security in multicase

8/11/2019 security in multicase

1/69

3GPP TS 33.246 V9.1.0 (2012-12)Technical Specification

3rd Generation Partnership Project;Technical Specification Group Services and System Aspects;

3G Security;Security of Multimedia Broadcast/Multicast Service (MBMS

(!elease "

The present document has been developed within the 3rdGeneration Partnership Project (3GPPTM) and may be further elaborated for the purposes of 3GPP.

The present document has not been subject to any approval process by the 3GPP Orani!ational Partners and shall not be implemented.

This "pecification is provided for future development wor# within 3GPP only. The Orani!ational Partners accept no liability for any use of this

"pecification."pecifications and reports for implementation of the 3GPPTMsystem should be obtained via the 3GPP Orani!ational Partners$ Publications Offices.


2/693GPP

%eywordsLTE, UMTS, multimedia, b!ad"a#t, #e"uit$

3GPP

Postal address

3GPP support office address

6%0 &!ute de# Lu"i!le# - S!'ia *ti'!li#

Valb!**e - +&ETel. /33 4 92 94 42 00 +a /33 4 93 6% 4 16

&nternet

tt'.3''.!

Copyright Notification

'o part may be reproduced ecept as authori!ed by written permission.The copyriht and the foreoin restriction etend to reproduction in all media.

*+,*- 3GPP Orani!ational Partners (/&0- T&"- 11"- 2T"&- TT- TT1).

ll rihts reserved.

MT"4 is a Trade Mar# of 2T"& reistered for the benefit of its members

3GPP4 is a Trade Mar# of 2T"& reistered for the benefit of its Members and of the 3GPP Orani!ational Partners

5T24 is a Trade Mar# of 2T"& currently bein reistered for the benefit of its Members and of the 3GPP

Orani!ational PartnersG"M6 and the G"M loo are reistered and owned by the G"M ssociation

3GPP TS 33#$%& '"##) ($)$*$$!elease "


3/69

!*te*t#

7oreword..........................................................................................................................................................

&ntroduction......................................................................................................................................................

, "cope......................................................................................................................................................

* /eferences..............................................................................................................................................

3 8efinitions- abbreviations- symbols and conventions.............................................................................3., 8efinitions...........................................................................................................................................................

3.* bbreviations.......................................................................................................................................................3.3 "ymbols...............................................................................................................................................................3.9 1onventions.......................................................................................................................................................

9 M0M" security overview.....................................................................................................................9., M0M" security architecture..............................................................................................................................

9.,., General.........................................................................................................................................................9.,.* 0M:"1 sub:functions..................................................................................................................................

9.,.3 2 security architecture...............................................................................................................................9., Granularity of M0M" security..........................................................................................................................9.* %ey manaement overview...............................................................................................................................

; M0M" security functions.....................................................................................................................;., uthenticatin and authori!in the user............................................................................................................;.* %ey derivation- manaement and distribution...................................................................................................;.3 Protection of the transmitted traffic...................................................................................................................

< "ecurity mechanisms............................................................................................................................


4/69


5/69

1.* /e?uirements on M0M" Transport "ervice sinallin protection........................................................

1.3 /e?uirements on Privacy......................................................................................................................

1.9 /e?uirements on M0M" %ey Manaement.........................................................................................

1.; /e?uirements on interity protection of M0M" ser "ervice data......................................................

1.< /e?uirements on confidentiality protection of M0M" ser "ervice data............................................

1.B /e?uirements on content provider to 0M:"1 reference point.............................................................

Annex D (normative): !CC"M# interface......................................................................................

8., M"% pdate Procedure........................................................................................................................

8.* >oid......................................................................................................................................................

8.3 MT% eneration and validation............................................................................................................

8.9 M"% deletion procedure......................................................................................................................

8.; M% deletion procedure.....................................................................................................................

Annex # (!nformative): M!$#% features not used in MBMS...........................................................

Annex & (normative): M'$ ey derivation for M# ased MBMS ey mana*ement..................

Annex + (normative): ,TT- ased ey mana*ement messa*es.....................................................

G., &ntroduction..........................................................................................................................................

G.* %ey manaement procedures................................................................................................................G.*., M0M" ser "ervice /eistration.....................................................................................................................G.*.* M0M" ser "ervice 8ereistration..................................................................................................................G.*.3 M"% re?uest......................................................................................................................................................

G.*.9 2rror situations..................................................................................................................................................

Annex , (informative): Si*nallin* flos for MS$ /rocedures..........................................................

=., "cope of sinallin flows......................................................................................................................

=.* "inallin flows demonstratin a successful M"% re?uest procedure..................................................=.*., "uccessful M"% re?uest procedure...................................................................................................................

Annex ! (informative): #xam/le of usin* MS$s and MT$s in MBMS..........................................

Annex 0 (informative): Ma//in* the MBMS security requirements into security functions

and mechanism.............................................................................................C., 1onsistency chec#.............................................................................................................................................C.,., /e?uirements on secure service access........................................................................................................

C.,.* /e?uirements on M0M" transport "ervice sinallin protection...............................................................C.,.3 /e?uirements on Privacy.............................................................................................................................C.,.9 /e?uirements on M0M" %ey Manaement................................................................................................

C.,.; /e?uirements on interity protection of M0M" ser "ervice data............................................................C.,.< /e?uirements on confidentiality protection of M0M" ser "ervice data..................................................C.,.B /e?uirements on content provider to 0M:"1 reference point....................................................................

C.* 1onclusions..........................................................................................................................................

Annex $ (!nformative): S'T- features not used in MBMS...............................................................

Annex 1 (2ormative): Multicastin* MBMS user data on !u.........................................................

Annex M (informative): 'elation to !MS ased MBMS user services...............................................

Annex 2 (informative): Chan*e history..............................................................................................

3GPP

3GPP TS 33#$%& '"##) ($)$*$+!elease "


6/69

+!e!d

This Technical "pecification has been produced by the 3rdGeneration Partnership Project (3GPP).

The contents of the present document are subject to continuin wor# within the T"G and may chane followin formalT"G approval. "hould the T"G modify the contents of the present document- it will be re:released by the T"G with anidentifyin chane of release date and an increase in version number as followsD

>ersion .y.!

whereD

the first diitD

, presented to T"G for informationE

* presented to T"G for approvalE

3 or reater indicates T"G approved document under chane control.

y the second diit is incremented for all chanes of substance- i.e. technical enhancements- corrections-updates- etc.

! the third diit is incremented when editorial only chanes have been incorporated in the document.

5*t!du"ti!*

The security of M0M" provides different challenes compared to the security of services delivered over point:to:pointservices. &n addition to the normal threat of eavesdroppin- there is also the threat that it may not be assumed that validsubscribers have any interest in maintainin the privacy and confidentiality of the communications- and they may

therefore conspire to circumvent the security solution (for eample one subscriber may publish the decryption #eysenablin non:subscribers to view broadcast content). 1ounterin this threat re?uires the decryption #eys to be updated

fre?uently in a manner that may not be predicted by subscribers while ma#in efficient use of the radio networ#.

3GPP

3GPP TS 33#$%& '"##) ($)$*$&!elease "


7/69

1 S"!'e

The Technical "pecification covers the security procedures of the Multimedia 0roadcastFMulticast "ervice (M0M") for3GPP systems (T/'- G2/' and 2:T/'). M0M" is a 3GPP system networ# bearer service over which many

different applications could be carried. The actual method of protection may vary dependin on the type of M0M"application.

2 &eee*"e#

The followin documents contain provisions- which- throuh reference in this tet- constitute provisions of the presentdocument.

/eferences are either specific (identified by date of publication- edition number- version number- etc.) or non:specific.

7or a specific reference- subse?uent revisions do not apply.

7or a non:specific reference- the latest version applies. &n the case of a reference to a 3GPP document (includina G"M document)- a non:specific reference implicitly refers to the latest version of that document in the same

Release as the present document.

,H 3GPP T/ *,.I+;D J>ocabulary for 3GPP "pecificationsJ.

*H 3GPP T" **.,9


8/69

*+H 3GPP T" *I.,+ID J3rd Generation Partnership ProjectE Technical "pecification Group 1ore'etwor#E Generic uthentication rchitecture (G)E Lh and Ln &nterfaces based on the8iameter protocolE "tae 3J.

*,H &2T7 /71 3ersion ,.+ N *I May *++B(OM:T":8/MK0":>,K+:*++B+;*I:1).

*;H &2T7 /71 33B< J&nternet Group Manaement Protocol- >ersion 3J.

*ersion * (M58v*) for &Pv


9/69

'OT2D Rhen a &11 is used- the #eys M"% and M% may be stored within the &11 or the M2 dependin onthe &11 capabilities. Rhen a "&M card is used- the #eys M"% and M% are stored within the M2.

Salt ey Q a random or pseudo:random strin used to protect aainst some off:line pre:computation attac#s on theunderlyin security protocol.

