R.1 Overview

33.2033G Security3GPPAccess security for IP-based servicesTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The main objectives and requirements on NASS-IMS-bundled authentication is that it shall be possible to gain access to IMS based on successful access level (NASS, cf. ETSI ES 282 004 [36]) authentication (see requirements for Early Deployments in ETSI TS 187 001 [37]). In practice this is achieved by associating an IMS identity with a fixed specific location from where it is authorized to access from.

When registering to the IMS subsystem, the location of where the UE is accessing from is verified by the NASS (which also handles the authentication / authorization) and if the NASS location is equal to the provisioned location, the UE is authorized to access IMS.

It is assumed that there exist a strong relationship between the access network and the IMS network, and that the NASS location of the UE can be provisioned in the user profile of the HSS.