3 Definitions, symbols and abbreviations
33.2103GPPIP network layer securityNetwork Domain Security (NDS)Release 17TS
3.1 Definitions
For the purposes of the present document, the terms and definitions given in 3GPP TR 21.905 [2] and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in 3GPP TR 21.905 [2].
Anti-replay protection: Anti-replay protection is a special case of integrity protection. Its main service is to protect against replay of self-contained packets that already have a cryptographical integrity mechanism in place.
Confidentiality: The property that information is not made available or disclosed to unauthorised individuals, entities or processes.
Data integrity: The property that data has not been altered in an unauthorised manner.
Data origin authentication: The corroboration that the source of data received is as claimed.
Entity authentication: The provision of assurance of the claimed identity of an entity.
Key freshness: A key is fresh if it can be guaranteed to be new, as opposed to an old key being reused through actions of either an adversary or authorised party.
NDS/IP Traffic: Traffic that requires protection according to the mechanisms defined in this specification.
NDS/IP-networks: 3GPP and fixed broadband networks.
IPsec Security Association: A unidirectional logical connection created for security purposes. All traffic traversing a SA is provided the same security protection. The SA itself is a set of parameters to define security protection between two entities. A IPsec Security Association includes the cryptographic algorithms, the keys, the duration of the keys, and other parameters.
Security Domain: Networks that are managed by a single administrative authority. Within a security domain the same level of security and usage of security services will be typical.
Transit Security Domain: A security domain, which is transmitting NDS/IP traffic between other security domains.
Transport mode: Mode of operation that primarily protects the payload of the IP packet, in effect giving protection to higher level layers.
Tunnel mode: Mode of operation that protects the whole IP packet by tunnelling it so that the whole packet is protected.
3.2 Symbols
For the purposes of the present document, the following symbols apply:
Gi Reference point between GPRS and an external packet data network
Gn Interface between two GSNs within the same PLMN
Gp Interface between two GSNs in different PLMNs. The Gp interface allows support of GPRS network services across areas served by the co-operating GPRS PLMNs
Mm Interface between a CSCF and an IP multimedia network
Mw Interface between a CSCF and another CSCF
Za Interface between SEGs belonging to different networks/security domains
Zb Interface between SEGs and NEs and interface between NEs within the same network/security domain
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAA Authentication Authorization Accounting
AES Advanced Encryption Standard
AH Authentication Header
BG Border Gateway
CS Circuit Switched
CSCF Call Session Control Function
DES Data Encryption Standard
DoI Domain of Interpretation
ESP Encapsulating Security Payload
GTP GPRS Tunnelling Protocols
IESG Internet Engineering Steering Group
IETF Internet Engineering Task Force
IKE Internet Key Exchange
IKEv2 Internet Key Exchange version 2
IP Internet Protocol
IPsec IP security – a collection of protocols and algorithms for IP security incl. key mngt.
ISAKMP Internet Security Association Key Management Protocol
IV Initialisation Vector
MAC Message Authentication Code
NAT Network Address Translator
NDS Network Domain Security
NDS/IP NDS for IP based protocols
NE Network Entity
PS Packet Switched
SA Security Association
SAD Security Association Database (sometimes also referred to as SADB)
SEG Security Gateway
SIP Session Initiation Protocol
SPD Security Policy Database (sometimes also referred to as SPDB)
SPI Security Parameters Index
TISPAN Telecoms & Internet converged Services & Protocols for Advanced Networks
TrGW Transition Gateway