S5422 support of esp authentication and encryption

Info icon This preview shows pages 104–107. Sign up to view the full content.

View Full Document Right Arrow Icon
S.5.4.2.2 Support of ESP authentication and encryption For IMS signaling traffic, ESP shall always be used to provide data integrity, data origin authentication, and anti-replay protection services, thus the ESP_NULL authentication algorithm shall not be allowed for use. It shall support ESP_HMAC_SHA-1 algorithm. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 104 Release 12
Image of page 104

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
The ESP_DES algorithm shall not be used due to its weakness and instead it shall be mandatory to support the ESP_3DES algorithm as default. Support for the AES CBC cipher algorithm (RFC 3602 [22]) is mandatory. The AES CBC key length shall be 128 bits. S.5.4.3 Support of TLS This section specifies the use of TLS, for transport protection between IMS network elements. Where TLS is used for transport protection, implementations shall support TLS according to the TLS profile specified in TS 33.310 [24], Annex E. Implementations shall support mutual, certificate-based authentication, and may support (and attempt to negotiate the use of) other authentication methods such as pre-shared secret keys (PSK). The security services provided by network domain security are: - data integrity; - data origin authentication; - anti-replay protection; TLS provides transport-layer security over connection-oriented protocols (for the purposes of the present document, TCP); "tls" (signifying TLS over TCP) can be specified as the desired transport protocol within a “Via” header field value or a SIP-URI. TLS is most suited to architectures in which hop-by-hop security is required between hosts with no pre-existing trust association. Implementations shall firstly prefer AES cipher suites, and secondly prefer ephemeral Diffie-Hellman cipher suites during TLS negotiation. Mutual authentication shall be required for all TLS connections. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 105 Release 12
Image of page 105
Annex T (normative): GPRS-IMS-Bundled Authentication (GIBA) for Gm interface T.1 Introduction 3GPP IMS provides an IP-based session control capability based on the SIP protocol. IMS can be used to enable services such as push-to-talk, instant messaging, presence and conferencing. It is understood that "early" implementations of these services will exist that are not fully compliant with 3GPP IMS. It is expected that there will be a need to deploy some IMS-based services before products are available which fully support the 3GPP IMS security features defined in the main body of this specification. Non-compliance with security features specified in the main body of this specification is expected to be a problem mainly at the UE side, because of the potential lack of support of the USIM/ISIM interface (especially in 2G-only devices) and because of the potential inability to support IPsec on some UE platforms. Although full support of security features specified in the main body of this specification is preferred from a security perspective, it is acknowledged that early IMS implementations will exist which do not support these features.
Image of page 106

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 107
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern