R.2 Use Cases and Limitations

33.2033G Security3GPPAccess security for IP-based servicesTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The main use case for NASS-IMS-bundled authentication is to provide access to the IMS network for legacy equipment that cannot support the IMS access security (see clause 6.1). This is also reflected by the requirements in ETSI TS 187 001 [37] (see clause 4.2, Early Deployments), which requires the possibility to link NASS and IMS authentication so that it is possible to reuse the authentication of the NASS to gain access to IMS. It is the responsibility of the end user to ensure the protection between the entity providing access level authentication and the entity including the IMS application.

NASS-IMS-bundled authentication has a number of deployment requirements which restricts its usage for general usage. This includes:

– The access network provides sufficient means to assure the IMS layer that a specific UE/user is connecting from a specific location.

– The access network provides sufficient means for confidentiality and integrity of the signalling communication.

– The access network is providing anti-IP spoofing mechanisms.

– Nomadicity (and roaming) is not possible as the user is fixed to a specific location and the access network and IMS network need to be tightly coupled.