H.3 Ua security protocol identifiers for 3GPP specified protocols

33.2203GPPGeneric Authentication Architecture (GAA)Generic Bootstrapping Architecture (GBA)TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The following Ua security protocol identifiers are specified by 3GPP:

( 0x01,0x00,0x00,0x00,0x00 ) Ua security protocol according to TS 33.221 [5].

( 0x01,0x00,0x00,0x00,0x01 ) Ua security protocols according to TS 33.246 [26].

NOTE 1: TS 33.246 [26] provides key separation between the keys that are used within HTTP digest and MIKEY protocols.

( 0x01,0x00,0x00,0x00,0x02) Ua security protocol HTTP digest authentication according to TS 24.109 [29], unless HTTP digest authentication is used in the context of another Ua security protocol, which is already covered elsewhere in this Annex.

( 0x01,0x00,0x00,0x00,0x03 ) Ua security protocols used with HTTP-based security procedures for MBMS user services according to TS 26.237 [38].

( 0x01,0x00,0x00,0x00,0x04 ) Ua security protocols used with SIP-based security procedures for MBMS user services according to TS 26.237 [38].

( 0x01,0x00,0x00,0x00,0x05 ) Ua security protocols used with Generic Push Layer according to TS 33.224 [39], unless Generic Push Layer is used in the context of another Ua security protocol, which is already covered elsewhere in this Annex.

( 0x01,0x00,0x00,0x00,0x06 ) Ua security protocol for IMS UE to KMS http based message exchanges according to "IMS media plane security", TS 33.328 [40]

( 0x01,0x00,0x00,0x00,0x07 ) Ua security protocol for shared key TLS 1.3 given in clause 5.4.0.2 of TS 33.222 [25].

( 0x01,0x00,0x00, 0x01,0x00 ) Generation of TMPI according to Annex B.4.

NOTE 2: This protocol identifier is not strictly a Ua protocol identifier, but its use in key derivation function is exactly equal.to a Ua protocol identifier.

( 0x01,0x00,0x01,yy,zz ) Ua security protocol for "Shared key-based UE authentication with certificate-based NAF authentication", according to TS 33.222 [25] section 5.3, or "Shared key-based mutual authentication between UE and NAF" for TLS 1.2 (see above for Ua security protocol identifier for TLS 1.3 with shared keys), according to TS 33.222 [25] section 5.4.0.1. Here, "yy,zz" is the protection mechanism CipherSuite code according to the defined values for TLS CipherSuites in the IANA TLS Cipher Suite Registry which is referenced in RFC 8446 [59].

NOTE 3: The "Certificate based mutual authentication between UE and NAF” according to TS 33.222 [25] section 5.5 does not require a Ua protocol identifier.

NOTE 4: As an example: The TLS 1.2 CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 has code = { 0xC0,0x2B }, thus the according protocol identifier shall be ( 0x01,0x00,0x01, 0xC0,0x2B ).

( 0x01,0x00,0x02,yy,zz ) Ua security protocol for "Shared key-based UE authentication with certificate-based NAF authentication", according to TS 33.222 [25] Annex D. Here, "yy,zz" is the protection mechanism CipherSuite code according to the defined values for TLS CipherSuites in the IANA TLS Cipher Suite Registry which is referenced in RFC 8446 [59]. This Ua security protocol identifier is used for the case outlined in TS 33.222 [5] Annex D, where e.g. HTML FORM based authentication is used within a TLS tunnel.

NOTE 4: The third octet (0x02) distinguish this case from other protocols tunneled inside the TLS tunnel.

Annex I (normative):
2G GBA