabled Road Traffic Management in IoT

Authentication and Authorisation for Integrated SIP Services in Heterogeneous Environments 1

Advanced SIP Series: SIP and 3GPP Operations

Authentication and Security in IP based Multi Hop Networks

Security and Authentication Concepts

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation

LTE and the Evolution to 4G Wireless

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

Data Integrity and Network Security in Wireless LAN/3G Integrated Networks

Service Broker Function in IMS Architecture - Issues and Considerations

Evolutionary Trends towards Beyond 3G Mobile Networks

TRIM: an Architecture for Transparent IMS-based Mobility

3GPP TSG SA WG3 Security S Meeting S3#16 Sophia Antipolis, November, Abstract

Design Document. Offline Charging Server (Offline CS ) Version i -

3GPP TS V ( )

Operator-based Over-the-air M2M Wireless Sensor Network Security

GSM services over wireless LAN

ARIB TR-T V G Security; Generic Authentication Architecture (GAA); System Description (Release 7)

II. Service deployment

ETSI TS V ( )

Diameter in the Evolved Packet Core

Chapter 3: WLAN-GPRS Integration for Next-Generation Mobile Data Networks

ETSI TS V3.3.1 ( ) Technical Specification

PARAMETERS TO BE MONITORED IN THE PROCESS OF OPERATION WHEN IMPLEMENTING NGN TECHNICAL MEANS IN PUBLIC TELECOMMUNICATION NETWORKS

Load Balancing Support for Self-Organizing IMS Networks

ARIB TR-T V7.0.0

SA Oxford Workshop Summary to T#10 Bangkok, 6-8 December 2000

Performance Analysis and Deployment of VoLTE Mechanisms over 3GPP LTE-based Networks

3 The Network Architecture

Security in the Evolved Packet System

ETSI TS V8.0.0 ( ) Technical Specification

Studying IMS Signalling in LTE-based Femtocell Network

ETSI TS V8.2.0 ( ) Technical Specification

Requirements and Service Scenarios for QoS enabled Mobile VoIP Service

Table of Content. Introduction Components Architectural Characteristics Concepts Protocols Service Examples Discussion. ToC

3GPP TS V9.0.0 ( )

Performance Estimation of a SIP based Push-to-Talk Service for 3G Networks

Dynamic Charging Architecture and Schemes for 4th Generation Mobile Reconfigurable Systems

Overview of GSMA VoLTE Profile. minimum required functions [3]. 2. Background

Convergent data center for future network

Mobile IPv6 deployment opportunities in next generation 3GPP networks. I. Guardini E. Demaria M. La Monaca

IP-based Mobility Management for a Distributed Radio Access Network Architecture. helmut.becker@siemens.com

ETSI TS V1.7.1 ( ) Technical Specification

VoIP trends in Fixed Network Operators

Experiences on the Establishment and Provisioning of NGN/IMS Testbeds - The FOKUS Open IMS Playground and the Related Open Source IMS Core

3GPP TS V9.0.0 ( )

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

NGN Functional Architecture for Resource Allocation and Admission Control

3GPP TR V ( )

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

3GPP TS V6.3.0 ( )

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

Network Access Security in Mobile 4G LTE. Huang Zheng Xiong Jiaxi An Sihua

ETSI TS V3.1.1 ( ) Technical Specification

Providing Identity Assured User Generated Services Using IMS

3GPP TS V9.4.0 ( )

IP Multimedia System: general aspects and migration perspectives

Presence SIMPLE Architecture

Fixed versus Mobile Turning Convergence into Reality. Dieter Schuler, Wouter Franx Lucent Technologies

Transcription:

3GPP TSG SA WG3 Security S3#20 S3-010468 16-19 October, 2001 Sydney, Australia Source: Title: Document for: Agenda Item: Telia / independence Information Security Security considerations for access independence Contents Page 1 Introduction 2 2 Definitions 2 3 Access independence to IP Multimedia Subsystem 2 3.1 Introduction 2 3.2 / independence 3 3.3 / split considerations 5 3.3.1 and on separate ICCs 5 3.3.2 and on same ICC 6 3.3.3 UE split consideration 7 4 Terminal issues 7 4.1.1 IETF SIP vs SIP clients 7 4.1.2 Card reader issues 7 5 Access to the application and the application 8 6 Network Domain Security and access independence 9 7 Conclusions 10 8 References 11