S#3lQ 5ower limit of the MT% &8 se?uence number intervalD 5ast accepted MT% &8 se?uence number interval storedwithin MG>:". The oriinal value of "2l is delivered in the #ey validity data field of M"% messaes.

S#3/Q The MT% &8- which is received in a M&%2A pac#et.

S#3u Q pper limit of the MT% &8 se?uence number interval- which is delivered in the #ey validity data field of M"%messaes.

(S)'T- SessionD The (")/TP and (")/T1P traffic sent to a specific &P multicast address and port pair (one port each for(")/TP and (")/T1P) durin the time period the session is specified to eist. n (")/TP session is used to transport asinle media type (e.. audio- video- or tet). n (")/TP session may contain several different streams of (")/TPpac#ets usin different ""/1s.

3.2 bbe8iati!*#7or the purposes of the present document- the followin abbreviations applyD

0:T&8 0ootstrappin Transaction &dentifier 0M:"1 0roadcast:Multicast "ervice 1entre0"7 0ootstrappin "erver 7unction817 8/M 1ontent 7ormat8/M 8iital /ihts Manaement

2T 2tension payload78T 75T2 7ile 8elivery Table75T2 7ile delivery over nidirectional TransportG0 Generic 0ootstrappin rchitecture

G0KM2 M2:based G0G0K G0 with &11:based enhancements

&8i &dentity of the initiator &8r &dentity of the responder %sKetK'7 8erived #ey in G0K%sKintK'7 8erived #ey in G0K- which remains on &11%sK'7 8erived #ey in G0KM2 of 3G G0 or in *G G0M1 Messae authentication code

M0M" Multimedia 0roadcastFMulticast "erviceMG>:7 M0M" #ey Generation and >alidation 7unctionMG>:" M0M" #ey Generation and >alidation "toraeM&%2A Multimedia &nternet %eyinM%& Master %ey identifier

M/% M0M" /e?uest %eyM"% M0M" "ervice %eyMT% M0M" Traffic %eyM% M0M" ser %ey'7 'etwor# pplication 7unctionOM Open Mobile lliance/O1 /oll:Over 1ounter

"P "ecurity Policy"/T1P "ecure /T1P"/TP "ecure /TP

3.3 S$mb!l#

7or the purposes of the present document- the followin symbols applyD

SS 1oncatenation

3GPP

3GPP TS 33#$%& '"##) ($)$*$"!elease "


10/69

3.4 !*8e*ti!*#

ll data variables in this specification are presented with the most sinificant substrin on the left hand side and theleast sinificant substrin on the riht hand side. substrin may be a bit- byte or other arbitrary lenth bitstrin. Rhere

a variable is bro#en down into a number of substrins- the leftmost (most sinificant) substrin is numbered +- the netmost sinificant is numbered ,- and so on throuh to the least sinificant.

4 MMS #e"uit$ !8e8ie

4.1 MMS #e"uit$ a"ite"tue

4.1.1 Ge*eal

M0M" introduces the concept of a point:to:multipoint service into a 3GPP system. re?uirement of a M0M" ser"ervice is to be able to securely transmit data to a iven set of users. &n order to achieve this- there needs to be a methodof authentication- #ey distribution and data protection for a M0M" ser "ervice.

This means that M0M" security is specified to protect M0M" ser "ervices- and it is independent on whether

multicast or broadcast mode is used.

'OT2D There are two cases when multicast and broadcast mode are handled differentlyD usae of Membershipfunction in authori!ation (see e.. clause 9.,.,) and authori!ation of user related M0M" bearers (see e..clause


11/69

BM"SC

$ey Mana*ement &unction

Session 4 Transmission &unction

$ey 'equest &unction

$ey Distri)ution &unction

# 2)

M+5"S6&

BS&

=TTP 8iest

uthentication (M/%)

=TTP 8iest % (2stablish %s)%s

M3%

M&%2A MT% delivery(protected with M"%)

M"%

eneration

M"% messae

eneration

Content

/rovider

%sKK'7

M/%

M3%

MT%

eneration

MT% messaeeneration

Traffic

encryption

M"% messae

decryption

MT% messaedecryption

Traffic

decryption

M/%

M"%

MT%

M&%2A M"% delivery

(protected with M3%)

2ncrypted 8ata 1)

(protected with MT%)

3a

3b

Ln

,SS

Lh

8ata

8ata

Point:To:Point

Point:To:MultiPoint

%s

%sKK'7

Note 1)"/TP is used for streamin and

modified 817 format for download

Mem)ershi/

&unction

8erivation

M/%

8erivation 3)

8erivation

MT%

M"%

M/%

8erivation 3)

Note 3) Not applicable for GBA_U, since

R!"!s_e#t_NA$

Note 2)!s_##_NA$ stands for GBA_% or

GBA_U based NA$ &e's

.iure %#0 MBMS security architecture

7iure 9., ives an overview of the networ# elements involved in M0M" from a security perspective. 'early all thesecurity functionality for M0M"- ecept for the normal networ# bearer security- resides in either the 0M:"1 or the 2.The 0"7 is a part of G0 (T" 33.**+


12/69

0roadcast Mode this authori!ation is done without the help of Membership function because the Membership functionis only defined in the contet of M0M" Multicast Mode in T" *3.*9< 3H.

The 2 is responsible for establishin shared secrets with the 0M:"1 usin G0- reisterin to and de:reisterinfrom M0M" ser "ervices- re?uestin and receivin #eys for the M0M" ser "ervice from the 0M:"1 and also usinthose #eys to decrypt the M0M" data that is received.

M0M" imposes the followin re?uirements on the M0M" capable elementsD

: a &11 that contains M0M" #ey manaement functions shall implement G0KE

: a M2 that supports M0M" shall implement G0K and G0KM2- and shall be capable of utilisin the M0M"#ey manaement functions on the &11 as well as providin M0M" #ey manaement functions itselfE

: a 0M:"1 shall support usin both G0KM2 and G0K #eys to enable both M2 based and &11 basedM0M" #ey manaement- respectively.

4.1.2 M-S #ub-u*"ti!*#

The 0M:"1 has the followin sub:functions related to M0M" security- see fiure 9.,.

: $ey Mana*ement function:The %ey Manaement function includes two sub:functionsD %ey /e?uest functionand %ey 8istribution function.

: $ey 'equest function:The sub:function is responsible for retrievin G0 #eys from the 0"7- derivin M%and M/% from G0 #eys- performin M0M" ser "ervice /eistration- 8ereistration and M"% re?uestprocedures and related user authentication usin M/%- providin M% to %ey 8istribution function-performin authori!ation chec#. The sub:function implements the followin functions and proceduresD

: 0ootstrappin initiation

: 0ootstrappin re:neotiation

: =TTP diest authentication

: M/% derivation

: M0M" ser "ervice /eistration procedure

: M0M" ser "ervice 8ereistration procedure

: M"% re?uest procedure

: $ey Distriution function:The sub:function is responsible for retrievin M% from /eistration function-

eneratin and distributin M"%s and MT%s to the 2- providin MT% to "ession and Transmission function.The sub:function implements the followin security proceduresD

: M"% delivery procedure

: MT% delivery procedure

: 0M:"1 solicited pull procedure

: Session and Transmission function:The sub:function is responsible for session and transmission functions cf.T" *


13/69

4.1.3 UE #e"uit$ a"ite"tue

&t is assumed that the 2 includes a secure storae (MG>:"). This MG>:" may be reali!ed on the M2 or on the &11.The MG>:7 is implemented in a protected eecution environment to prevent lea#ae of security sensitive information

such as M0M" #eys. MG>:" stores the M0M" #eys and MG>:7 performs the functions that should not be eposed tounprotected parts of the M2. n overview of M2 based #ey manaement and &11 based #ey manaement in 2 is

described in fiures 9.*a and 9.*b.

&n particular in M2 based #ey manaement it shall be ensured that the #eys are not eposed to unprotected parts of theM2 when they are transmitted from the &11 to the MG>:" or durin the #ey derivations.

.iure %#$0 M1 and 244 5ased 6ey manaement in 21

M+5"S6&

#

M+5"S6&

!CC or S!M card

#

%sK'.7

M/%

1%- &%

or

"/2"- %c

%sKetK'.7

M/%

derivation

8ecryption

M%

8ecryption

M"%

MT%

%s

%ey

derivation

M"% ms

MT% ms

M2 based #ey manaement based on G0KM2 M2 based #ey manaement based on G0K3

M/%

M/%

derivation

8ecryption

M%

M"%

MT%

M"% ms

MT% ms8ecryption

!CC

%sKintK'.7

%s

%ey

derivation

1%- &%

.iure %#$a0 M1 5ased 6ey manaement in 21

3GPP

3GPP TS 33#$%& '"##) ($)$*$3!elease "


14/69

#

!CC

M+5"S6&

M/%

%sKetK'7

%sKintK'7

%s

%ey

derivation

8ecryption

M3%

8ecryption

M"%

MT%

1%- &%

M"% ms

MT% ms

&11 based #ey manaement

.iure %#$50 244 5ased 6ey manaement in 21

4.1 Ga*ulait$ ! MMS #e"uit$

n M0M" ser "ervice is composed of one or more M0M" "treamin "essions andFor M0M" 8ownload "essions.n M0M" "treamin "ession is composed of one or more /TP sessions- and an M0M" 8ownload "ession is

composed of one or more 75T2 channels as defined in T" *


15/69

"ome of the rules are illustrated in fiures 9.3 and 9.9.

The usae of M"%s and MT%s applied to a /TP session or 75T2 channel (i.e. usae of M"%s and MT%s for one %ey

roup) is depicted in fiure 9.3. 7iure 9.9 shows an eample of the usae of M"%s and MT%s for three /TP sessions.&n particular it shows that M"%s and MT%s of one %ey Group are used to protect eactly one /TP session.

2stablish M3% (G0)

M"%*

M3%

M"%, M"%n

MT%,*MT%,, MT%, MT%**MT%*, MT%*y MT%n*MT%n, MT%n#

rrow means protected by

8ata 8ata 8ata 8ata 8ata 8ata

8ata pac#ets for /TP session or 753T2 channel

.iure %#30 MBMS 6ey hierarchy0 usae of MS7s and MT7s 8ithin one !TP session or .92T1channel

2stablish M% (G0.)

M"%s%ey Group 0

M%

M"%s%ey Group .

M"%s%ey Group 1

MT%s

/TP session,

MT%s

/TP session*

MT%s

/TP session3

.rrow means protected byO

.iure %#%0 MBMS 6ey hierarchy0 usae of MS7s and MT7s for three separate !TP sessions

ccordin to T" **.*9< ;H there eist M0M" ser "ervices with shared and non:shared Transport "ervices. &n casetwo M0M" ser "ervices share an M0M" Transport "ervice- they also share one or more /TP sessions or 75T2

channels carried in the Transport "ervice. &n this case- it shall be possible for the M0M" ser "ervices to share one ormore M"%s and MT%s of the %ey Groups that are used to protect the M0M" data.

n eample showin how #ey manaement is used with M0M" ser and Transport "ervices is depicted in nne &.

s described in clause


16/69

Rhen the 2 uses =TTP protocol towards the 0M:"1- the 2 is authenticated with =TTP diest as described inclause


17/69

: Protection of streamin data (clause


18/69

memory. The M2 should store the M%s in non:volatile memory in order to be able to authenticate the firstM&%2A messae of a 0M:"1 solicited pull procedure (see clause


19/69

6.2.2 ute*ti"ati!* a*d aut!i#ati!* i* MMS beae e#tabli#me*t

s defined in T" *3.*9< 3H M0M" bearer establishment applies only to multicast mode. The authentication of the 2durin M0M" bearer establishment relies on the authenticated point:to:point connection with the networ#- which was

set up usin networ# security described in T" 33.,+* 9H or T" 93.+*+ ,*H. uthorisation for the M0M" bearerestablishment happens by the networ# ma#in an authorisation re?uest to the 0M:"1 to ensure that the 2 is allowed

to establish the M0M" bearer(s) correspondin to an M0M" ser "ervice (see T" *3.*9< 3H for the details). sM0M" bearer establishment authorisation lies outside the control of the M0M" bearer networ# (i.e. it is controlled bythe 0M:"1)- there is an additional procedure to remove the M0M" bearer(s) related to a 2 that is no lonerauthorised to access an M0M" ser "ervice.

'OT2D M0M" in 2P" supports only broadcast mode and functionality described in this clause applies only tomulticast mode.

6.2.3 V!id

6.2.4 V!id

6.3 :e$ ma*aeme*t '!"edue#

6.3.1 Ge*eal

&n order to protect an M0M" ser "ervice- it is necessary to deliver both M"%s and MT%s from the 0M:"1 to the 2.

M"% procedures are further divided to M"% re?uest procedures- described in clause


20/69

where

%ey 8omain &8 Q M11 SS M'1 and is 3 bytes lon.

'OT2 ,D Rhen M11 SS M'1 is used as #ey identifier- the 2 should not try to use it in another contet- e.. the2 should not compare the received M11 SS M'1 to parameters in radio level.

M"% &8 is 9 bytes lon and with byte + and , containin the %ey Group part- and byte * and 3 containin the%ey 'umber part. The %ey 'umber part is used to distinuish M"%s that have the same %ey 8omain &8 and

%ey Group part. The %ey 'umber part value !ero (++) is reserved for special use to denote the current M"%.%ey Group part is used to roup #eys toether in order to allow redundant M"%s to be deleted. The %ey Grouppart value !ero (++) is not allowed as it is reserved for future use. The M"% &8 is carried in the etensionpayload of M&%2A etension payload.

'OT2 *D &f the %ey 8omain &8 does not uni?uely identify the 0M:"1- it needs to be ensured that the %ey Groupparts are uni?ue within an operator- i.e. two 0M:"1s within an operator shall not use the same %ey Groupvalue unless multiple 0M:"1 deployment is used as is defined in clause


21/69

: *G G0 allowedD yesFno

&f the fla *G G0 is not present then *G G0 is not allowed.

: M&%2A 721:protection- as defined in T" *oid

: 0ac# off mode parameters- as defined in T" *


22/69

21 BM*S4

-ute*ti"ate


23/69

6.3.2.1 MMS U#e Se8i"e 7eei#tati!* '!"edue

Rhen the user desires to dereister from one or more M0M" ser "ervices- the 2 shall perform an M0M" ser"ervice 8e:reistration. This shall be done irrespective of the type of M0M" Transport "ervice i.e. in multicast mode orin broadcast mode.

The 2 shall also perform an M0M" ser "ervice 8e:reistration- at 2 power down- for all onoin M0M" ser"ervices to ensure that the 0M:"1 is made aware that the user is no loner contactable.

&t may happen that the 2 is unable to perform a M0M" ser "ervice 8e:reistration for all onoin M0M" ser"ervices e.. due to uncontrolled power down or loss of coverae. This could lead to situations where the 0M:"1 wantsto initiate an M"% delivery procedure (see clause


24/69

The 0M:"1 should invalidate those M"%s from the 2- which are not used by any other M0M" ser "ervices wherethe 2 is reistered. The 0M:"1 %ey 8istribution function performs this by runnin M"% delivery procedure for eachM"%- where the %ey >alidity data is set to invalid value (see clause


25/69

The handlin of multiple status codes in one response messae is specified in clause alidate messae based on last M3%#nown by 0M:"1. /un G0 if that M3%

was epired and no valid G0:#ey ispresent

.iure $50 BM*S4 solicited pull

The 0M:"1 %ey 8istribution function sends a M&%2A messae over 8P to the 2. The M&%2A messae shall beprotected by the last M% #nown by the 0M:"1. The %ey 'umber part of the M"% &8 in the etension payload of theM&%2A messae shall be set to ++ to indicate that the 2 should re?uest for current M"% from the 0M:"1.

&f the received M%K&8 (i.e. the last M% #nown by the 0M:"1) does not correspond to the last M% #nown by the2- then the 2 chec#s the solicited pull M&%2A messae with the last M% successfully used by the 0M:"1.

The 0M:"1 shall not set the >:bit in the common header when initiatin the 0M:"1 solicited pull procedure.

'OT2 ,D M% may be used by the 0M:"1 %ey 8istribution function beyond the G0 #ey lifetime of thecorrespondin %sKK'7 for the purpose of usin the M% within the first M&%2A messae of a push

solicited pull procedure.

3GPP

3GPP TS 33#$%& '"##) ($)$*$$+!elease "


26/69

'OT2 *D "ince the interity of the M&%2A messae still needs to be assured- a %2M1 payload shall be includedin the M&%2A messae from the 0M:"1 %ey 8istribution function. There is however no #ey present inthe messae. Thus by settin the 2ncr data len field to !ero- only the M1 of the messae will beincluded.

Rhen receivin the messae- the 2 shall re?uest for the current M"% for the specified %ey Group as specified in

clause alidity data.

Rhen an M"% push M&%2A messae is not directly preceded by an M"% #ey re?uest- then it may happen that the 0M:"1 uses a still valid M% that is not the last enerated M% at the 2. The 2 shall handle such a M&%2A pushmessae in a similar way as the push solicited pull M&%2A messae (i.e. upon a successful interity chec# the 2 shallinitiate an M"% re?uest with the specified %ey Group). dditionally- in this case- the 2 shall not create a M&%2A

ac#nowledement messae.

'OT2D This procedure uarantees that the 2 contacts the 0M:"1 with the last 0:T&8- such that the 2 nowreceives a M&%2A push messae with the last enerated M%. The interity of the initial pushed M&%2Amessae can be verified at the 2 with the M%:&8 that is #nown as the last successfully used 0M:"1M%:&8.

6.3.2.3.2 V!id

6.3.2.4


27/69

Rhen the 0M:"1 has processed the re?uest messae- it shall include a list of correspondin status codes in the =TTPresponse messae- i.e. a status code for each M0M" ser "ervice &8 or M"% &8:%ey 8omain &8 :pair. The statuscodes are carried in the payload of the =TTP response messae and they use the values as specified in /71 *


28/69

'OT2 3D s the MT% &8 is * bytes lon- this allows to use * ,:bit in the common header shall not be set.

