|
TECHNICAL SPECIFICATION
Digital cellular telecommunications system (Phase 2+) (GSM);
Universal Mobile Telecommunications System (UMTS);
LTE;
Telecommunication management;
Security services for Integration Reference Point (IRP);
Information Service (IS)
(3GPP TS 32.372 version 15.0.0 Release 15)
---------------------- Page: 1 ----------------------
3GPP TS 32.372 version 15.0.0 Release 15 1 ETSI TS 132 372 V15.0.0 (2018-11)
Reference
RTS/TSGS-0532372vf00
Keywords
GSM,LTE,UMTS
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
If you find errors in the present document, please send your comment to one of the following services:
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2018.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
TM TM
3GPP and LTE are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI
---------------------- Page: 2 ----------------------
3GPP TS 32.372 version 15.0.0 Release 15 2 ETSI TS 132 372 V15.0.0 (2018-11)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP).
The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or
GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables.
The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under
.
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
---------------------- Page: 3 ----------------------
3GPP TS 32.372 version 15.0.0 Release 15 3 ETSI TS 132 372 V15.0.0 (2018-11)
Contents
Intellectual Property Rights . 2
Foreword . 2
Modal verbs terminology . 2
Foreword . 4
Introduction . 4
1 Scope . 6
2 References . 6
3 Definitions and abbreviations . 6
3.1 Definitions . 6
3.2 Abbreviations . 7
4 System overview . 7
4.1 System context . 7
4.2 Security Architecture . 8
4.2.1 Security Features offered by IP Transport Network (IPsec or NDS) . 8
4.2.2 Limitations of IP transport layer security . 9
4.3 Compliance rules . 9
5 Security Services . 9
5.1 Authentication Security Service . 10
5.1.1 Mutual Authentication . 10
5.2 Authorization Security Service . 11
5.3 Activity Log Security Service . 12
5.4 File Integrity Security Service . 12
6 Information Object Classes . . 12
6.1 Class diagram . 12
6.1.1 Attributes and Relationships . 13
6.1.1.1 Class Diagram . 13
6.2 Information Object Class Definitions . 13
6.2.1 Credential . 13
6.2.1.1 Definition . 13
6.2.1.2 Attributes . 13
6.2.2 Signature . 13
6.2.2.1 Definition . 13
6.2.2.2 Attributes . 13
6.4 Information attribute definition . 13
6.4.1 Definition and legal values . 13
7 Interface definition . 13
7.1 Credential transfer interface . 14
7.2 Signature transfer Interface . 14
Annex A(informative): Change history . 15
History . 16
ETSI
---------------------- Page: 4 ----------------------
3GPP TS 32.372 version 15.0.0 Release 15 4 ETSI TS 132 372 V15.0.0 (2018-11)
Foreword
rd
This Technical Specification has been produced by the 3 Generation Partnership Project (3GPP).
The contents of the present document are subject to continuing work within the TSG and may change following formal
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an
identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x the first digit:
1 presented to TSG for information;
2 presented to TSG for approval;
3 or greater indicates TSG approved document under change control.
y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections,
updates, etc.
z the third digit is incremented when editorial only changes have been incorporated in the document.
Introduction
rd
The present document is part of a TS-family covering the 3 Generation Partnership Project; Technical Specification
Group Services and System Aspects; Telecommunication management; as identified below:
32.371: "Security Management concept and requirements".
32.372: "Security services for Integration Reference Points (IRP); Information Service (IS)".
32.376: "Security services for Integration Reference Point (IRP); Solution Set (SS) definitions".
In 3GPP SA5 context, IRPs are introduced to address process interfaces at the Itf-N interface. The Itf-N interface is
built up by a number of Integration Reference Points (IRPs) and a related Name Convention, which realise the
functional capabilities over this interface. The basic structure of the IRPs is defined in 3GPP TS 32.101 [1] and
3GPP TS 32.102 [2]. An IRP consists of IRPManager and IRPAgent. Usually there are three types of transaction
between IRPManager and IRPAgent, which are operation invocation, notification, and file transfer.
However, there are different types of intentional threats against the transaction between IRPManagers and IRPAgents.
All the threats are potential risks of damage or degradation of telecommunication services, which operators should take
measures to reduce or eliminate to secure the telecommunication service, network, and data.