Introduction Since there exist no clear definition in any 3GPP specification (not within the writers knowledge) of what access independence really means, this document has been based on Telias interpretation of the concept. In [4], it is stated that the shall be access independent. Telia s understanding of access independence is that should be accessible from a variety of IP based access technologies. This PM is for information and its intention is to bring up some issues that are inconsistent with the statement in [4]. In addition, the work on splitting the UE is not possible, with the current coupled definitions of, and. Definitions The following definitions are presently stated in TS 21.133 (3G Security; Security Threats and Requirements)[1], TS 33.203 (Access security for IP-based services)[2] and TR 21.905 (Vocabulary for 3GPP Specifications) [3]. UMTS Integrated Circuit Card (): a physically secure device that can be inserted and removed from terminal equipment. It can contain one or more applications one of which must be the [1] UMTS IC Card: An IC card (or smartcard ) of defined electromechanical specification which contains at least one [3] User Services Identity Module (): an application that represents and identifies a user and his association with a home environment in the provision of 3G services. The contains functions and data needed to identify and authenticate users when 3G services are accessed. It may also contain a copy of the user s service profile. It may also provide other security features. The contains the user s IMUI and any security parameters, which need to be carried by the user. The is always implemented in a removable IC card called the. [1] Universal Subscriber Identity Module (): An application residing on the used for accessing services provided by mobile networks, which the application is able to register on with the appropriate security. [3] IM Services Identity Module. In a security context, this module is responsible for performing subscriber and network authentication and key agreement in IM CN SS. The resides on the. [2] From these definitions, we conclude that the and the must reside on the same physical. Access independence to IP Multimedia Subsystem Introduction In [4], it is stated that the shall be access independent. Telia s understanding of access independence is that should be accessible from a variety of IP based access technologies, e.g. UMTS, WLAN and ADSL (see Figure 1). Further, the subscriber should be able to use the same procedures when registering or setting up sessions independently of access technology.

UMTS phone Wireless network SIP client WLAN card Laptop computer Ethernet card Fixed network ADSL Figure 1 access independence Another aspect is terminal independence. From an user perspective, it should be as easy accessing services from a laptop or desktop computer as accessing services from a UMTS terminal. As stated in [2], the security functionality of should be independent of UMTS security. It is also an important issue to achieve access independence. In order to fulfil complete access independence, some issues have been identified. These are presented in the following sections. / independence It is stated in [2] that security functionality should be independent from UMTS security. The UE split discussion in Newbury identified problems with the current architecture [5]. In order to fulfil this requirement when we have a split UE, the must be separated from the, not only logical, as in the current standard [2], but also physical separation is necessary. To get access independence a user should not be forced to have a UMTS subscription, an subscription should be enough. Figure 2 with (and )

According to the definition of, and (see definitions above) this is not possible. The must include a and the must reside on the. This implies that in order to have an subscription () a user must have a UMTS subscription () and both SIMs must reside on the. IICC Figure 3 and independence The need the same physical security as the, i.e. the must reside on a tamper proof ICC (Integrated Circuit Card) like the. One idea would be to define a Integrated Circuit Card (IICC ) that contains the. This would be used in cases when it is not desired to have the on the, for example when UMTS is not used for access to. This IICC could be a physical card similar to the, with the intention to contain the not the. The definition of also needs to be redefined to state that the is independent of the. Below suggestions for definitions are presented: New definition: Integrated Circuit Card (IICC): a physically secure device that can be inserted and removed from terminal equipment. It can contain one or more applications one of which must be the Change of definition: IM Services Identity Module. In a security context, this module is responsible for performing subscriber and network authentication and key agreement in IM CN SS. The resides on the or the IICC.

