3 Definitions, symbols and abbreviations
33.2033G Security3GPPAccess security for IP-based servicesTS
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply.
Authenticated (re-) registration: A registration i.e. a SIP register is sent towards the Home Network which will trigger a authentication of the IMS subscriber i.e. a challenge is generated and sent to the UE.
Authentication vector: A quintet (as defined in TS 33.102 [1]) or an SD-AV.
Confidentiality: The property that information is not made available or disclosed to unauthorised individuals, entities or processes.
Data integrity: The property that data has not been altered in an unauthorised manner.
Data origin authentication: The corroboration that the source of data received is as claimed.
Entity authentication: The provision of assurance of the claimed identity of an entity.
Key freshness: A key is fresh if it can be guaranteed to be new, as opposed to an old key being reused through actions of either an adversary or authorised party.
IMS Credentials (IMC): This is defined in TS 21.905 [7].
ISIM – IM Subscriber Identity Module: For the purposes of the present document the ISIM is a term that indicates the collection of IMS security data and functions on a UICC. The ISIM may be a distinct application on the UICC.
NOTE: The distinction between the terms “ISIM” and “ISIM application” is useful for the purpose of describing the IMS security architecture. However, in other 3GPP specifications these terms are used as synonyms, i.e. the term “ISIM” always refers to the ISIM application in the UICC, as defined in TS 31.103 [51].
Security Domain: Networks that are managed by a single administrative authority. Within a security domain the same level of security and usage of security services will be typical.
SIP Digest authentication vector (SD-AV) : Temporary authentication data that enables the IMS network to engage in SIP Digest with a particular user. An SD-AV consists of four elements: a) protection space user hint realm, b) the authentication algorithm, c) the quality of protection value qop and d) the hash of IMPI, realm and password H(A1).
3.2 Symbols
For the purposes of the present document, the following symbols apply:
Cx Reference point between a CSCF and an HSS.
Gi Reference point between GPRS and an external packet data network
Gm Reference point between a UE and a P‑CSCF
Za Reference point between SEGs belonging to different networks/security domains
Zb Reference point between SEGs and NEs or between NEs within the same network/security domain
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply, TS 21.905 [7] contains additional applicable abbreviations:
AAA Authentication Authorisation Accounting
AKA Authentication and Key Agreement
APN Access Point Name
AS Application Server
AV Authentication Vector
CLF Connectivity Session and Repository Location Function
CSCF Call Session Control Function
ESP Encapsulating Security Payload
GIBA GPRS-IMS-Bundled Authentication
GGSN Gateway GPRS Support Node
HN Home Network
HSS Home Subscriber Server
IBCF Interconnection Border Control Function
I-CSCF Interrogating CSCF
IKE Internet Key Exchange
IM IP Multimedia
IMC IM Credentials
IMPI IM Private Identity
IMPU IM Public Identity
IMS IP Multimedia Core Network Subsystem
IPsec Internet Protocol Security
ISIM IM Services Identity Module
MAC Message Authentication Code
ME Mobile Equipment
NAPT Network Address and Port Translation
NASS Network Access Sub-S ystem
NAT Network Address Translation
NDS Network Domain Security
P-CSCF Proxy-CSCF
R-UIM Removable User Identity Module
S-CSCF Serving-CSCF
SA Security Association
SEG Security Gateway
SD-AV SIP Digest Authentication Vector
SDP Session Description Protocol
SIP Session Initiation Protocol
TLS Transport Layer Security
TNA Trusted Node Authentication
UA User Agent