The 2 shall not send an error messae to the 0M:"1 as a result of receivin an MT% messae.

6.3.3.2.1 MT: deli8e$ i* d!*l!ad

&n the download case the M&%2A messae carryin the MT% shall be delivered over the same 75T2 stream as theobject to be downloaded to the 2 (see T" *


29/69

6.3.4.% MT: "!!di*ati!*

The 0M:"1s shall use MT%s in a synchroni!ed way. t a certain point in time the same MT% (identified by the MT%&8 as defined in clause


30/69

6.4.2 M5:EA "!mm!* eade

M"%s shall be carried in M&%2A messaes. The messaes are sent point:to:point between the 0M:"1 and each 2.The messaes use the M% shared between the 0M:"1 and the 2 as the pre:shared secret in M&%2A.

Once the M"% is in place in the 2- the 2 can ma#e use of the MT% messaes sent by the 0M:"1 over M0M"

bearer. The MT% is carried in messaes conformin to the structure defined by M&%2A and use the M"% as the pre:shared secret.

&f the 0M:"1 re?uires an 1% for an M"% #ey update messae this is indicated by settin the >:bit in the M&%2Acommon header. The 2 shall then respond with a M&%2A messae containin the verification payload. &n the case theserver does not receive an 1%- normal reliability constructions can be used- e..- start a timer when the messae is sentand then resend the messae if no 1% is received before the timer epires.

The 1"0 &8 field of M&%2A common header is not used for identification purposes but shall be present in both M"%

messaes and MT% messaes.

'OT2D s the 1"0 &8 field has no meanin within the contet of M0M"- the 0M:"1 is free to assin any valueto 1"0 &8. ssinin random values to 1"0 &8 enhances security as 1"0 &8 is ta#en into account forM&%2A #ey derivations (section 9.,.3 and 9.,.9 of /71 3@3+ IH).

6.4.3 &e'la$ '!te"ti!*

2ach M&%2A messae contains the timestamp field (T") of type *. This means that the contents of the timestamp field

is a 3*:bit counter. The counter shall be increased by one for each M"% messae sent from the 0M:"1 to the 2 evenin case 0M:"1 retransmits a previously sent M"% messae. The counter shall be increased by one for each new MT%messae created in the 0M:"1.

'OT2D The 0M:"1 is allowed to retransmit a previously sent MT% messae for streamin in order to provide ahiher reliability of MT% delivery (cfr section


31/69

The MG>:7 (see clause


32/69

clause :bit in the M&%2A common header is e?ualto ,)- the 2 shall send a verification messae as a response. The verification messae shall be constructed accordin tosection 3., of M&%2A- and shall consist of the followin fieldsD =8/ SS T" SS &8r SS >- where &8r is the &8 of the 2. The

&8 Type field of &8r payload shall be set to value + (Q'&). The 1" &8 map type subfield shall be set to 2mpty map

3GPP

3GPP TS 33#$%& '"##) ($)$*$3$!elease "


33/69

as defined in ,alidity 8ata subfield shall not be present in the %2M1 payload when MT% is transported.

: The use of '55 alorithm in the M1 al field in the %2M1 payload is not allowed.

: The use of '55 alorithm in the 2ncr al field in the %2M1 payload is not allowed.

'OT2D M&%2A:/'8 is not included in MT% messaes since the M&%2A:/'8 sent within M"% deliverymessaes is used for MT% messae processin- cf. clause


34/69

!mm!* :").

3. The "ecurity Policy payload is stored temporarily in the M2 if it was present.

9. The messae is transported to MG>:7 for further processin- cf. clause :7 replies success or failure. &n case of success the temporarily stored "ecurity Policy payload is ta#eninto use. Otherwise it is deleted.


35/69

6.%.2 U#ae ! MU:

Rhen a M% has been installed in the MG>:"- i.e. as a result of a G0 run- it is used as pre:shared secret used toverify the interity of the M"% transport messae and decrypt the M"% carried in the %2M1 payload as described in

/71 3@3+ IH.

6.%.3 MS: '!"e##i*

Rhen the MG>:7 receives the M&%2A messae- the MG>:7 first determines the type of messae by readin the 2T.&f the 2T indicates M"% delivery (clause :7 shall not abort processin of a M&%2A messae when encountered with an etension payload withun#nown type. The content of an un#nown etension payload (ecept for the net payload- type and lenth fields) shall

be treated as an opa?ue object. The M1 computation re?uired for the %2M1 payload shall include any un#nownetension payloads preceedin it.

'OT2D This is because an un#nown etension payload may be specified for M2 use only and it is thereforeJun#nownJ to the MG>:7. "#ippin un#nown payloads durin the payload parsin is a deviation fromrecommended receiver behavior in section ;.3 of /71 3@3+.

The MG>:7 retrieves the M% identified as specified in clause :7 retrieves the M"% with the &8 iven by the 2tensionpayload.

The MG>:7 shall not abort processin of a M&%2A messae when encountered with an etension payload withun#nown type. The content of an un#nown etension payload (ecept for the net payload- type and lenth fields) shallbe treated as an opa?ue object. The M1 computation re?uired for the %2M1 payload shall include any un#nownetension payloads preceedin it.

'OT2 ,D This is because an un#nown etension payload may be specified for M2 use only and it is thereforeJun#nownJ to the MG>:7. "#ippin un#nown payloads durin the payload parsin is a deviation fromrecommended receiver behavior in section ;.3 of /71 3@3+.

&t is assumed that the M0M" service specific data- M"%- M&%2A:/'8 and the se?uence numbers "2l and "2u-

have been stored within a secure storae (MG>:"). M"%- M&%2A:/'8- "2l and "2u were transferred to the

3GPP

3GPP TS 33#$%& '"##) ($)$*$3+!elease "


36/69

MG>:" with the eecution of the M"% update procedures. The initial values of "2l and "2u are determined by theservice provider.

The MG>:7 shall only calculate and deliver the M0M" Traffic %eys (MT%) to the M2 if the ptm:#ey information isdeemed to be fresh.

The MG>:7 shall compare the received "2p- i.e. MT% &8 from the M&%2A messae with the stored "2l and "2u.&f "2p is e?ual to or lower than "2l or "2p is reater than "2u- then the MG>:7 shall indicate a failure to theM2. Otherwise- the MG>:7 shall verify the interity of the M&%2A messae accordin to /71 3@3+ IH. The random

value to use as input to the P/7 function (section 9.,.9 of /713@3+ IH) is the M&%2A:/'8 stored toether with theM"%. &f the verification is unsuccessful- then the MG>:7 will indicate a failure to the M2. &f the verification issuccessful- then the MG>:7 shall update "2l with "2p value and etract the MT% from the messae. The MG>:7then provides the MT% to the M2.

&f M1 verification is successful- the MG>:7 shall update in MG>:" the counter value in the Time "tamp payload

associated with the correspondin M"% &8.

'OT2 *D &t is advised for the implementers of MG>:" (either on the &11 or M2) to eercise caution whenimplementin memory manaement for the MT% parameters (e.. MT% &8 field). 2.. on the &11- thefile 27M"%containin the M"%K&8s and related timestamps is mar#ed as a hih update activity file- but

that miht not be sufficient to avoid potential wear:out of the non:volatile memory- if the networ# uses avery short MT% lifetime (e.. ; seconds). The approach chosen by implementers needs also to ta#e intoaccount the fact that users may roam and use the service in other networ#s than their home networ#.Those networ#s may have a different confiuration.

The M2 shall store the two most recent MT%s used per M0M" streamin or download session. &n particular- if the M2

receives an MT% and already stores two other MT%s for that M0M" streamin or download session- then the 2 shall#eep the newer and delete the older of the two stored MT%s before storin the received MT%. ny MT%s stored inassociation with a particular M0M" streamin or download session should be deleted at the end of that session.

&n the case of streamin- "/TP and "/T1P re?uire a master #ey and a master salt. The MT% is used as a commonmaster #ey for both "/TP and "/T1P- and the salt in the %2M1 payload is used as master salt.

&n case of download service- #ey derivation as defined in section 9.,.3 of M&%2A IH shall be used to deriveauthentication and encryption #eys from MT% in the M2 usin the constants for authentication and encryption #eysdefined in table 9.,.3 of M&%2A IH. s there shall be no 1" field present for download services as specified inclause


37/69

derive the "/TP session #eys as defined in section 9.3 of /71 3B,, ,,H. #ey derivation rate as defined in clause


38/69

&f the chec# is successful- the "/TP module processes the pac#et accordin to the security policy.