/ split considerations This section brings up some problems related to storing the and the on separate and IICC vs. storing them on the same ICC (). and on separate ICCs The figure below shows the main advantages using separate ICCs. A user can easily move from one access technology to another and still use. The user is not bound to a UMTS subscription and no sensitive information, such as keys, needs to be transferred between the separate client (on a PC) and the UMTS terminal. A B support UMTS Terminal support Non UMTS access IICC IICC Figure 4 Separate and ICC A drawback with using separate ICCs is that access to the through UMTS requires two card readers, one card reader for the actual access and one for the UMTS access. If the client is separated from the UMTS terminal (see figure above), any client terminal (e.g. a PC) need to be equipped with a card reader. C UMTS Terminal w support IICC Figure 5 Separate and ICC (access to through UMTS using combined /UMTS terminal)

If the client is integrated into the UMTS terminal, it is required that the terminal has two card readers (see figure above). and on same ICC In the case when the and are located on the same ICC (), the following issues need to be considered. D support Non UMTS access Figure 6 Access to through non-umts (no UMTS terminal) When accessing using a non-umts access, the client should only have access to the and not the, i.e. the should be inactive (see figure above). E active support UMTS Terminal w support Figure 7 Access to through UMTS (separate and UMTS terminal) The use of an ICC, which contains both the and the (see figure above) makes access to through a separate client (for example on a PC) impossible. The client on the PC need to access the which is located on the (the is in the UMTS terminal) through some interface between the PC and UMTS terminal. ( UE split?)

This could possibly be solved by using two ICCs (see figure below). One ICC () that contains the and for use when the client and UMTS terminal are integrated, and one ICC (IICC) to use when a separate client (a PC) is used. F support IICC UMTS Terminal w support (inactive) Figure 8 In such a solution, it is important that there exists some mechanism that makes the on the inactive in order to use the on the IICC ( the separate client, e.g. a PC). Note, the long-term key stored on the and in the HSS is associated to the IM Private Identity (IMPI) [2], and a subscription can only have one IMPI [9]. Does this not make two s impossible for one subscription? (This solution needs further study) UE split consideration The use of a separate on a IICC removes the problem of transferring sensitive security information over any UE TE interface. Terminal issues IETF SIP vs SIP clients As stated above, from an user perspective, it should be as easy accessing services from a laptop or desktop computer as accessing services from a UMTS terminal. Since future operating systems are expected to have pre-installed standard (IETF) SIP clients, it is important that the SIP and the IETF SIP clients are identical according to standards. If this is not done, a non-umts user with an ordinary IETF SIP client might not be able to access because of compatibility problems between the SIP client and the. One such example is the AKA extension, if it is not included in the IETF SIP, there will be compatibility problems! Card reader issues Every terminal used for accessing the needs to have a card reader for the ICC and this might be non- user friendly. One of the basic ideas with SIP is user mobility; a user should be able to register at the SIP server independently of terminal. The use of an ICC makes this difficult. From a security point of view it is of course necessary to use an ICC, but it will make the use of services limited to those terminals with proper card readers.

Another aspect is the card reader interface. Any SIP client needs a driver for the card reader. If the interface between the card reader and the operating system does not follow a widely deployed standard a special driver is needed and this might also be a problem (need further study). Access to the application and the application In order to separate the different applications on the ICC (in case the and the are located on the same ICC) it might be necessary to use different PIN codes for the application and the application. This means that a Universal PIN as defined in [8] should not be allowed. If allowed, it is possible for a client application to access both applications on the ICC using the same PIN, and this might not be good from a security point of view. Consider the following scenario: A user with a containing the and the (the same PIN is used for accessing both the and the ) enters an Internet cafe and uses the provided PC with an installed client to access. The user accesses through the Internet, not UMTS (see figure below). The user enters his/her PIN code (on the PC) to make it possible for the client on the PC to connect to the selected. The installed client is malicious and starts accessing information stored on the. The goals for such attacks could be to gather enough information from the in order to clone it, or perform active cryptographic attacks. If different PIN codes where used, the malicious client on the PC would only have access to the. The threat still exists for the though, but the damage is only limited to the. Malicious INTERNET active support Figure 9 Malicious client The use of two separate PIN codes for the / might be bad from a user perspective when using an client integrated with a UMTS terminal, since the user need to enter two PINS. This could be solved by using one PIN that opens up both the and the, and this would be used in the case when the client is integrated with the UMTS terminal. Another PIN only opens up the and would be used in the separate client case (i.e. client on a PC) The seems tightly connected to the closed UMTS world, the software used in the UMTS terminals are within the control of the manufactures and operators. The on the other hand has not this tight coupling since is supposed to be access independent. It is possible for uncontrolled applications in a PC to access the. This is a reason for why different PIN codes might be a thing to consider.

