9 Security and privacy
22.2783GPPService requirements for the Evolved Packet System (EPS)TS
9.1 General
The Evolved Packet System shall provide a high level of security and privacy for users and Evolved Packet System operators.
9.2 Security requirements
The Evolved Packet System shall provide a high level of security, equivalent or better than Rel-7 3GPP systems.
Any possible lapse in security in one access technology shall not compromise security of other accesses.
The Evolved Packet System should provide protection against threats and attacks including those present in the Internet.
The Evolved Packet System shall support information authenticity between the terminal and Evolved Packet Systems.
The Evolved Packet System shall allow for a network to hide of internal network elements from the UE.
Security policy shall be under the control of the home operator.
The security solution should not interfere with service delivery or 3GPP inter-access handovers in a way that is noticeable to end-users or service providers.
Appropriate traffic protection measures should be provided by the Evolved Packet System.
The Evolved Packet System shall provide appropriate mechanisms to enable lawful intercept.
The Evolved Packet System shall ensure that no unauthorized user can obtain a legitimate IP address that can be used to establish communication or enable malicious attacks on evolved system entities.
Release 99 or later Releases’ USIM application on the UICC is required to authenticate a user in an Evolved Packet System and hence allowing the user to get services in the Evolved Packet System according to her/his subscription.
NOTE: The above requirement is applicable when providing access to the EPC via E-UTRAN.
Once authenticated via a 3GPP or Evolved Packet System, the USIM shall not be required to re-authenticate upon changing between these systems, unless specifically requested by the operator (PLMN).
NOTE: It may be possible to use other applications on the UICC in order to provide authentication on the 3GPP or Evolved Packet System (e.g. for connection to IMS). In addition, in case it is desirable to improve the level of security or to add new security mechanisms for accessing the Evolved Packet System compared to the one provided in Rel-7, a revised/upgraded application on the UICC may be required.
9.3 Privacy requirements
The Evolved Packet System shall provide several appropriate levels of user privacy including communication confidentiality, location privacy, and identity protection.
The privacy of the contents, origin, and destination of a particular communication shall be protected from disclosure to unauthorised parties.
The Evolved Packet System shall be able to hide the identities of users from unauthorised third parties.
It shall be possible to provide no disclosure, at any level of granularity, of location, location-related information, e.g. geographic and routing information, or information from which a user’s location can be determined, to unauthorised parties, including another party on a communication.
9.4 ProSe Security, Authorization and Privacy Requirements
The Evolved Packet System shall support the following requirements for ProSe security, authorization and privacy. The requirements listed in this sub-clause exclude GSM and UMTS.
When operating ProSe (in both public safety and general cases), the EPS shall be able to support regional or national regulatory requirements, (e.g. lawful interception, PWS).
When offering ProSe, the EPS shall respect local regulatory frameworks on the use of licensed spectrum.
The EPS shall ensure that the confidentiality and integrity of both user data and network signalling over the ProSe Communication path to a level comparable with that provided by the existing 3GPP system. This requirement applies to any ProSe E-UTRA Communication between two ProSe-enabled UEs, ProSe Group Communication, ProSe Broadcast Communication and ProSe-assisted WLAN direct communication.
A mechanism shall be provided to ensure the confidentiality and integrity of user data and signalling over the ProSe Communication path for Public Safety UEs not served by E-UTRAN.
Existing 3GPP security mechanisms shall be reused whenever possible and appropriate.
The level of security provided by the existing EPS shall not be adversely affected when ProSe is enabled.
The EPS shall protect the confidentiality of the subscriber’s, UE’s, and user’s permanent identities used in the EPS when ProSe Discovery and/or ProSe E-UTRA Communication are used. This requirement applies to any ProSe E-UTRA Communication between two ProSe-enabled UEs, ProSe Group Communication and ProSe Broadcast Communication. The EPS shall have confidentiality features that enable the subscriber’s, UE’s, and user’s permanent identities to be protected when ProSe-assisted WLAN direct communication is used.
The system shall ensure the authenticity of the ProSe Discovery information used by an application that is authorised by the operator and the user.
The EPS shall be able to restrict ProSe Discovery information to the ProSe-enabled UEs and applications that have been authorised by the users and operator.
The permission to be discoverable is given by the user and shall be executed by the EPS, subject to operator control, on a per-application basis.
Authentication shall allow for security-enablement of large groups, regardless of whether group members have discovered each other when being served by E-UTRAN or not.
The operator shall be able to enable or disable its ProSe Discovery feature.
The operator shall be able to authorise discovery operations for each individual ProSe-enabled UE, including by pre-provisioning of the UE.
The operator shall be able to authorise the ability of a ProSe-enabled UE to be discoverable by other ProSe-enabled UEs.
The operator shall be able to authorise the ability of a ProSe-enabled UE to discover other ProSe-enabled UEs.
The operator shall be able to authorise the use of ProSe Discovery information by an application.
Based on user input, a ProSe-enabled UE shall be able to allow the use of ProSe Discovery information by an application.
The network shall be able to authorise a third-party application to use ProSe capability features, by interacting with the ProSe-enabled UE
The operator shall be able to authorise the ability of a ProSe-enabled UE to discover ProSe-enabled UEs served by the E-UTRAN of other PLMNs.
The VPLMN shall be able to turn on or off the ability for all the inbound roamers from a specific PLMN to be discovered using ProSe Discovery.
When a ProSe-enabled UE is roaming in a VPLMN, its HPLMN shall be able to authorise the ProSe-enabled UE to discover and independently be discoverable by other ProSe-enabled UEs via settings which may be different from those for the non-roaming case.
The network shall be able to authorise ProSe Discovery preferences (e.g. discover and/or be discoverable) requested by third-party applications.
The network shall be able to store information of third-party applications necessary for performing security and charging functions.
9.5 Security and Authorization Requirements for Indirect 3GPP Communication
The 3GPP network shall be able to ensure that the end-to-end confidentiality and integrity of data and signalling between an Evolved ProSe Remote UE and 3GPP core network when the Evolved ProSe Remote UE accesses the 3GPP network via an Indirect 3GPP Communication comparable with when the Evolved ProSe Remote UE accesses the 3GPP network via a direct 3GPP communication.
The 3GPP network shall be able to support regional or national regulatory requirements (e.g. lawful interception, PWS) for a UE independently of whether the UE accesses the 3GPP network via a direct 3GPP communication or an Indirect 3GPP Communication.
Based on the HPLMN operator preference, the 3GPP network shall be able to authorize the ability of an Evolved ProSe Remote UE to access the 3GPP network via an Indirect 3GPP Communication.
NOTE: Separate authorization should be possible for home and roaming use.
Based on the HPLMN operator preference, the 3GPP network shall be able to authorize the ability of a UE (Evolved ProSe UE-to-Network Relay) to relay another UE (Evolved ProSe Remote UE), separately for the HPLMN and for roaming in VPLMNs.
9.6 Security and authorization requirements for streaming service
Security measures shall be provided to protect access to streaming service via different RATs or operators, e.g. the network sharing.
The 3GPP system shall be able to authorize the streaming delivery based on a third party services policy.