O.1 TLS

33.2033G Security3GPPAccess security for IP-based servicesTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

O.1.1 TLS Access Security

TLS access security and the requirements in this Annex shall not apply to access networks defined in 3GPP specifications.

SIP Digest, as specified in Annex N, shall be used when TLS access security, as specified in Annex O, is used.

The provisions in Annex O are optional for implementation. The provisions in Annex O are optional for use.

NOTE 2: If the risk of man-in-the-middle attacks in the access network between UE and P-CSCF cannot be ruled out then the operator should configure the UEs such that the UEs always use either TLS, according to Annex O, or IPsec, according to the main body or Annex M, or abort the communication. Otherwise, there is a risk of a man-in-the-middle bidding down the UE to "no signalling security" without the P-CSCF even noticing, even when both, the UE and P-CSCF support TLS and want to use it.

O.1.2 Confidentiality protection

Operators shall take care that the deployed confidentiality protection solution and roaming agreements fulfils the confidentiality requirements presented in the local privacy legislation.

When TLS is used to protect signalling information between the UE and the P‑CSCF, the following confidentiality mechanisms are provided for TLS based access security:

1. Negotiation of TLS related confidentiality protection features shall take place at the TLS layer as specified in clause O.2.

2. The UE shall always offer TLS CipherSuites to the P-CSCF to be used for the session, as specified in clause O.2.1.

3. The P-CSCF shall decide which TLS CipherSuites are used.

Confidentiality between CSCFs, and between CSCFs and the HSS shall rely on mechanisms specified by Network Domain Security in TS 33.210 [5].

O.1.3 Integrity protection

When TLS is used to protect signalling information between the UE and the P‑CSCF, the following integrity mechanisms are provided for TLS based access security:

1. Negotiation of TLS related integrity protection features shall take place at the TLS layer.

2. The UE shall always offer TLS CipherSuites for P-CSCF to be used for the session, as specified in clause O.2.1.

3. The P-CSCF shall decide which TLS CipherSuites are used.

4. The UE and the P- CSCF shall both verify that the data is sent and received within the TLS connection. This verification is also used to detect if the received data has been tampered with.

5. Replay attacks and reflection attacks shall be mitigated by using the mechanism provided by TLS.

6. UE and P-CSCF shall verify the identities of the TLS session endpoints according to clause O.2.1.

Integrity protection between CSCFs and between CSCFs and the HSS shall rely on mechanisms specified by Network Domain Security in TS 33.210 [5].

O.1.4 TLS integrity protection indicator

For non-Initial REGISTER messages protected by TLS according to this Annex, the P-CSCF shall attach an appropriate indicator to the message when forwarding it to the S-CSCF. This indicator shall enable the S-CSCF to distinguish between protection by IPsec according to the main body or Annex M and protection by TLS according to this Annex. For more details on the use of this indicator cf. clause O.2.2. When a REGISTER message is not protected by TLS the P-CSCF shall not include any indication about integrity protection by TLS in the messages.