A multi-application capability (from the security context point of view) shall support the replacement of a application PIN with the Universal PIN, key reference '01', as defined in 3G TS 31.101 [11]. Only the Universal PIN is allowed as a replacement [7] This means that a user can change the use of application PINs to the use of one Universal PIN for accessing both the and the, unless the technical specifications [7][8] are altered. Assumably this issue has already been considered and it has been decided that it should NOT be possible to require only application PINs on a multi-application (i.e. not possible to forbid the use of a Universal PIN). Network Domain Security and access independence According to the security specification [2] there exists a security association (SA) between the P- SCSF and the I-CSCF (or S-CSCF). This SA (4) is depicted in the figure below. How this should be handled is not covered in [2], instead the NDS/IP specification [6] specifies what security measures shall be defined for these types of interfaces. Figure 10 security In [6] it is stated that all traffic shall pass through a security gateway (SEG) before entering or leaving a security domain, this implies that SEGs must exist between the P-CSCF and the I-CSCF (or S-CSCF), as depicted in the figure below.

Figure 11 NDS/IP and security To set-up the required IPSec tunnel between two SEGs, IPSec SAs are needed. These SAs are established under the protection of a IKE SA. In order to establish the IKE SA, the SEGs need to be mutually authenticated and this is carried out during the first phase of IKE. This affects the access independence, since any visited network need to be able to establish a IPSec tunnel between the SEG (P-CSCF) in the visited network and the SEG (I-CSCF/S-CSCF) in the home network. Since IKE is supposed to be used for key management, the SEG in the visited network need to share IKE authentication keys with the SEG in the home network or a Key Distribution Center (KDC). If a user arrives in a visited network that does not support this, access to is not possible. Conclusions From the short analysis presented in this document it is clear that the access independence requirement for stated in [4] introduces some problems for the security architecture. In order to adapt the security architecture towards access independence some modifications are needed. The separation of the and the has been the main focus of this document but other issues, such as the close connection to NDS, have also been identified. There will probably come up other issues related to access independence and security as the work continues. Most of the issues brought up in this document are based on Telias interpretation of the concept access independence. To get a deeper understanding of the concept access independence a clear definition is needed from 3GPP.

References [1] 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Threats and Requirements (3G TS 21.133 version 3.1.0) [2] 3rd Generation Partnership Project; Technical Specification Group SA3; Access security for IP-based services (Release 5) 3G TS 33.203 V0.5.0 (2001-06) [3] Universal Mobile Telecommunications System (UMTS);Vocabulary for 3GPP Specifications (3GPP TR 21.905 version 4.3.0 Release 4) (2001-06) [4] 3rd Generation Partnership Project;Technical Specification Group Services and System Aspects; Service requirements for the IP Multimedia Core Network Subsystem (Stage 1) (Release 5) 3GPP TS 22.228 V5.2.0 (2001-06) [5] Draft report for joint S1/S3/T2/T3 meeting about security implications of UE functional split 3 rd July 2001 - version 0.0.3 [6] 3G TS 33.210: "3 rd Generation Partnership Project (3GPP); Technical Specification Group (TSG) SA; 3G Security; Network domain security; IP network layer security". [7] Universal Mobile Telecommunications System (UMTS); Characteristics of the Application 3GPP TS 31.102 version 4.1.0 (Release 4) [8] Smart cards;-terminal interface; Physical and logical characteristics (Release 4) ETSI TS 102 221 V4.2.0 (2001-04) [9] 3 rd Generation Partnership Project; Technical Specification Group Services and System Aspects; IP Multimedia (IM) Subsystem - Stage 2 (Release 5) 3GPP TS 23.228 V5.1.0 (2001-06)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information