P.1 Scope of this Annex

33.2033G Security3GPPAccess security for IP-based servicesTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

This Annex is meant to ensure that the same IMS core network entities can be used to support various authentication schemes defined for Common IMS. In this context, rules are developed how an x‑CSCF can decide from a registration request which authentication scheme to apply. If these rules are not adhered to compatibility problems may arise.

The following authentication schemes are taken into account in this Annex:

– IMS AKA without and with NAT traversal;

– IMS AKA over TLS (used for WebRTC over IMS);

– GPRS-IMS-Bundled Authentication (GIBA);

– NASS-IMS-bundled authentication (NBA);

– SIP Digest authentication (with or without TLS);

– Trusted Node Authentication (TNA).

These authentication schemes are specified in the following places:

– IMS AKA without NAT traversal is specified in the main body of this specification;

– IMS AKA with NAT traversal is specified in Annex M of this specification;

– IMS AKA over TLS is specified in Annex X of this specification;

– SIP Digest without TLS is specified in Annex N of this specification;

– SIP Digest with TLS is specified in Annexes N and O of this specification;

– NASS-IMS-bundled authentication is specified in Annex R of this specification;

– GPRS-IMS-Bundled Authentication is specified in Annex T of this specification;

– Trusted Node Authentication is specified in Annex U of this specification.