By introducing Security Management, the present document describes security mechanisms to relieve the threats
between IRPManagers and IRPAgents.
As described in 3GPP TS 32.101 [1], the architecture of Security Management is divided into two layers:
Layer A - Application Layer.
Layer B - O&M IP Network.
The threats and Security Management requirements of different layers are different, which should be taken into account
respectively.
3GPP defines three types of IRP specifications, (see 3GPP TS 32.102 [2]). One type relates to the definitions of the
interface deployed across the Itf-N. These definitions need to be agreed between the IRPManagers and IRPAgents so
that meaningful communication can occur between them. An example of this type is the Alarm IRP.
ETSI
---------------------- Page: 5 ----------------------
3GPP TS 32.372 version 15.0.0 Release 15 5 ETSI TS 132 372 V15.0.0 (2018-11)
The other two types (NRM IRP and Data Definition IRP) relate to the network resource model (schema) of the managed
network. This network schema needs to be agreed between the IRPManagers and IRPAgents so that the IRPAgent can
provide network management services to the IRPManager. An example of this type is the UTRAN NRM IRP.
This Information Service specification is applicable to the Interface IRP specifications. That is to say, it is concerned
only with the security aspects of operations/notifications/files deployed across the Itf-N.
ETSI
---------------------- Page: 6 ----------------------
3GPP TS 32.372 version 15.0.0 Release 15 6 ETSI TS 132 372 V15.0.0 (2018-11)
1 Scope
The purpose of the present document is to specify the necessary security features, services and functions to protect the
network management data, including Requests, Responses, Notifications and Files, exchanged across the Itf-N.
The present document specifies the Security Service for IRP Information Service.
This Security Service for IRP IS defines the semantics of management information visible across the Itf-N in a protocol
and technology neutral way. It does not define the syntax or encoding of the operations and their parameters.
This Information Service specification is related to 3GPP TS 32.371 [6].
2 References
The following documents contain provisions that, through reference in this text, constitute provisions of the present
document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including
a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same
Release as the present document.
[1] 3GPP TS 32.101: "Telecommunication management; Principles and high level requirements".
[2] 3GPP TS 32.102: "Telecommunication management; Architecture".
[3] ITU-T Recommendation M.3016 (1998): "TMN security overview".
[4] 3GPP TS 33.102: "3G security; Security architecture".
[5] ITU-T Recommendation X.800: "Security Architecture for OSI for CCITT Applications".
[6] 3GPP TS 32.371: "Telecommunication management; Security Management concept and
requirements".
[7] 3GPP TS 32.150: "Telecommunication management; Integration Reference Point (IRP) Concept
and definitions".
[8] 3GPP TS 32.373: "Telecommunication management; Security Service for Integration Reference
Point (IRP):Common Object Request Broker Architecture (CORBA) Solution".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply.
IRP: See 3GPP TS 32.101 [1].
IRPAgent: See 3GPP TS 32.102 [2].
IRPManager: See 3GPP TS 32.102 [2].
Operations System (OS): indicates a generic management system, independent of its location level within the
management hierarchy
The present document makes use of the following terms and definitions from 3GPP TS 32.371 [6]:
ETSI
---------------------- Page: 7 ----------------------
3GPP TS 32.372 version 15.0.0 Release 15 7 ETSI TS 132 372 V15.0.0 (2018-11)
access control: prevention of unauthorized use of a resource, including the prevention of use of a resource in an
unauthorized manner
authentication: See data origin authentication and peer element authentication in 3GPP TS 32.371 [6].
authorization: granting of rights, which includes the granting of access based on access rights
credential: Authentication and Authorization data that can be used to authenticate the claimer is what it claims to be
and authorize the claimer's access rights
signature: cryptographic information appended to the transferred management information that allows a receiver to
verify integrity of the transferred management information.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
CM Configuration Management
EM Element Manager
IOC Information Object Class
IRP Integration Reference Point
IS Information Service (see 3GPP TS 32.101 [1])
Itf-N Interface N
NDS Network Domain Security
NE Network Element
NM Network Manager
NRM Network Resource Model
OS Operations System
PM Performance Management
SAS Security Attribute Service
TMN Telecom Management Network
UML Unified Modelling Language (OMG)
UMTS Universal Mobile Telecommunications System
...