&f the "/TP module does not have the MT%- it will re?uest the MT% correspondin to the M%& from the #ey

manaement module. Rhen the #ey manaement module returns a new MT%- the "/TP module will derive newsession #eys from the MT% and process the pac#et. =owever- if the #ey manaement module does not have the M"%indicated by M%&- then it should fetch the M"% usin the methods discussed in the clause *.+ 817 as defined in reference ,;H shall be used.M0M" download data are therefore indicated by minor version ++++++++* in a 817. OM 8/M /ihts Objects arenot utili!ed. &nstead- encryption and authentication #eys are enerated from MT%. 7or interity protection- anOM8/M"inature as specified below is attached inside the optional Mutable 8/M information bo ($mdri$) of the817.

The OM8/M"inature 0o is an etension to OM 8/M >*.+ 817 for use by M0M"- and is defined as followsD

aligned(8) class OMADRMSignature extends Fullbox(odfs, version, flags) !nsigned int(8) SignatureMet"od# $$ Signature Met"od%"ar Signature&'# $$ Actual Signature

SignatureMet"od Field*!++ x-MA%.S-A/ x/

The rane of data for the =M1 calculation shall be accordin to section ;.3 of reference ,;H.

The correct MT% for decryptin and verifyin the interity of the download data is indicated by the %ey&8 in theOM01"T%ey&nfo0o $ob#i$ included in the 2tended=eadersfield in the OM8/M1ommon=eaders bo (cf.OM 8/M 0" *9H). The use of the $ob#i$ bo by M0M" is as followsD

: %ey&ssuerPresent set to , if %ey&ssuer/5 is provided (the 817 /ihts&ssuer/5 field is not used)

: "T%MPresent set to + (no "T%M stored in file)

: T0%Present set to + (no Terminal0indin%ey used)

3GPP

3GPP TS 33#$%& '"##) ($)$*$3-!elease "


39/69

: T0%&ssuer/5Present set to + (no T0%&ssuer/5 present)

: %ey&8Type set to ++* (reserved by OM 01"T for 3GPP M0M"- identifies the %ey&8 for M0M" usae.

%ey&8 is the base*.+ 817 ,;HD

: 7ied 817 headerE

: Mutable 8/M information 0oE

: OM 8/M 1ontainer 0o.

3GPP

3GPP TS 33#$%& '"##) ($)$*$3"!elease "


40/69

**e (i*!mati8e)Tu#t m!del

The followin trust relationship between the roles that are participatin in M0M" services are proposedD

: the user trusts the home networ# operator to provide the M0M" service accordin to the service level

areementE

: the user trusts the networ# operator after mutual authenticationE

: the networ# trusts an authenticated user usin interity protection and encryption at /' levelE

: the networ# may have trust or no trust in a content provider.

The home networ# and visited networ# trust each other when a roamin areement is defined- in the case the user isroamin in a >P5M'.

3GPP

3GPP TS 33#$%& '"##) ($)$*$%)!elease "


41/69

**e (i*!mati8e)Se"uit$ teat#

.1 Teat# a##!"iated it atta"@# !* te adi! i*tea"e

The threats associated with attac#s on the radio interface are split into the followin cateories- which are described inthe followin clausesD

: unauthori!ed access to M0M" ser "ervice dataE

: threats to interityE

: denial of serviceE

: unauthori!ed access to M0M" ser "ervicesE

: privacy violation.

The attac#s on the M0M" service announcements to the users on the radio interface are not discussed here because incase these are transferred on a point:to:point connection (e.. P" sinallin connection)- they are already secured. &ncase the service announcement is transferred over =TTP- it is protected by =TTP 8iest as defined in the currentspecification andFor it may be interity protected and optionally encrypted at the /' level. &n case the serviceannouncements are sent over M0M" bearer- it is impractical to protect them.

.1.1 U*aut!i#ed a""e## t! MMS U#e Se8i"e data

A7D &ntruders may eavesdrop M0M" ser "ervice data on the air:interface.

A8D sers that have not joined and activated a M0M" ser "ervice receivin that service without beinchared.

A9D sers that have joined and then left a M0M" ser "ervice continuin to receive the M0M" ser "ervicewithout bein chared.

AD >alid subscribers may derive decryption #eys (MT%) and distribute them to unauthori!ed parties.

'OT2D &t is assumed that the leitimate end user has a motivation to defeat the system and distribute the shared

#eys (M"%- MT%) that are a necessary feature of any broadcast security scheme.

.1.2 Teat# t! i*teit$

B7D Modifications and replay of messaes in a way to fool the user of the content from the actual source- e..replace the actual content with a fa#e one.

.1.3 7e*ial ! #e8i"e atta"@#

C7D Cammin of radio resources. 8eliberate manipulation of the data to disturb the communication.

.1.4 U*aut!i#ed a""e## t! MMS U#e Se8i"e#

D7D n attac#er usin the 3GPP networ# to ain Jfree accessJ of M0M" ser "ervices and other services onanother user$s bill.

D8D n attac#er usin M0M" shared #eys (M"%- MT%) to ain free access to content without any#nowlede of the service provider.

3GPP

3GPP TS 33#$%& '"##) ($)$*$%!elease "


42/69

'OT2D &t cannot be assumed that #eys held in a terminal are secure. 'o matter how the shared #eys (M"%-MT%) are delivered to the terminal- we have to assume they can be derived in an attac#. 7or eample- theshared #eys- while secure in the &11- may be passed over an insecure &11:M2 interface.

.1.% Pi8a"$ 8i!lati!*

#7D The user identity could be eposed to the content provider- in the case the content provider is located inthe 3GPP networ#- and then lin#ed to the content.

.2 Teat# a##!"iated it atta"@# !* !te 'at# ! te#$#tem

The threats associated with attac#s on other parts of the system are split into the followin cateories- which aredescribed in the followin clausesD

: unauthori!ed access to dataE

: threats to interityE

: denial of serviceE

: a malicious 2 eneratin MT%s for malicious use later onE

: unauthori!ed insertion of M0M" user data and #ey manaement data.

.2.1 U*aut!i#ed a""e## t! data

&7D &t is assumed that the 0M:"1 and the GG"' are located in the same networ#. The 0M:"1 can thouh belocated in a different place than the GG"'- and therefore can open up for intruders who may eavesdropthe interface Gi and Gmb between the 0M:"1 and GG"'.

&8D &ntruders may eavesdrop the interface between the content provider and the 0M:"1.

.2.2 Teat# t! i*teit$

+7D &t is assumed that the 0M:"1 and the GG"' are located in the same networ#. The 0M:"1 can thouh belocated in a different place than the GG"'- and therefore can open up for new attac#s on the interfaces Giand Gmb between the 0M:"1 and GG"'.

+8: The interface between the content provider and the 0M:"1 may open up for attac#s as modifications of

multimedia content.

.2.3 7e*ial ! #e8i"e

,7D 8eliberated manipulation of the data between the 0M:"1 X:Y 1ontent Provider to disturb thecommunication.

,8D 8eliberated manipulation of the data between the 0M:"1 X:Y GG"' to disturb the communication.

.2.4 mali"i!u# UE e*eati* MT:# ! mali"i!u# u#e late !*

!7D malicious M2 ?ueryin the MT% eneration function for MT%$s to use them later on in an attac# (e..

in order to use the retrieved MT%s within an unauthori!ed data insertion attac#s ("ee 0.*.;)).

3GPP

3GPP TS 33#$%& '"##) ($)$*$%$!elease "


43/69

.2.% U*aut!i#ed i*#eti!* ! MMS u#e data a*d @e$ma*aeme*t data

07D n M2- which deliberately inserts #ey manaement and malicious data- encrypted with valid (previouslyretrieved) MT% from the MT% eneration function- within the M0M" ser "ervice stream.

08D n M2- which deliberately inserts #ey manaement and malicious data- encrypted with old (usinreplayed #ey manaement messaes) MT%- within the M0M" ser "ervice stream.

09D n attac#er- which deliberately inserts incorrect #ey manaement information within the M0M" ser"ervice stream to cause 8enial of "ervice attac#s.

3GPP

3GPP TS 33#$%& '"##) ($)$*$%3!elease "


44/69

**e (*!mati8e)MMS #e"uit$ e?uieme*t#

.1 &e?uieme*t# !* #e"uit$ #e8i"e a""e##

.1.1 &e?uieme*t# !* #e"ue #e8i"e a""e##

/,aD valid "&M or "&M shall be re?uired to access M0M" ser "ervices.

/,bD &t shall be possible to prevent intruders from obtainin unauthori!ed access of M0M" ser "ervices by

mas?ueradin as authori!ed users.

.1.2 &e?uieme*t# !* #e"ue #e8i"e '!8i#i!*

/*aD &t shall be possible for the networ# (i.e. 0M:"1) to authenticate users at the start of- and durin- servicedelivery to prevent intruders from obtainin unauthori!ed access to M0M" ser "ervices.

/*bD &t shall be possible to prevent the use of a particular "&M or "&M to access M0M" ser "ervices.

=TE ! #e"uit$ e?uieme*t# #all be 'la"ed !* te UE tat e?uie# UE t! be "u#t!mi#ed t! a'ati"ula "u#t!me 'i! t! te '!i*t ! #ale.

.2 &e?uieme*t# !* MMS Ta*#'!t Se8i"e #i*alli*

'!te"ti!*/3aD &t shall be possible to protect aainst unauthori!ed modification- insertion- replay or deletion of M0M"

transport service sinallin on the Gmb reference point.

'OT2 ,D This re?uirement may be fulfilled by physical or proprietary security measures if the Gmb protocolendpoints (i.e. GG"'- Gmb:Proy and 0M:"1) are located within the same security domain of theoperatorUs networ#. Otherwise the security mechanisms as specified within T" 33.*,+ ,9H shall be

applied.

/3bD nauthori!ed modification- insertion- replay or deletion of all M0M" Transport "ervice sinallin- on the/' shall be prevented when the /' selects a point:to:multipoint (ptm) lin# for the distribution ofM0M" data to the 2.

'OT2 *D T/'F2:T/' bearer sinallin interity protection will not be provided for point to multipointM0M" sinallin and G2/' has no bearer sinallin interity protection- even for point to pointsinallin.

.3 &e?uieme*t# !* Pi8a"$

/9aD The ser identity should not be eposed to the content provider or lin#ed to the content in the case the1ontent Provider is located outside the 3GPP operator$s networ#.

/9bD M0M" identity and control information shall not be eposed when the /' selects a point:to:multipointlin# for the distribution of M0M" data to the 2.

'OT2D T/'- 2:T/' and G2/' bearer confidentiality protection will be not be provided for point tomultipoint M0M" sessions.

3GPP

3GPP TS 33#$%& '"##) ($)$*$%%!elease "


45/69

.4 &e?uieme*t# !* MMS :e$ Ma*aeme*t

/;aD The transfer of the M0M" #eys between the M0M" #ey enerator and the 2 shall be confidentialityprotected.

/;bD The transfer of the M0M" #eys between the M0M" #ey enerator and the 2 shall be interityprotected.

/;cD The 2 and M0M" #ey enerator shall support the operator to perform re:#eyin as fre?uently as itbelieves necessary to ensure thatD

: users that have joined an M0M" ser "ervice- but then left- shall not ain further access to theM0M" ser "ervice without bein chared appropriately

: users joinin an M0M" ser "ervice shall not ain access to data from previous transmissions in the

M0M" ser "ervice without havin been chared appropriately

: the effect of subscribed users distributin decryption #eys to non:subscribed users shall becontrollable.

/;dD Only authori!ed users that have joined an M0M" ser "ervice shall be able to receive M0M" #eysdelivered from the M0M" #ey enerator.

/;eD The M0M" #eys shall not allow the 0M:"1 to infer any information about used 2:#eys at radio level(i.e. if they would be derived from it).

/;fD ll #eys used for the M0M" ser "ervice shall be uni?uely identifiable. The identity may be used by the2 to retrieve the actual #ey (based on identity match- and mismatch reconition) when an update wasmissed or was erroneousFincomplete.

/;D The 0M:"1 shall be aware of where all M0M" specific #eys are stored in the 2 (i.e. M2 or &11).

/;hD The function of providin MT% to the M2 shall only deliver a MT% to the M2 if the input values used

for obtainin the MT% were fresh (have not been replayed) and came from a trusted source.

.% &e?uieme*t# !* i*teit$ '!te"ti!* ! MMS U#eSe8i"e data

/


46/69


47/69


48/69

3&11 M2

B( rocedure *.! traffic ode)

M&%2A

B( rocedure response

MT% SS "alt (if available)F 7ailure

.iure :#30 MT7 Generation and 'alidation

7.4 MS: deleti!* '!"edue

This procedure enables the M2 to control the deletion of M"%s stored on the &11 as described in clause


49/69

**e E (5*!mati8e)M5:EA eatue# *!t u#ed i* MMS

: n M0M" capable M2F&11 and 0M:"1 do not need to implement the public #ey encryption method ofM&%2A (section 3.* of /71 3@3+ IH) and related payloads- althouh mentioned in /71 3@3+ IH as mandatoryfor implementation.

: n M0M" capable M2F&11 and 0M:"1 do not need to implement the Time "tamp payload types 'TP:T1and 'TP of M&%2A (section


50/69

**e + (*!mati8e)M&: @e$ dei8ati!* ! ME ba#ed MMS @e$ ma*aeme*t

The M/% shall be derived from the #ey %sK'7 or %sKetK'7 usin the G0 #ey derivation function (see nne 0of T" 33.**+


51/69

**e G (*!mati8e)


52/69

: the =TTP payload shall contain a list includin one status code for each M0M" ser "ervice.

The 0M:"1 shall send the =TTP response to the 2. The 2 shall chec# that the =TTP response is valid.

G.2.2 MMS U#e Se8i"e 7eei#tati!*

The 2 shall enerate a re?uest for M0M" ser "ervice 8ereistration accordin to clause


53/69

: the =TTP header 1ontent:Type shall be the M&M2 type of the payload- i.e.. JapplicationFmbms:ms#WmlJ. TheM5 schema of the payload is specified in T" *


54/69

Ta5le G#$#%*0 TTP Status 4odes used for 6ey manaement errors

TTP Status4ode

TTP 1rror 21 shouldrepeat the

reuest

:escription BM*S4 error

400 ad &e?ue#t ! &e?ue#t "!uld *!t beu*de#t!!d

&e?ue#t a# mi##i*, !mal!med

401 U*aut!i;ed

Ae# &e?ue#t e?uie# aute*ti"ati!*(". "lau#e 6.2)

ute*ti"ati!* 'e*di*,(". "lau#e 6.2)

402 Pa$me*t&e?uied

! &e#e8ed ! utue u#e -

403 +!bidde* ! M-S u*de#t!!d te e?ue#t,but i# eu#i* t! ulil it

Te e?ue#t a# 8alid, but#ub#"ibe i# *!t all!ed t!ei#te t! ti# 'ati"ula MMSU#e Se8i"e ! UE e?ue#tedMS: ! a MMS U#e Se8i"eee it a# *!t ei#teed !e?ue#t "!*tai*ed u*a""e'table'aamete#

404 !t +!u*d ! M-S a# *!t !u*d a*$ti*mat"i* te &e?ue#t-U&5

Te &e?ue#t-U&5 a# mal!meda*d M-S "a**!t ulil te

e?ue#t40% Met!d *!tall!ed

! Te met!d #'e"iied i* te&e?ue#t-Li*e i# *!t all!ed !te e#!u"e ide*tiied b$ te&e?ue#t-U&5.

406 t! 41 ! !t u#ed b$ M-S -%00 5*te*al

Se8e E!! !t u#ed b$ M-S -

%01 !t5m'leme*ted

! M-S d!e# *!t #u''!t tee?ue#ted u*"ti!*alit$

Te #e8e d!e# *!t "!*tai*'ati"ula M-S #e8i"ee?ue#ted

%02 adGatea$

! !t u#ed b$ M-S -

%03 Se8i"eU*a8ailable

Ae# M-S #e8i"e i# "ue*tl$u*a8ailable

M-S i# tem'!ail$ u*a8ailable,UE ma$ e'eat te e?ue#t ate

dela$ i*di"ated b$ H&et$-teHeade

%04 Gatea$Time!ut

! Te #e8e, ile a"ti* a# aatea$ ! '!$, did *!te"ei8e a timel$ e#'!*#e !mte u'#team #e8e

Te M-S did *!t et e#'!*#e!8e I* i*tea"e.

%0%


55/69

**e < (i*!mati8e)Si*alli* l!# ! MS: '!"edue#


56/69

Ta5le #$#*0 MS7 reuest (21 to BM*S4

0OS1 $2e34anage4ent5re6uestt37e4s2.re6uest -110$/9/-ost b4sc9"o4e/9net/:;

'equest"'!: The /e?uest:/& (the /& that follows the method name- JPO"TJ- in the first line) indicates the

resource of this PO"T re?uest. The /e?uest:/& contains the parameter Jre?uesttypeJ which is setto Jms#:re?uestJ to indicate to the 0M:"1 the desired re?uest type- i.e. 2 re?uests for one orseveral M"%s.

,ost: "pecifies the &nternet host and port number of the 0M:"1- obtained from the oriinal /& iven

by referrin resource.

Content"Ty/e: 1ontains the media type JapplicationFmbms:ms#WmlJ- i.e. M"% re?uest.

Content"1en*th: &ndicates the si!e of the entity:body- in decimal number of O1T2Ts- sent to the recipient.

ser"A*ent: 1ontains information about the user aent oriinatin the re?uest and it shall include the staticstrin J3pp:baJ to indicate to the application server (i.e. '7) that the 2 supports 3GPP:bootstrappin based authentication.

Date: /epresents the date and time at which the messae was oriinated.

Acce/t: Media types which are acceptable for the response.

'eferrer: llows the user aent to specify the address (/&) of the resource from which the /& for the

0M:"1 was obtained.

'OT2 ,D This step is used to trier the G0:based authentication between the 2 and the 0M:"1.

*. ;7 nauthori


57/69

3. +eneration of 2A& s/ecific eys at #

The 2 verifies that the second part of the realm attribute does correspond to the server it is tal#in to.

2 derives the '7 specific #ey material as specified in T" 33.**+ MSAgent# Release.? ;g77.gbaDate 1"u, 8 @an :< /; BM1Acce7t C$CReferer "tt7$$b4sc9"o4e/9net/:;


58/69

&f the verification succeeds- the incomin client:payload re?uest is ta#en in for further processin. The 0M:"1 continues processin of the M"% re?uest accordin to its internal policies. The 0M:"1 verifies that thesubscriber is allowed to receive the particular M"%(s) indicated in the M"% re?uest.

B. 'es/onse indicatin* success (BM"SC to #): see eample in table =.*.,:;

The 0M:"1 sends *++ O% response to the 2 to indicate the success of the authentication and the M"%re?uest. The 0M:"1 enerates a =TTP response. The 0M:"1 can use #ey M/% derived from '7 #eymaterial to interity protect and authenticate the response.

'OT2 ;D The re?uested M"% #eys are not delivered within the M"% re?uest procedure. They are delivered with aseparate M&%2A procedure- see clause +O>

Authentication"!nfo: This carries the protection.

#x/ires: Gives the dateFtime after which the response is considered stale.

@. Authentication at #

The 2 receives the response and verifies the uthentication:&nfo header. &f the verification succeeds- the 2can reard the M"% re?uest procedure as successful.

3GPP

3GPP TS 33#$%& '"##) ($)$*$+-!elease "


59/69

**e 5 (i*!mati8e)Eam'le ! u#i* MS:# a*d MT:# i* MMS

The followin table shows an eample of two M0M" ser "ervices- sports Mobile T> channel and news Mobile T>channel. 0oth of the M0M" ser "ervices include an M0M" ser "ervice "ession that downloads a jo#e per day. Thetable shows how the M0M" ser "ervices are bro#en down into /TP sessions (each includin the data stream with

related /T1P) and 75T2 channels.

The table shows how M"%s and MT%s belonin to different %ey Groups are used to protect the /TP sessions and75T2 channels. &t should be noted that the M0M" download session is shared with ser "ervices , and * so theseM0M" ser "ervices need to be able to share M"%s in %ey Group 1.

7urthermore the table shows how traffic could be carried over M0M" bearers- but this is not a security issue and is onlyshown here for completeness.

Ta5le #0 1


60/69

**e (i*!mati8e)Ma''i* te MMS #e"uit$ e?uieme*t# i*t! #e"uit$

u*"ti!*# a*d me"a*i#m.1 !*#i#te*"$ "e"@

.1.1 &e?uieme*t# !* #e"ue #e8i"e a""e##

Security reuirement 4hec6 result

&1a 8alid US5M ! S5M #all be e?uied t! a""e## MMSU#e Se8i"e#.

Ti# i# '!8ided b$ G.:#(eti*t)+ e*eati!*e?uie# a 8alid US5M ! S5M.

&1b 5t #all be '!##ible t! 'e8e*t i*tude# !m !btai*i*u*aut!i;ed a""e## ! MMS U#e Se8i"e# b$

ma#?ueadi* a# aut!i;ed u#e#.

G a*d


61/69

.1.3 &e?uieme*t# !* Pi8a"$


&4a Te U#e ide*tit$ #!uld *!t be e'!#ed t! te "!*te*t'!8ide ! li*@ed t! te "!*te*t i* te "a#e te !*te*tP!8ide i# l!"ated !ut#ide te 3GPP !'eat!N# *et!@.

Te "!*te*t '!8ide @*!# !*l$te M-S.

&4b MMS ide*tit$ a*d "!*t!l i*!mati!* #all *!t be e'!#ede* te & #ele"t# a '!i*t-t!-multi'!i*t li*@ ! tedi#tibuti!* ! MMS data t! te UE.

Su" ide*tit$ a*d "!*t!li*!mati!* "!uld be- Te ide*titie# ! te "!*te*t

'!8ide#- 5*!mati!* !* i" "!*te*t

'!8ide# a8e te m!#t"u#t!me#

- Te ide*titie# ! te "!*te*te"i'ie*t# i* te "a#e !multi"a#t #e8i"e# t! #mall!u'# ! u#e#

5*!mati!* i" "!uld be u#ed t!ide*ti$ #'e"ii" u#e# i# *!te'!#ed !* te '!i*t-t!-multi'!i*t

"a**el.

u#e# K!i*i* a* MMS U#e Se8i"e #all *!t ai* a""e## t! data!m 'e8i!u# ta*#mi##i!*# i* te MMS U#e Se8i"eit!ut a8i* bee* "aed a''!'iatel$

te ee"t ! #ub#"ibed u#e# di#tibuti* de"$'ti!* @e$# t! *!*-#ub#"ibed u#e# #all be "!*t!llable.

Su''!ted b$ e-@e$i*u*"ti!*alit$.

/;dD Only authori!ed users that have joined an M0M" ser "ervice

shall be able to receive M0M" #eys delivered from the M0M" #eyenerator.

MS:# ae deli8eed !*l$ t!aut!i;ed u#e# a*d te deli8e$ i#'!te"ted u#i* MU: le8el @e$#.

3GPP

3GPP TS 33#$%& '"##) ($)$*$&!elease "


62/69

&%e Te MMS @e$# #all *!t all! te M-S t! i*e a*$i*!mati!* ab!ut u#ed UE-@e$# at adi! le8el (i.e. i te$!uld be dei8ed !m it).

Te #ame : a*d 5: ae *!t u#edi* G a*d adi! le8el. 5* additi!*,:#(eti*t)+ e*eati!* u#e#a !*e-a$ u*"ti!*.

&% ll @e$# u#ed ! te MMS U#e Se8i"e #all be u*i?uel$ide*tiiable. Te ide*tit$ ma$ be u#ed b$ te UE t! etie8ete a"tual @e$ (ba#ed !* ide*tit$ mat", a*d mi#mat"

e"!*iti!*) e* a* u'date a# mi##ed ! a#e!*e!u#i*"!m'lete

MU: i# ide*tiied b$ te"!mbi*ati!* ! -T57 a*d +-57it!ut te Ua #e"uit$ '!t!"!l

ide*tiie, a*d te M&: i# dei*edb$ -T57MS: i# u*i?uel$ ide*tiiable b$ it#:e$ 7!mai* 57 a*d MS: 57MT: i# u*i?uel$ ide*tiiable b$ it#:e$ 7!mai* 57, MS: 57 a*d MT:57

&% Te M-S #all be aae ! ee all MMS #'e"ii" @e$#ae #t!ed i* te UE (i.e. ME ! U5).

Te M-S @*!# ete:#i*t+ / :#et+ !:#+ a# e*eated.

&% Te u*"ti!* ! '!8idi* MT: t! te ME #all !*l$ deli8e aMT: t! te ME i te i*'ut 8alue# u#ed ! !btai*i* teMT: ee e# (a8e *!t bee* e'la$ed) a*d "ame !m atu#ted #!u"e.

+e#*e## i# "e"@ed b$ MGV-+.

.1.% &e?uieme*t# !* i*teit$ '!te"ti!* ! MMS U#e Se8i"e data


&6a 5t #all be '!##ible t! '!te"t aai*#t u*aut!i;edm!dii"ati!*, i*#eti!*, e'la$ ! deleti!* ! MMS U#eSe8i"e data #e*t t! te UE !* te adi! i*tea"e. Te u#e! i*teit$ #all be !'ti!*al.

Ti# i# '!8ided at te a''li"ati!*la$e u#i* S&TP ! =M 7&M7+.

&6b Te MMS U#e Se8i"e data ma$ be i*teit$ '!te"tedit a "!mm!* i*teit$ @e$, i" #all be a8ailable t! allu#e# tat a8e K!i*ed te MMS U#e Se8i"e.


&6" 5t ma$ be e?uied t! i*teit$ '!te"t te HM-S - GGSHi*tea"e i.e. eee*"e '!i*t Gi.

Ti# "a* be '!8ided b$ 7S5P.

.1.6 &e?uieme*t# !* "!*ide*tialit$ '!te"ti!* ! MMS U#e Se8i"e data


&a 5t #all be '!##ible t! '!te"t te "!*ide*tialit$ ! MMSU#e Se8i"e data !* te adi! i*tea"e.


&b Te MMS U#e Se8i"e data ma$ be e*"$'ted it"!mm!* e*"$'ti!* @e$#, i" #all be a8ailable t! allu#e# tat a8e K!i*ed te MMS U#e Se8i"e


&" 5t ma$ be e?uied t! e*"$'t te MMS U#e Se8i"e data!* te HM-S - GGSH i*tea"e, i.e. te eee*"e '!i*t#

Gi.

Ti# "a* be '!8ided b$ 7S5P.

&d 5t #all be i*ea#ible ! a ma*-i*-te-middle t! bid d!* te"!*ide*tialit$ '!te"ti!* u#ed !* '!te"t te MMS U#eSe8i"e !m te M-S t! te UE.

Te M-S de"ide# ab!ut te#e"uit$ le8el. Tee i# *! #e"uit$a##!"iati!* *e!tiati!* betee*te UE a*d te M-S.

&e 5t #all be i*ea#ible ! a* ea8e#d!''e t! bea@ te"!*ide*tialit$ '!te"ti!* ! te MMS U#e Se8i"e e* iti# a''lied.


3GPP

3GPP TS 33#$%& '"##) ($)$*$&$!elease "


63/69


64/69

**e : (5*!mati8e)S&TP eatue# *!t u#ed i* MMS

: n M0M" capable M2 and 0M:"1 do not need to implement an "/TP #ey derivation rate different from !ero.

3GPP

3GPP TS 33#$%& '"##) ($)$*$&%!elease "


65/69

**e L (!mati8e)Multi"a#ti* MMS u#e data !* 5ub

T" *;.939 *BH specifies the possibility to use &P multicast *;H- *


66/69

**e M (i*!mati8e)&elati!* t! 5MS ba#ed MMS u#e #e8i"e#

"ecurity procedures for &M" based M0M" ser "ervices are specified in T" *


67/69


68/69

200%-03 SP2 SP-0%0143 0%3 - &em!8i* 57i !m MT: me##ae 6.1.0 6.2.0

200%-03 SP2 SP-0%0143 0%4 2 MMS d!*l!ad '!te"ti!* detail# 6.1.0 6.2.0

200%-03 SP2 SP-0%0143 0%% 1 &em!8al ! Edit!# *!te# 6.1.0 6.2.0

200%-03 SP2 SP-0%0143 0%6 - P!te"ti!* ! MMS Se8i"e **!u*"eme*t#e*t !8e MMS beae

6.1.0 6.2.0

200%-03 SP2 SP-0%0143 0% - 5*t!du"ti!* ! mi##i* abbe8iati!*#, #$mb!l#a*d dei*iti!*#

6.1.0 6.2.0

200%-06 SP-2J SP-0%0266 0%J 1 M:5 a*d aute*ti"ati!* ta le*t i* U#eSe8i"e 7e#"i'ti!* 6.2.0 6.3.0 MMS

200%-06 SP-2J SP-0%0266 0%9 1 laii"ati!* ! :e$ d!mai* 57 i* #e8i"ea**!u*"eme*t

6.2.0 6.3.0 MMS

200%-06 SP-2J SP-0%0266 060 1 + :e$ u#ae "laii"ati!* 6.2.0 6.3.0 MMS

200%-06 SP-2J SP-0%0266 061 1 =mitted MT: U'date E! Me##ae 6.2.0 6.3.0 MMS

200%-06 SP-2J SP-0%0266 062 1 7 Edit!ial "!e"ti!*# t! TS 33.246 6.2.0 6.3.0 MMS

200%-06 SP-2J SP-0%0266 063 1 laii"ati!*# !* MMS @e$ ma*aeme*t 6.2.0 6.3.0 MMS

200%-06 SP-2J SP-0%0266 064 1 + U#e ! 5MP5 i* MMS 6.2.0 6.3.0 MMS

200%-06 SP-2J SP-0%0266 06% - + laii"ati!* !* S 57 a*d SP 'a$l!ad u#e 6.2.0 6.3.0 MMS

200%-06 SP-2J SP-0%0266 066 - + M5ME t$'e adKu#tme*t# a""!di* t! LS S3-0%0192

6.2.0 6.3.0 MMS

200%-06 SP-2J SP-0%0266 06 - + &e#ult# ! ma''i* te MMS #e"uit$e?uieme*t# i*t! #e"uit$ u*"ti!*# a*dme"a*i#m#

6.2.0 6.3.0 MMS

200%-09 SP-29 SP-0%0%4J 006J - + lai$ +E a*dli* 6.3.0 6.4.0 MMS

200%-09 SP-29 SP-0%0%4J 0069 - + laii"ati!* t! UE a*dli* at e"e'ti!* !#e8i"e a**!u*"eme*t de#"i'ti!*

6.3.0 6.4.0 MMS

200%-09 SP-29 SP-0%0%4J 000 - + a"@-! 'aamete bi*di* #"!'e 6.3.0 6.4.0 MMS

200%-09 SP-29 SP-0%0%4J 001 - + 57# a*d e*"!di* ! M5:EA me##ae# 6.3.0 6.4.0 MMS

200%-09 SP-29 SP-0%0%4J 002 - + M!8i* te EDT 'a$l!ad 6.3.0 6.4.0 MMS

200%-09 SP-29 SP-0%0%4J 003 - +


69/69

2006-12 SP-34 SP-06099 0113 1 MT: #t!ae ule# !* UE# .1.0 .2.0 MMS

200-03 SP-3% SP-0014J 0116 1 ll! te M-S t! e#e*t MT: me##ae#it!ut TS i*"eme*tati!*

.2.0 .3.0 MMSE

200-03 SP-3% SP-0014J 011 1 + laii"ati!* !* te u#e ! te "!*#ta*t & .2.0 .3.0 MMSE

200-03 SP-3% SP-0014J 011J 1 + laii"ati!* ! MS: me##ae #tu"tue .2.0 .3.0 MMSE

200-03 SP-3% SP-0014J 0119 1 + laii"ati!* ! MT: me##ae #tu"tue .2.0 .3.0 MMSE

200-03 SP-3% SP-00142 0121 1 M!dii"ati!* t! ule# ! MS: a*d MT:

ma*aeme*t !* te UE

.2.0 .3.0 MMS

200-03 SP-3% SP-00143 0122 1 +7T '!te"ti!* .2.0 .3.0 MMS

200-06 SP-36 SP-00334 0126 - Ma*dati* te #u''!t ! M5:EA-&7 le*t! 12J bit

.3.0 .4.0 MMS

200-06 SP-36 SP-00334 012J - ddi* mi##i* e?uieme*t# ab!ut P7P"!*tet a*d 5P adde## a*dli* ! 't' @e$ma*aeme*t

.3.0 .4.0 MMS

200-06 SP-36 SP-00334 0130 - ddi* a mi##i* i*te!@i* #"e*ai! .3.0 .4.0 MMS

200-06 SP-36 SP-00334 0132 - +ied "#id ! M5:EA P&+ i* "a#e !d!*l!ad @e$ dei8ati!*

.3.0 .4.0 MMS

200-06 SP-36 SP-00334 0133 1 + !e"t te SLT @e$ e*eati!* dui* MS:'!"e##i*

.3.0 .4.0 MMS

200-06 SP-36 SP-00334 013 1 G + :e$ a8ailabilit$ i* te U5 .3.0 .4.0 MMS

200-09 SP-3 SP-00%9 0141 1 !e"t te e*"!di* ! MMS @e$ma*aeme*t '!"edue#

.4.0 .%.0 MMS

200-09 SP-3 SP-00%9 0143 - !e"ti!* ! 7&M !*te*t +!mat u#ae .4.0 .%.0 MMS

200-12 SP-3J SP-0091 0144 - + U#ae ! TE: a*d TG: i* MMS .%.0 .6.0 MMS

200J-03 SP-39 SP-0J0149 014 1 + laii"ati!* ! u#ae ! S&TP i* MMS .6.0 J.0.0 MMS

200J-06 SP-40 SP-0J0266 0146 2 P!te"ti!* ! 5ub e* multi"a#ti* MMSu#e data

J.0.0 J.1.0 MMS

200J-06 SP-40 SP-0J0266 014J 1 + laii"ati!* ! UE 5P adde## i* MMS J.0.0 J.1.0 MMS

200J-06 SP-40 SP-0J0266 0149 1 + 5P "!**e"ti8it$ ! te UE i* MMS J.0.0 J.1.0 MMS

200J-12 SP-42 SP-0J04J 01%1 1 + laii"ati!* ! MMS aut!i;ati!* J.1.0 J.2.0 TE5J

2009-03 SP-43 SP-090139 01%0 2 + E*"!di* ! ide*titie# a# 5# J.2.0 J.3.0 TE5J

2009-06 SP-44 SP-0902% 01%2 - + dd eee*"e t! 5MS ba#ed MMS TS J.3.0 J.4.0 TE5J

2009-06 SP-44 SP-0902% 01%3 - + laii"ati!* ! Se8i"e P!te"ti!* 7e#"i'ti!* J.3.0 J.4.0 TE5J

2009-12 SP-46 SP-090J60 01%4 1 5m'a"t# ! EPS t! MMS #e"uit$ J.4.0 9.0.0 MMS EPS

2012-12 SP-%J SP-120J60 016% 2 + Su''!t ! multi'le M-S# 9.0.0 9.1.0 TE59

2012-12 SP-%J SP-120J60 0169 -- + M5:EA-&7 i* MT: me##ae# 9.0.0 9.1.0 TE59

3GPP TS 33#$%& '"##) ($)$*$&"!elease "

Date post:	03-Jun-2018
Category:	Documents
Upload:	srmanohara
View:	220 times
Download:	0 times

security in multicase

Documents