1. Page 1 January 16, 2008 Source: 3GPP2 TSG-S WG4 (Security) Contacts: Anand Palanigounder, Chair, TSG-S WG4 ( apg@qualcomm.com )apg@qualcomm.com Zhibi Wang, Vice Chair, TSG-S WG4 ( zhibiwang@alcatel-lucent.com )zhibiwang@alcatel-lucent.com ABSTRACT: Identifies the IMS Security framework differences between 3GPP and 3GPP2 Notice: Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. Contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. Contributors specifically reserve the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above. Differences between 3GPP2 and 3GPP IMS Security Framework – An Analysis 3GPP2 TSG-S WG4 (Security)

2. Page 2 3GPP2 IMS Security Framework (from 3GPP2 S.S0086-B)

3. Page 3 3GPP2 IMS security Framework - Reference point definitions/differences Overview IMS Security Frameworks specified in 3GPP2 S.S0086-B IMS Access Security (Ref point 1) ISIM is replaced with Secure Memory Differences in terms of security mechanisms allowed Details are in slide #4 Network Domain Security (NDS) Ref 2, 3, 4/5 definitions are same as in 3GPP, but the NDS requirements are somewhat different Ref 6/7 not available in 3GPP Ref 6 is between HSS and SIP AS in external networks Ref 7 is between CSCF and SIP AS in external networks Details are in slide #7

4. Page 4 IMS Access Security Differences Security mechanisms negotiated using RFC 3329 in 3GPP2 IMS are: tls, digest, ipsec-ike, ipsec-man, and ipsec-3gpp ipsec-3gpp specified, but other mechanisms currently refer to SIP RFC 3261 However, support of “ipsec-3gpp” using IMS AKA mandatory Only transport mode currently specified 3GPP IMS supports only “ipsec-3gpp” using IMS AKA Supports transport mode, tunnel mode with UDP encapsulation for NAT traversal 3GPP2 IMS can reuse tunnel mode with UDP encapsulation for NAT traversal as specified in 3GPP 3GPP Rel-8 Common IMS added support for: tls, digest (for CableLabs/TISPAN) 3GPP2 can reuse tls and digest as profiled in 3GPP Rel-8 IMS

5. Page 5 Use of Secure Memory within UE In 3GPP IMS, use of smart card is mandatory Either ISIM or USIM required Specified AKA algorithms are only examples 3GPP2 IMS, Secure Memory within a UE is used for IMS (i.e., smartcard is not mandatory for IMS access) The secure memory includes (among other non-security functionalities): –The IMPI; –At least one IMPU; –Home Network Domain Name; –Support for sequence number checking in the context of the IMS Domain; –The cdma2000 AKA algorithms (i.e., mandatory to support the cdma2000 AKA algorithms) –An authentication Key. Secure Memory can be realized either using an UIM (built into UE), R-UIM or an ISIM.

6. Page 6 Network Domain Security Architecture

7. Page 7 Network Domain Security 3GPP NDS requires use of Security Gateway (SEG) for Za with IPSec in tunnel mode Use of SEG for Zb optional Zb also supports IPSec in transport mode Required to support 3DES and AES for encryption and HMAC-MD5 and HMAC-SHA1 for integrity 3GPP NDS is not just applicable to IMS, but generally used to secure any IP traffic in 3GPP networks 3GPP2 NDS only applicable to IMS supports mesh connection between two networks or network elements. Support of IPSec in tunnel mode mandatory but use is optional –use of SEG is optional –Can also be used in transport mode (for both Za and Zb) Also, allows the use of TLS Cipher suites requirements not as stringent as 3GPP NDS – only minimum security requirements are defined

8. Page 8 Conclusion IMS Security architectures between 3GPP and 3GPP2 are similar in many respects However, there are some subtle differences to meet cdma2000 market requirements These differences need to be documented in 3GPP TSs Two Change Requests (CRs) are proposed for 3GPP consideration as part of common IMS One CR to 3GPP TS 33.203 incorporating IMS Access Security related specification text from 3GPP2 S.S0086-B –3GPP2 can re-use TLS, Digest, and IPSec tunnel mode with UDP Encapsulation as specified by 3GPP (as included in this CR) Another CR to 3GPP TS 33.210 incorporating IMS Network Domain Security related specification text from 3GPP2 S.S0086-B