T.2 Requirements

33.2033G Security3GPPAccess security for IP-based servicesTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The following requirements apply for GPRS-IMS-Bundled Authentication (GIBA):

Low impact on existing entities: GIBA should be such that impacts on existing entities, especially on the UE, are minimised and would be quick to implement. It is especially important to minimise impact on the UE to maximise interoperability with early IMS UEs.

Adequate level of security: Although it is recognised that the GIBA solution will be simpler than the fully compliant IMS security solution as specified in the main body of this specification, it should still provide an adequate level of security to protect against the most significant security threats that will exist in early IMS implementations. As a guide, the strength of subscriber authentication should be comparable to the level of authentication provided for existing chargeable services in mobile networks.

Smooth and cost effective migration path to fully compliant solution: Clearly, any security mechanisms developed for early IMS systems will provide a lower level of protection compared with that offered by the fully compliant IMS security solution. The security mechanisms developed for early IMS systems should therefore be considered as an interim solution and migration to the fully compliant IMS security solution should take place as soon as suitable products become available at an acceptable cost. In particular, the GIBA solution should not be used as a long-term replacement for the fully compliant IMS security solution. It is important that the GIBA solution allows a smooth and cost-effective migration path to the fully compliant IMS security solution.

Co-existence with fully compliant solution: It is clear that UEs supporting the GIBA solution will need to be supported even after fully compliant IMS UEs are deployed. The GIBA solution should therefore be able to co-exist with the fully compliant IMS security solution. In particular, it shall be possible for the SIP/IP core to differentiate between a subscription using the GIBA mechanism and a subscription using the fully compliant IMS security solution.

Protection against bidding down: It should not be possible for an attacker to force the use of the GIBA solution when both the UE and the network support the fully compliant IMS security solution.

No restrictions on the type of charging model: Compared with fully compliant IMS security solution, the GIBA solution should not impose any restrictions on the type of charging model that can be adopted.

Impact on interfaces: Interfaces that are impacted by the GIBA solution should be adequately documented to ensure interoperability between vendors.

Support access over 3GPP PS domain: It is a requirement to support secure access over the 3GPP GPRS/UMTS access.

Low impact on provisioning: The impact on provisioning should be low compared with the fully compliant IMS security solution.