D.1 The need for security protection

33.2103GPPIP network layer securityNetwork Domain Security (NDS)Release 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The control plane in question is used to transfer signalling messages in UTRAN/GERAN IP transport network. The UTRAN IP transport option is specified in Rel-5 UTRAN Technical Specifications. UTRAN Iu interface signalling transport is specified in 3GPP TS 25.412 [28] and Iur interface signalling transport in TS 25.422 [38]. The architecture for the UTRAN Iuh/Iurh interfaces is specified in 3GPP TS 25.467 [39], stage 3 specification is contained in 3GPP TS 25.468 [40] and TS 25.471 [41]. Based on the known security threats in IP networking, the traffic shall be protected properly. This is in order not to restrict the application of IP in UTRAN and GERAN only to closed network environments.

The security solution for IP based UTRAN/GERAN transport shall follow the principles introduced in the NDS/IP since the IPsec provides application independent security solution for all IP traffic.

Iu/Iuh and Iur/Iurh interfaces are carrying information that is classified as sensitive. Iu/Iuh and Iur/Iurh are used for conveying e.g. subscriber specific security keys. These keys are vital for the end-user security. Hence Iu/Iuh and Iur/Iurh shall be encrypted along with the integrity check.