Note 16regarding the selection of the number of the

Info icon This preview shows pages 37–39. Sign up to view the full content.

View Full Document Right Arrow Icon
NOTE 16:Regarding the selection of the number of the protected port at the UE it is generally recommended that the UE randomly selects the number of the protected port from a sufficiently large set of numbers not yet allocated at the UE. This is to thwart a limited form of a Denial of Service attack. UMTS PS access link security also helps to thwart this attack. 7. For each incoming protected message the SIP application at the UE shall verify that the correct inbound SA according to clause 7.4 on SA handling has been used. The SA is identified by the pair (UE_protected_port, P-CSCF_protected_port) in the "SA table". NOTE 17:If the integrity check of a received packet fails then IPsec will automatically discard the packet. 7.2 Set-up of security associations (successful case) The set-up of security associations is based on RFC 3329 [21]. Annex H of this specification shows how to use RFC 3329 [21] for the set-up of security associations. In this clause the normal case is specified i.e. when no failures occurs. Note that for simplicity some of the nodes and messages have been omitted. Hence there are gaps in the numbering of messages, as the I-CSCF is omitted. Figure 8 The UE sends a Register message towards the S-CSCF to register the location of the UE and to set-up the security mode, cf. clause 6.1. In order to start the security mode set-up procedure, the UE shall include a Security-setup -line in this message. The Security-setup-line in SM1 contains the Security Parameter Index (SPI) values and the protected ports selected by the UE. The UE includes two unique ports (one client and one server port) and two unique SPIs (one associated to the client port, and one associated to the server port) in the REGISTER. It also contains a list of identifiers for the integrity and encryption algorithms, which the UE supports. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 37 Release 12
Image of page 37

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
SM1: REGISTER(Security-setup = SPI_U, Port_U, UE integrity and encryption algorithms list) SPI_U is the symbolic name of a pair of SPI values (cf. clause 7.1) (spi_uc, spi_us) that the UE selects. spi_uc is the SPI of the inbound SA at UE’s the protected client port, and spi_us is the SPI of the inbound SA at the UE’s protected server port. The syntax of spi_uc and spi_us are defined in Annex H. NOTE 1: The syntax defined in Annex H allows a large freedom of number of SPIs. Only one pair of unique SPIs is included in the Security-setup. Port_U is the symbolic name of a pair of port numbers ( port_uc, port_us ) as defined in clause 7.1. The syntax of port_uc and port_us is defined in Annex H. NOTE 2: The syntax defined in Annex H allows a large freedom of number of ports. Only one pair of unique ports is included in the Security-setup. Upon receipt of SM1, the P-CSCF temporarily stores the parameters received in the Security-setup - line together with the UE’s IP address from the source IP address of the IP packet header, the IMPI and IMPU. Upon receipt of SM4, the P-CSCF adds the keys IK IM and CK IM received from the S-CSCF to the temporarily stored parameters.
Image of page 38
Image of page 39
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern