7 Security and privacy
22.1533GPPMultimedia priority serviceRelease 19TS
7.1 General
Operators support and use a wide range of security tools and capabilities to protect the 3GPP system and all supported application services. It is important that appropriate measures be taken to ensure that the use of these security capabilities does not negatively impact MPS.
Use of security mechanisms (e.g., intrusion detection / prevention systems, deep packet inspection, and encryption) shall not interfere with priority treatment mechanisms supporting authorized MPS usage.
7.2 Access Control
Access to MPS shall be determined based on the subscriber’s profile. A level of authorisation in addition to authorisation to use the IMS is required.
Unauthorized access to MPS shall be prevented.
7.3 Integrity
The 3GPP system shall be capable of providing integrity protection to MPS signalling and media bearers for voice, video, data, and messaging service.
7.4 Confidentiality/Privacy
The 3GPP system shall be capable of providing confidentiality protection to MPS signalling and media bearers for voice, video, and data as appropriate.
The 3GPP system shall be capable of maintaining anonymity of the originating Service User to the terminating party, if requested by the originating Service User.
7.5 Use of Encryption
If encryption is used on MPS communication, priority information shall be accessible to all network elements which have to understand and process that priority information.
7.6 Attestation of Authorized MPS Priority
A 3GPP system receiving a session with MPS priority from another network needs to verify that the session is authorized for MPS priority.
The originating 3GPP system shall provide a means to securely attest to MPS authorization for the session.
The 3GPP system shall provide a means to securely verify the attestation of MPS authorization received from the originating network for the session.