The Third Generation Partnership Project (3GPP)2was established in December
1998 by the signing of ”The 3rd Generation Partnership Project Agreement”. It is a collaboration agreement that unifies telecommunications standards bodies known as ”Organizational Partners”. These Organizational Partners currently include:
• Association of Radio Industries and Businesses (ARIB) 3
• European Telecommunications Standards Institute (ETSI) 4
• China Communications Standards Association (CCSA) 5
• Alliance for Telecommunications Industry Solutions (ATIS, T1) 6
• Telecommunications Technology Association (TTA) 7
• Telecommunication Technology Committee (TTC) 8
In addition to the Organizational Partners there are Market Representation Part- ners, which provide the partnership with a ”consolidated view of market require- ments” [www3GPP]. These partners include the GSM Association 9, the UMTS
Forum 10, 3G Americas 11, the IPv6 Forum12, and more. Note that this is not an
exhaustive list.
3GPP was established to publish technical specifications. Its original scope was: ”to produce globally applicable Technical Specifications and Technical Reports for a 3rd Generation Mobile System based on evolved GSM core networks and the radio access technologies that they support (i.e. Universal Terrestrial Radio Ac- cess (UTRA) both Frequency Division Duplex (FDD) and Time Division Duplex (TDD) modes). The scope was subsequently amended to include the maintenance
2http://www.3gpp.org/ 3http://www.arib.or.jp/english/html/arib/index.html 4http://www.etsi.org/ 5http://www.ccsa.org.cn/english/intro.php 6http://www.atis.org/ 7http://www.tta.or.kr/English/new/main/index.htm 8http://www.ttc.or.jp/e/index.html 9http://www.gsmworld.com/index.shtml 10http://www.umts-forum.org/servlet/dycon/ztumts/umts/Live/en/umts/Home 11http://www.3gamericas.org/English/index.cfm 12http://www.ipv6forum.org/
and development of the Global System for Mobile communication (GSM) Techni- cal Specifications and Technical Reports including evolved radio access technologies (e.g. General Packet Radio Service (GPRS) and Enhanced Data rates for GSM Evolution (EDGE)).” [www3GPP]
The following list introduces the main 3GPP specifications that are relevant to this thesis.
3GPP TS 33.919 [TS33.919], Generic Authentication Architecture (GAA); Sys- tem description.
Many services require mutual authentication between the UE and the appli- cation server. ”Since a lot of applications share this common need for a peer authentication mechanism, it has been considered useful to specify a Generic Authentication Architecture (GAA). This GAA describes a generic archi- tecture for peer authentication that can a priori serve for any (present and future) application.” [TS33.919] This document describes the framework for the GAA and how the different building blocks are combined to provide a secure infrastructure.
3GPP TS 33.220 [TS33.220], Generic bootstrapping architecture.
This specification is the general description of the GBA and defines require- ments of all involved components such as BSF, NAF, reference points and transmitted values.
3GPP TS 24.109 [TS24.109], Bootstrapping interface (Ub) and network appli- cation function interface (Ua); Protocol details.
This document defines the Ub interface and the bootstrapped security as- sociation usage over the Ua interface. ”The purpose of the Ub interface is to create a security association between UE and BSF for further usage in GAA applications. The purpose of the Ua interface is to use the so created bootstrapped security association between UE and NAF for secure communi- cation.” [TS24.109]
3GPP TS 33.222 [TS33.222], Access to network application functions using Hy- pertext Transfer Protocol over Transport Layer Security (HTTPS).
This specification defines stage 3 for the Authentication Proxy usage which provides secure access to the NAF using HTTP over TLS.
3GPP TS 29.109 [TS29.109], Zh and Zn Interfaces based on the Diameter pro- tocol.
Diameter interfaces. Note that this specification is partly based on re-usage of Cx interface messages such as Multimedia-Auth-Request and Multimedia- Auth-Answer that have originally been defined for usage between CSCF and HSS.
S3-060608-TS33.223-GBA-Push-v0.1.0 [TS33.223], Generic Bootstrapping Ar- chitecture (GBA) Push Function.
This document is still in a very draft status. It was published in August 2006 and many details are still missing. This is why it currently has no impact on the implementation. It is a functional add-on for the GAA. The GBA Push Function is a mechanism to bootstrap a security association between the NAF and the UE, without forcing the UE to contact the BSF to initiate the bootstrapping procedure. ”The adoption of GAA by other stan- dardization bodies showed that some services can not make the assumption that the User Equipment (UE) has always the possibility to connect to the Bootstrapping Server Function (BSF). Hence, this specification introduces and specifies a GBA Push Function. [TS33.223].
As GBA-push is not considered by the implementation, it will not be ex- plained in detail. The specification is given here simply to allow a broad overview of the specification spectrum. Please refer to [TS33.223] for more details on the GBA Push Function.
3GPP TS 33.221 [TS33.221], Support for subscriber certificates.
This document specifies subscriber certificate distribution and signaling pro- cedures for support of issuing certificates to subscribers. The Implementa- tion currently offers subscriber certificate enrollment for Mozilla Firefox and Internet Explorer browsers only.
3GPP TS 33.920 [TS33.920], SIM card based Generic Bootstrapping Architec- ture (GBA) Early implementation feature.
”3GPP defined the Generic Bootstrapping Architecture (GBA) in Release 6. The Release 6 GBA is based on 3G USIMs and ISIMs, i.e., 3G GBA [TS33.220]. The security level of 3G Authentication and Key Agreement is higher than the 2G SIM authentication. On the other hand, there are more than one billion people with SIMs in their phones and it will take long time to provision UICCs capable of 3G authentication to such a large population. Meanwhile there should be a way to offer services whose authentication is based on GAA also to 2G subscribers. [...] It should be noted that the work outlined in this feature does not require any change to the existing SIM spec- ifications, in particular GBA U as in 3G GBA will not be included in 2G GBA.” [TS33.920]
Again, this document is listed here to give a complete overview of the spec- ification landscape related to GAA and GBA.