There is a risk of a man in the middle bidding down

Info icon This preview shows pages 83–85. Sign up to view the full content.

View Full Document Right Arrow Icon
there is a risk of a man-in-the-middle bidding down the UE to "no signalling security" without the P- CSCF even noticing, even when both, the UE and P-CSCF support TLS and want to use it. O.1.2 Confidentiality protection Operators shall take care that the deployed confidentiality protection solution and roaming agreements fulfils the confidentiality requirements presented in the local privacy legislation. When TLS is used to protect signalling information between the UE and the P-CSCF, the following confidentiality mechanisms are provided for TLS based access security: 1. Negotiation of TLS related confidentiality protection features shall take place at the TLS layer as specified in clause O.2. 2. The UE shall always offer TLS CipherSuites to the P-CSCF to be used for the session, as specified in clause O.2.1. 3. The P-CSCF shall decide which TLS CipherSuites are used. Confidentiality between CSCFs, and between CSCFs and the HSS shall rely on mechanisms specified by Network Domain Security in TS 33.210 [5]. O.1.3 Integrity protection When TLS is used to protect signalling information between the UE and the P-CSCF, the following integrity mechanisms are provided for TLS based access security: 1. Negotiation of TLS related integrity protection features shall take place at the TLS layer. 2. The UE shall always offer TLS CipherSuites for P-CSCF to be used for the session, as specified in clause O.2.1. 3. The P-CSCF shall decide which TLS CipherSuites are used. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 83 Release 12
Image of page 83

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4. The UE and the P- CSCF shall both verify that the data is sent and received within the TLS connection. This verification is also used to detect if the received data has been tampered with. 5. Replay attacks and reflection attacks shall be mitigated by using the mechanism provided by TLS. 6. UE and P-CSCF shall verify the identities of the TLS session endpoints according to clause O.2.1. Integrity protection between CSCFs and between CSCFs and the HSS shall rely on mechanisms specified by Network Domain Security in TS 33.210 [5]. O.1.4 TLS integrity protection indicator For non-Initial REGISTER messages protected by TLS according to this Annex, the P-CSCF shall attach an appropriate indicator to the message when forwarding it to the S-CSCF. This indicator shall enable the S-CSCF to distinguish between protection by IPsec according to the main body or Annex M and protection by TLS according to this Annex. For more details on the use of this indicator cf. clause O.2.2. When a REGISTER message is not protected by TLS the P-CSCF shall not include any indication about integrity protection by TLS in the messages. O.2 TLS Session set-up procedure O.2.1 TLS Profile for TLS based access security The UE and the P-CSCF shall support TLS as specified in clause O.1.1 with the following profiling: When the UE and the P-CSCF implement and use TLS as specified in the present Annex O, TLS shall be implemented and used according to the TLS profile specified in TS 33.310 [24], Annex E. For all TLS versions the provisions on ciphersuites given in TS 33.310 [24], Annex E, shall apply.
Image of page 84
Image of page 85
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern